/**
* changes user settings (usernane, email, password)
*
* @param array @data user settings values
* @param ing @user_id (default is the id stored in session)
*
* @return boolean
*/
public function changeSettings($data, $user_id = USER_ID)
{
$database = new Database();
if (!is_array($data)) {
return false;
}
//print_r($data); exit;
$id = $user_id;
// check token validation
if (!Token::validateToken($data['auth_token'])) {
$this->error = true;
$this->errors[] = "Token is not valid.";
return false;
}
// check if old password is passed
if (!isset($data['old_password'])) {
$this->errors['old_password'] = "******";
$this->error = true;
return false;
} else {
$pw = $data['old_password'];
}
// verify password
if (!Auth::password_check($id, $pw)) {
$this->errors['old_password'] = "******";
$this->error = true;
return false;
}
// array of data to be updated
$newData = [];
// no need for this anymore
unset($data['old_password']);
$username = isset($data['username']) ? $data['username'] : false;
$email = isset($data['email']) ? $data['email'] : false;
$pw1 = isset($data['password']) ? $data['password'] : false;
$pw2 = isset($data['repassword']) ? $data['repassword'] : false;
// at least one field should be changed
if (!$username && !$email && !$pw1) {
$this->errors[] = "No data to be changed.";
$this->error = true;
return false;
}
// get user details by his id
$user = Auth::getUserDetails($id);
// if the given username is different than the one in the database
// check if it exists in another row
if ($username && $username !== $user->username) {
if (!Auth::form_check("username", $username)) {
$this->errors['username'] = "******";
$this->error = true;
}
// check unsername length
if (strlen($username) > 15) {
$this->error = true;
$this->errors['username'] = "******";
} elseif (strlen($username) < 4) {
$this->error = true;
$this->errors['username'] = "******";
}
// check username allowed characters
if (preg_match('/[^a-z_\\-0-9]/i', $username)) {
$this->error = true;
$this->errors['username'] = "******";
}
$newData['username'] = $username;
}
// the same for email
if ($email && $email !== $user->email) {
if (!Auth::form_check("email", $email)) {
$this->errors['email'] = "email already exists.";
$this->error = true;
}
// validate email
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$this->error = true;
$this->errors['email'] = "email is not valid";
}
$newData['email'] = $email;
}
// username and email are passed, check for password change
if ($pw1 && $pw2) {
// if password 1 doesn't match password 2
if ($pw1 !== $pw2) {
$this->errors[] = "Passwords don't match.";
$this->error = true;
return false;
}
// check password length
if (strlen($pw1) < 4) {
$this->error = true;
$this->errors['password'] = "******";
return false;
}
$pw = password_hash($pw1, PASSWORD_BCRYPT);
$newData['password'] = $pw;
}
if ($this->error) {
return false;
}
// no errors, we have the new data, update the table
// get fields and values from the data array
$fields = array_keys($newData);
$values = array_values($newData);
$update = $database->update_data(TABLE_INFO, $fields, $values, 'id', $id);
if ($update !== true) {
// if something went wrong while updating
return $database->errors;
}
return true;
}
header("location:index.html");
}
require_once 'Auth.php';
$authObject = new Auth();
$email = $authObject->sanitizeString($_POST['usermail']);
$password = sha1(md5($authObject->sanitizeString($_POST['password'])) . $authObject->salt);
// echo $email." ".$password;
// sleep(1000);
$result = $authObject->checkPassword($email, $password);
$rows = mysql_fetch_assoc($result);
if ($rows['result'] == 1) {
$seconds = 3600 + time();
$value = "profile";
setcookie(loggedin, $value, $seconds, "/");
$id = $rows['id'];
$user_result = $authObject->getUserDetails($id);
$userDetails = mysql_fetch_assoc($user_result);
$user_type = $rows['user_type'];
$user_family = $authObject->getFamily($id);
$family = array();
//$userFamily = (mysql_fetch_assoc($user_family);
while ($child = mysql_fetch_assoc($user_family)) {
array_push($family, $child);
}
$_SESSION["user_id"] = $id;
$_SESSION["first_name"] = $userDetails['first_name'];
$_SESSION["last_name"] = $userDetails['last_name'];
$_SESSION["city"] = $userDetails['city'];
$_SESSION["state"] = $userDetails['state'];
$_SESSION["country"] = $userDetails['country'];
$_SESSION["children"] = json_encode($family);
