function validateaccount($email, $rand_key_confirm)
{
$rand_key = $rand_key_confirm;
$PDO = Record::getConnection();
$check_validated = "SELECT * FROM " . TABLE_PREFIX . "user WHERE email='{$email}'";
$result = $PDO->prepare($check_validated);
$result->execute();
$count = $result->rowCount();
if ($count > 0) {
$settings = Plugin::getAllSettings("registered_users");
$met = $settings["message_error_technical"];
$message_empty_name = $settings["message_empty_name"];
$message_empty_email = $settings["message_empty_email"];
$message_empty_username = $settings["message_empty_username"];
$message_empty_password = $settings["message_empty_password"];
$message_empty_password_confirm = $settings["message_empty_password_confirm"];
$message_notvalid_password = $settings["message_notvalid_password"];
$message_notvalid_username = $settings["message_notvalid_username"];
$message_notvalid_email = $settings["message_notvalid_email"];
$message_error_already_validated = $settings["message_error_already_validated"];
echo $message_error_already_validated;
} else {
$today = date('Y-m-d G:i:s');
$registration_temp = "SELECT * FROM " . TABLE_PREFIX . "registered_users_temp WHERE email='{$email}'";
foreach ($PDO->query($registration_temp) as $row) {
$name = $row['name'];
$email = $row['email'];
$username = $row['username'];
$password = $row['password'];
$rand_key = $row['rand_key'];
$reg_date = $row['reg_date'];
$welcome_message = $row['welcome_message'];
$message_notvalid_password = $row['message_notvalid_password'];
}
if ($rand_key_confirm == $rand_key) {
// Let's transfer the user from the temp table to the user table
//$update_user_table = "INSERT INTO ".TABLE_PREFIX."user (`id`,`name`,`email`,`username`,`password`,`created_on`,`updated_on`,`created_by_id`,`updated_by_id`) VALUES ('','$name','$email','$username','$password','$reg_date','$today','','');";
//$stmt = $__CMS_CONN__->prepare($update_user_table);
//$stmt->execute();
$user = new User();
$user->name = $name;
$user->email = $email;
$user->username = $username;
$user->salt = AuthUser::generateSalt();
$user->password = AuthUser::generateHashedPassword($password, $user->salt);
$user->created_on = $reg_date;
$user->updated_on = $today;
$user->save();
// We don't need them in the temp table anymore
$delete_temp_user = "******" . TABLE_PREFIX . "registered_users_temp WHERE email='{$email}'";
$stmt = $PDO->prepare($delete_temp_user);
$stmt->execute();
// And let's make sure we have some permissions set so that user can then do something!
// First we need the default permssion ID
$def_permission = Plugin::getSetting("default_permissions", "registered_users");
// Then we need the correct user ID
/*$user = "******".TABLE_PREFIX."user WHERE email='$email'";
foreach ($__CMS_CONN__->query($user) as $row) {
$id = $row['id'];
}*/
$id = $user->id;
$set_permissions = "INSERT INTO " . TABLE_PREFIX . "user_role (`user_id`,`role_id`) VALUES ('{$id}','{$permission_id}');";
$stmt = $PDO->prepare($set_permissions);
$stmt->execute();
// We also need to add the profile settings into DB
$addprofile = "INSERT INTO " . TABLE_PREFIX . "user_profile (`id`,`firstlogin`,`subscribe`,`sysnotifications`,`haspic`,`profile_blurb`) VALUES ({$id},'1','1','1','0','your public profile...');";
$addprofile = $PDO->prepare($addprofile);
$addprofile->execute();
echo $welcome_message;
$loadloginclass = new RegisteredUser();
$loadloginclass->login_page();
} else {
echo $message_notvalid_password;
}
}
}
/**
* @todo merge _add() and _edit() into one _store()
*
* @param <type> $id
*/
private function _edit($id)
{
use_helper('Validate');
$data = $_POST['user'];
Flash::set('post_data', (object) $data);
// Add pre-save checks here
$errors = false;
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/edit')) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('user/edit/' . $id));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('user/edit/' . $id));
}
// check if user want to change the password
if (strlen($data['password']) > 0) {
// check if pass and confirm are egal and >= 5 chars
if (strlen($data['password']) >= 5 && $data['password'] == $data['confirm']) {
unset($data['confirm']);
} else {
Flash::set('error', __('Password and Confirm are not the same or too small!'));
redirect(get_url('user/edit/' . $id));
}
} else {
unset($data['password'], $data['confirm']);
}
// Check alphanumerical fields
$fields = array('username');
foreach ($fields as $field) {
if (!empty($data[$field]) && !Validate::alphanum_space($data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
if (!empty($data['name']) && !Validate::alphanum_space($data['name'], true)) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'name'));
}
if (!empty($data['email']) && !Validate::email($data['email'])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'email'));
}
if (!empty($data['language']) && !Validate::alpha($data['language'])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'language'));
}
if ($errors !== false) {
// Set the errors to be displayed.
