function change_user_details($user_name, $user_email, $user_password)
{
$user_id = $_SESSION['user_id'];
if (validate_user_name($user_name) != true) {
return '<span class="error_span">Name must be <u>letters only</u> and be <u>2 to 12 letters long</u>. If your name is longer, use a short version of your name</span>';
}
if (validate_user_email($user_email) != true) {
return '<span class="error_span">Email must be a valid email address and be no more than 50 characters long</span>';
} elseif (validate_user_password($user_password) != true && !empty($user_password)) {
return '<span class="error_span">Password must be at least 4 characters</span>';
} elseif (user_name_exists($user_name, $conn) == true && $user_name != $_SESSION['user_name']) {
return '<span class="error_span">Name is already in use. If you have the same name as someone else, use another spelling that identifies you</span>';
} elseif (user_email_exists($user_email) == true && $user_email != $_SESSION['user_email']) {
return '<span class="error_span">Email is already registered</span>';
} else {
if (empty($user_password)) {
mysqli_query($conn, "UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysqli_error($conn)) . '</span>');
} else {
$user_password = encrypt_password($user_password);
mysqli_query($conn, "UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}', user_password='******' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysqli_error($conn)) . '</span>');
}
mysqli_query($conn, "UPDATE " . global_mysql_reservations_table . " SET reservation_user_name='{$user_name}', reservation_user_email='{$user_email}' WHERE reservation_user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysqli_error($conn)) . '</span>');
$_SESSION['user_name'] = $user_name;
$_SESSION['user_email'] = $user_email;
$user_password = strip_salt($user_password);
setcookie(global_cookie_prefix . '_user_email', $user_email, time() + 3600 * 24 * intval(global_remember_login_days));
setcookie(global_cookie_prefix . '_user_password', $user_password, time() + 3600 * 24 * intval(global_remember_login_days));
return 1;
}
}
function remindme($lang)
{
$with_name = true;
$with_captcha = true;
$action = 'init';
if (isset($_POST['remindme_send'])) {
$action = 'remindme';
}
$login = $confirmed = $code = $token = false;
if (!empty($_SESSION['login'])) {
$login = $_SESSION['login'];
} else {
if (!empty($_SESSION['user']['name'])) {
$login = $_SESSION['user']['name'];
} else {
if (!empty($_SESSION['user']['mail'])) {
$login = $_SESSION['user']['mail'];
}
}
}
switch ($action) {
case 'remindme':
if (isset($_POST['remindme_login'])) {
$login = strtolower(strflat(readarg($_POST['remindme_login'])));
}
if (isset($_POST['remindme_confirmed'])) {
$confirmed = readarg($_POST['remindme_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['remindme_code'])) {
$code = readarg($_POST['remindme_code']);
}
if (isset($_POST['remindme_token'])) {
$token = readarg($_POST['remindme_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_login = false;
$bad_login = false;
$missing_confirmation = false;
$email_sent = false;
$user_page = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'remindme':
if (!isset($_SESSION['remindme_token']) or $token != $_SESSION['remindme_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['remindme']) ? $_SESSION['captcha']['remindme'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$login) {
$missing_login = true;
} else {
if ((!validate_user_name($login) or !is_user_name_allowed($login)) and (!validate_mail($login) or !is_mail_allowed($login))) {
$bad_login = true;
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'remindme':
if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_confirmation) {
break;
}
require_once 'models/user.inc';
$user_id = user_find($login);
if (!$user_id) {
$bad_login = true;
require_once 'log.php';
write_log('password.err', substr($login, 0, 40));
break;
}
$user = user_get($user_id);
if (!$user) {
$internal_error = true;
break;
}
if (!$user['user_active'] or $user['user_banned']) {
$bad_login = true;
break;
}
require_once 'newpassword.php';
$newpassword = newpassword();
if (!user_set_newpassword($user_id, $newpassword)) {
$internal_error = true;
break;
}
require_once 'emailcrypto.php';
global $sitename, $webmaster;
$to = $user['user_mail'];
$subject = translate('email:new_password_subject', $lang);
$msg = translate('email:new_password_text', $lang) . "\n\n" . translate('email:salutations', $lang);
if (!emailcrypto($msg, $newpassword, $to, $subject, $webmaster)) {
$internal_error = true;
} else {
$email_sent = $to;
}
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
} else {
if ($email_sent) {
$user_page = url('user', $lang);
}
}
$_SESSION['remindme_token'] = $token = token_id();
$errors = compact('missing_login', 'bad_login', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('email_sent', 'user_page');
$output = view('remindme', $lang, compact('token', 'with_captcha', 'with_name', 'login', 'confirmed', 'errors', 'infos'));
return $output;
}
function Validate_Request()
{
global $persistent;
unset($errors);
foreach ($_REQUEST as $key => $val) {
switch ($key) {
case "first_name":
if (validate_first_name($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "last_name":
if (validate_last_name($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "ID":
if (validate_ID($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "user_name":
if (validate_user_name($val)) {
if (!checkIfUserNameExsists($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
} else {
$persistent[$key] = "";
}
break;
case "pass1":
if (validate_pass1($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "pass2":
if (validate_pass2($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "email":
if (validate_email($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "year_of_birth":
if (validate_YearOfBirth($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "phone":
if (validate_Phone($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "cell_phone":
if (validate_CellPhone($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "city":
if (validate_city($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "street":
if (validate_street($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "house_number":
if (validate_houseNumber($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "father_name":
if (validate_father_name($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "mother_name":
if (validate_mother_name($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "father_phone":
if (validate_father_CellPhone($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "mother_phone":
if (validate_mother_CellPhone($val)) {
$persistent[$key] = $val;
} else {
$persistent[$key] = "";
}
break;
case "memberOfGroup":
$persistent[$key] = $val;
break;
case "year_of_birth":
$persistent[$key] = $val;
break;
case "month_of_birth":
$persistent[$key] = $val;
break;
case "day_of_birth":
$persistent[$key] = $val;
break;
}
}
}
function login($lang)
{
$with_name = true;
$with_captcha = true;
$with_facebook = false;
$with_newuser = true;
$with_newpassword = true;
if ($with_facebook) {
require_once 'facebook.php';
$facebook = facebook();
}
$login = $password = $code = $token = false;
if (isset($_SESSION['login'])) {
$login = $_SESSION['login'];
}
$action = 'init';
if (isset($_POST['login_enter'])) {
$action = 'enter';
}
switch ($action) {
case 'init':
if ($with_facebook) {
$facebook_user = $facebook->getUser();
if ($facebook_user) {
try {
$facebook_user_profile = $facebook->api('/me', 'GET');
if (!empty($facebook_user_profile['email'])) {
$login = $facebook_user_profile['email'];
}
$action = 'facebook';
} catch (FacebookApiException $e) {
}
$facebook->destroySession();
}
}
break;
case 'enter':
if (isset($_POST['login_login'])) {
$login = strtolower(strflat(readarg($_POST['login_login'])));
}
if (isset($_POST['login_password'])) {
$password = readarg($_POST['login_password']);
}
if (isset($_POST['login_code'])) {
$code = readarg($_POST['login_code']);
}
if (isset($_POST['login_token'])) {
$token = readarg($_POST['login_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_login = false;
$bad_login = false;
$missing_password = false;
$access_denied = false;
switch ($action) {
case 'enter':
if (!isset($_SESSION['login_token']) or $token != $_SESSION['login_token']) {
$bad_token = true;
break;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['login']) ? $_SESSION['captcha']['login'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$password) {
$missing_password = true;
}
/* fall thru */
/* fall thru */
case 'facebook':
if (!$login) {
$missing_login = true;
} else {
if (!(validate_user_name($login) or validate_mail($login))) {
$bad_login = true;
}
}
break;
default:
break;
}
switch ($action) {
case 'enter':
case 'facebook':
if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_password) {
break;
}
require_once 'models/user.inc';
$user = user_login($login, $password);
if (!$user) {
$access_denied = true;
require_once 'log.php';
write_log('enter.err', substr($login, 0, 100));
$_SESSION['login'] = $login;
break;
}
$user['ip'] = client_ip_address();
if (in_array('administrator', $user['role'])) {
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'login' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $user['id'] . ' ' . $lang . ' ' . $user['ip'];
@emailme($subject, $msg);
if ($action == 'facebook') {
$access_denied = true;
break;
}
}
session_regenerate();
$_SESSION['user'] = $user;
unset($_SESSION['login']);
unset($_SESSION['login_token']);
return true;
default:
break;
}
$connectbar = false;
if ($with_facebook) {
$scope = 'email';
$facebook_login_url = $facebook->getLoginUrl(compact('scope'));
$connectbar = view('connect', $lang, compact('facebook_login_url'));
}
$password_page = $with_newpassword ? url('password', $lang) : false;
$newuser_page = $with_newuser ? url('newuser', $lang) : false;
$_SESSION['login_token'] = $token = token_id();
$errors = compact('missing_code', 'bad_code', 'missing_login', 'bad_login', 'missing_password', 'access_denied');
$output = view('login', $lang, compact('token', 'connectbar', 'with_captcha', 'with_name', 'password_page', 'newuser_page', 'login', 'errors'));
return $output;
}
function useredit($lang, $user_id)
{
global $system_languages, $supported_roles;
$is_admin = user_has_role('administrator');
$is_owner = $user_id == user_profile('id');
$with_name = true;
$with_status = ($user_id != 1 and $is_admin);
$with_delete = ($user_id != 1 and $is_admin and !$is_owner);
$with_newpassword = false;
// ($user_id != 1 and $is_owner);
$with_locale = count($system_languages) > 1 ? true : false;
$with_role = ($user_id != 1 and $is_admin);
$with_timezone = ($user_id != 1 and $is_admin);
$with_website = true;
$with_info = false;
$confirmed = false;
$action = 'init';
if (isset($_POST['useredit_modify'])) {
$action = 'modify';
}
if ($with_newpassword) {
if (isset($_POST['useredit_change'])) {
$action = 'change';
}
}
if ($with_delete) {
if (isset($_POST['useredit_delete'])) {
$action = 'delete';
} else {
if (isset($_POST['useredit_confirmdelete'])) {
$action = 'delete';
$confirmed = true;
} else {
if (isset($_POST['useredit_cancel'])) {
$action = 'cancel';
}
}
}
}
$user_name = $user_mail = $user_locale = $user_timezone = false;
$user_website = false;
$user_active = $user_banned = false;
$user_accessed = false;
$user_role = false;
$user_newpassword = false;
$user_lastname = $user_firstname = false;
$token = false;
switch ($action) {
case 'init':
case 'reset':
$r = user_get($user_id);
if ($r) {
extract($r);
/* user_name user_password user_newpassword user_seed user_mail user_timezone user_website user_created user_modified user_accessed user_locale user_active user_banned */
}
$user_newpassword = false;
if ($with_info) {
$r = user_get_info($user_id);
if ($r) {
extract($r);
/* user_lastname, user_firstname */
}
}
if ($with_role) {
$user_role = user_get_role($user_id);
}
break;
case 'modify':
case 'change':
case 'delete':
case 'cancel':
if ($with_info) {
if (isset($_POST['useredit_lastname'])) {
$user_lastname = readarg($_POST['useredit_lastname']);
}
if (isset($_POST['useredit_firstname'])) {
$user_firstname = readarg($_POST['useredit_firstname']);
}
}
if (isset($_POST['useredit_name'])) {
$user_name = strtolower(strflat(readarg($_POST['useredit_name'])));
}
if (isset($_POST['useredit_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['useredit_mail'])));
}
if (isset($_POST['useredit_website'])) {
$user_website = strtolower(strflat(readarg($_POST['useredit_website'])));
}
if (isset($_POST['useredit_timezone'])) {
$user_timezone = readarg($_POST['useredit_timezone']);
}
if (isset($_POST['useredit_locale'])) {
$user_locale = readarg($_POST['useredit_locale']);
}
if ($with_role) {
if (isset($_POST['useredit_role'])) {
$user_role = readarg($_POST['useredit_role']);
}
}
if ($with_status) {
if (isset($_POST['useredit_active'])) {
$user_active = readarg($_POST['useredit_active']) == 'on';
}
if (isset($_POST['useredit_banned'])) {
$user_banned = readarg($_POST['useredit_banned']) == 'on';
}
if (isset($_POST['useredit_accessed'])) {
$user_accessed = (int) readarg($_POST['useredit_accessed']);
}
}
if ($with_newpassword) {
if (isset($_POST['useredit_newpassword'])) {
$user_newpassword = readarg($_POST['useredit_newpassword']);
}
}
if (isset($_POST['useredit_token'])) {
$token = readarg($_POST['useredit_token']);
}
break;
default:
break;
}
$bad_token = false;
$missing_lastname = false;
$missing_firstname = false;
$missing_name = false;
$bad_name = false;
$duplicated_name = false;
$missing_mail = false;
$bad_mail = false;
$duplicated_mail = false;
$bad_role = false;
$bad_website = false;
$missing_locale = false;
$bad_locale = false;
$bad_timezone = false;
$missing_newpassword = false;
$bad_newpassword = false;
$account_modified = false;
$password_changed = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'modify':
if (!isset($_SESSION['useredit_token']) or $token != $_SESSION['useredit_token']) {
$bad_token = true;
}
if ($with_info) {
if (!$user_lastname) {
$missing_lastname = true;
}
if (!$user_firstname) {
$missing_firstname = true;
}
}
if ($with_name and !$user_name) {
$missing_name = true;
}
if ($user_name) {
if (!validate_user_name($user_name)) {
$bad_name = true;
} else {
if (!user_check_name($user_name, $user_id)) {
$duplicated_name = true;
}
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail)) {
$bad_mail = true;
} else {
if (!user_check_mail($user_mail, $user_id)) {
$duplicated_mail = true;
}
}
}
if ($user_role) {
foreach ($user_role as $role) {
if (!validate_role($role)) {
$bad_role = true;
break;
}
}
}
if ($user_website) {
if (!validate_website($user_website)) {
$bad_website = true;
} else {
$user_website = normalize_website($user_website);
}
}
if ($user_timezone) {
if (!validate_timezone($user_timezone)) {
$bad_timezone = true;
}
}
if ($with_locale and !$user_locale) {
$missing_locale = true;
}
if ($user_locale) {
if (!validate_locale($user_locale)) {
$bad_locale = true;
}
}
break;
case 'change':
if (!$user_newpassword) {
$missing_newpassword = true;
} else {
if (!validate_password($user_newpassword)) {
$bad_newpassword = true;
}
}
break;
default:
break;
}
$confirm_delete = false;
switch ($action) {
case 'modify':
if ($bad_token or $missing_name or $bad_name or $duplicated_name or $missing_mail or $bad_mail or $duplicated_mail or $bad_role or $bad_website or $bad_timezone or $missing_locale or $bad_locale or $missing_lastname or $missing_firstname) {
break;
}
$r = user_set($user_id, $user_name, $user_mail, $user_website, $user_locale, $user_timezone);
if (!$r) {
$internal_error = true;
break;
}
if ($is_owner) {
$_SESSION['user']['name'] = $user_name;
$_SESSION['user']['mail'] = $user_mail;
$_SESSION['user']['website'] = $user_website;
$_SESSION['user']['locale'] = $user_locale;
$_SESSION['user']['timezone'] = $user_timezone;
}
if ($with_info) {
$r = user_set_info($user_id, $user_lastname, $user_firstname);
if (!$r) {
$internal_error = true;
break;
}
if ($is_owner) {
$_SESSION['user']['lastname'] = $user_lastname;
$_SESSION['user']['firstname'] = $user_firstname;
}
}
if ($with_role) {
$r = user_set_role($user_id, $user_role);
if (!$r) {
$internal_error = true;
break;
}
}
if ($with_status) {
$r = user_set_status($user_id, $user_active, $user_banned);
if (!$r) {
$internal_error = true;
break;
}
}
$account_modified = true;
break;
case 'change':
if ($missing_newpassword or $bad_newpassword) {
break;
}
$r = user_set_newpassword($user_id, $user_newpassword);
if (!$r) {
$internal_error = true;
break;
}
$password_changed = true;
break;
case 'delete':
if (!$confirmed) {
$confirm_delete = true;
break;
}
$r = user_delete($user_id);
if (!$r) {
$internal_error = true;
break;
}
return false;
default:
break;
}
$user_newpassword = false;
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['useredit_token'] = $token = token_id();
$errors = compact('missing_name', 'bad_name', 'duplicated_name', 'missing_mail', 'bad_mail', 'duplicated_mail', 'bad_timezone', 'bad_website', 'missing_locale', 'bad_locale', 'missing_newpassword', 'bad_newpassword', 'missing_lastname', 'missing_firstname', 'internal_error', 'contact_page');
$infos = compact('account_modified', 'password_changed');
$output = view('useredit', $lang, compact('token', 'errors', 'infos', 'with_name', 'user_name', 'user_mail', 'with_timezone', 'user_timezone', 'with_website', 'user_website', 'with_role', 'user_role', 'supported_roles', 'with_locale', 'user_locale', 'with_status', 'user_banned', 'user_active', 'user_accessed', 'with_newpassword', 'user_newpassword', 'with_info', 'user_lastname', 'user_firstname', 'with_delete', 'confirm_delete'));
return $output;
}
function login()
{
if (validate_user_name($_POST["uname"])) {
$uname = $_POST["uname"];
} else {
return FALSE;
}
if (validate_pass1($_POST["passwd"])) {
$hash_passwd = md5($_POST["passwd"]);
} else {
return FALSE;
}
$sql = "SELECT username, Password FROM USERS where username = '******' AND Password='******'";
$result = executeQuary($sql);
if ($myRecord = mysql_fetch_array($result)) {
if ($uname == $myRecord['username'] && $hash_passwd == $myRecord['Password']) {
$this->setUname($uname);
$tmpPassArr[1] = $_POST["passwd"];
$tmpPassArr[2] = $_POST["passwd"];
$this->setPasswd($tmpPassArr);
$this->getUserDetails();
return true;
} else {
return false;
}
} else {
return false;
}
}
function change_user_details($user_name, $user_email, $user_password)
{
$user_id = $_SESSION['user_id'];
if (validate_user_name($user_name) != true) {
// return('<span class="error_span">Name must be <u>letters only</u> and be <u>2 to 12 letters long</u>. If your name is longer, use a short version of your name</span>');
return '<span class="error_span">El "Número de Alumno"solo admite <u>números</u>. Entre 3 y 6 dígitos</span>';
}
if (validate_user_email($user_email) != true) {
return '<span class="error_span">El Email debe ser válido y no tener más de 50 caracteres.</span>';
} elseif (validate_user_password($user_password) != true && !empty($user_password)) {
return '<span class="error_span">El Password debe tener un mínimo de 4 caracteres</span>';
} elseif (user_name_exists($user_name) == true && $user_name != $_SESSION['user_name']) {
return '<span class="error_span">Ese número de alumno ya fue utilizado</span>';
} elseif (user_email_exists($user_email) == true && $user_email != $_SESSION['user_email']) {
return '<span class="error_span">Email ya registrado</span>';
} else {
if (empty($user_password)) {
mysql_query("UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
} else {
$user_password = encrypt_password($user_password);
mysql_query("UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}', user_password='******' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
}
mysql_query("UPDATE " . global_mysql_reservations_table . " SET reservation_user_name='{$user_name}', reservation_user_email='{$user_email}' WHERE reservation_user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>');
$_SESSION['user_name'] = $user_name;
$_SESSION['user_email'] = $user_email;
$user_password = strip_salt($user_password);
setcookie(global_cookie_prefix . '_user_email', $user_email, time() + 3600 * 24 * intval(global_remember_login_days));
setcookie(global_cookie_prefix . '_user_password', $user_password, time() + 3600 * 24 * intval(global_remember_login_days));
return 1;
}
}