Flash::set('error', implode('<br/>', $errors));
redirect(get_url('user/edit/' . $id));
}
$user = Record::findByIdFrom('User', $id);
if (isset($data['password'])) {
if (empty($user->salt)) {
$user->salt = AuthUser::generateSalt();
}
$data['password'] = AuthUser::generateHashedPassword($data['password'], $user->salt);
}
$user->setFromData($data);
if ($user->save()) {
if (AuthUser::hasPermission('user_edit')) {
// now we need to add permissions
$data = isset($_POST['user_permission']) ? $_POST['user_permission'] : array();
UserRole::setPermissionsFor($user->id, $data);
}
Flash::set('success', __('User has been saved!'));
Observer::notify('user_after_edit', $user->name);
} else {
Flash::set('error', __('User has not been saved!'));
}
if (AuthUser::getId() == $id) {
redirect(get_url('user/edit/' . $id));
} else {
redirect(get_url('user'));
}
}
/* Make sure we've been called using index.php */
if (!defined('INSTALL_SEQUENCE')) {
echo '<p>Illegal call. Terminating.</p>';
exit;
}
require 'Template.php';
require CORE_ROOT . '/app/models/AuthUser.php';
use_helper('Hash');
$hash = new Crypt_Hash('sha256');
$msg = '';
$error = false;
$PDO = false;
// Setup default admin user name in case admin username is not entered in install screen
$admin_name = DEFAULT_ADMIN_USER;
// Generate admin user salt
$admin_salt = AuthUser::generateSalt();
// Create config.php template
$config_tmpl = new Template('config.tmpl');
$config_tmpl->assign($config);
// Get generated config.php
$config_content = $config_tmpl->fetch();
// Write config.php
if (!file_put_contents(CFG_FILE, $config_content)) {
$error .= "<ul><li><strong>Config file could not be written!</strong></li>\n";
} else {
$msg .= "<ul><li>Config file successfully written.</li>\n";
}
if (false === $error) {
// Include generated config.php
require CFG_FILE;
// Generate admin name (defaults to 'admin') and pwd
public function addUser($data, $verify)
{
// CHECK PERMISSIONS
if (!$this->permissions->hasPermission("user_add")) {
$this->_error(__("You don't have the Permission to perform this action!"));
return false;
}
if (!SecureToken::validateToken($verify, get_url("user/add/" . $this->currentID))) {
$this->_error(__("The CSRF Token does not exist or is invalid!"));
return false;
}
// VALIDATE USER DATA
$data = paw_xss_cleaner($data);
if (!isset($data["username"]) || ($username = $this->validateUsername($data["username"], true)) === false) {
return false;
}
if (!isset($data["email"]) || ($usermail = $this->validateUsermail($data["email"], true)) === false) {
return false;
}
if (!isset($data["password"]) || ($password = $this->validatePassword($data["password"], true)) === false) {
return false;
}
if (!isset($data["name"])) {
$data["name"] = $data["username"];
}
$userip = NULL;
// CHECK LANGUAGE
if (isset($data["language"]) && $data["language"] !== NULL) {
$language = Setting::getLanguages();
if (!isset($language[$data["language"]])) {
$data["language"] = NULL;
}
}
if (!isset($data["language"]) || $data["language"] === NULL) {
$data["language"] = Setting::get("language");
}
// REGISTER-DATA
$usersalt = AuthUser::generateSalt();
$blowfish = $this->_hashBlowfish($username, $password, $usersalt);
$password = AuthUser::generateHashedPassword($password, $usersalt);
$userdata = array("name" => ":name", "email" => ":mail", "username" => ":user", "ip" => Record::escape($userip), "password" => Record::escape($password), "blowfish" => Record::escape($blowfish), "salt" => Record::escape($usersalt), "language" => ":lang", "last_login" => Record::escape(date("Y-m-d H:i:s", 0)), "last_failure" => Record::escape(date("Y-m-d H:i:s", 0)), "failure_count" => 0, "created_on" => Record::escape(date("Y-m-d H:i:s")), "updated_on" => Record::escape(date("Y-m-d H:i:s")), "created_by_id" => $this->currentID, "updated_by_id" => $this->currentID);
// ADD USER
$query = "INSERT INTO " . TABLE_PREFIX . "user (" . implode(", ", array_keys($userdata)) . ") VALUES (" . implode(", ", array_values($userdata)) . ")";
Record::query($query, array(":name" => $data["name"], ":user" => $username, ":mail" => $usermail, ":lang" => $data["language"]));
$user = $this->getUser($username, "username");
if ($user !== false) {
$this->fields->addMeta($user->id, "activation_type", "instant", true);
$this->fields->addMeta($user->id, "activation_status", true, true);
if (isset($data["roles"]) && !empty($data["roles"])) {
$this->permissions->roleToUser($data["roles"], $user->id);
}
return true;
}
$this->_error(__("An unknown error is occurred!"));
return false;
}
private function _add()
{
$data = $_POST['user'];
Flash::set('post_data', (object) $data);
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'user/add')) {
Flash::set('error', __('Invalid CSRF token found!'));
redirect(get_url('user/add'));
}
} else {
Flash::set('error', __('No CSRF token found!'));
redirect(get_url('user/add'));
}
// check if pass and confirm are equal and >= 5 chars
if (strlen($data['password']) >= 5 && $data['password'] == $data['confirm']) {
//$data['password'] = sha1($data['password']);
unset($data['confirm']);
} else {
Flash::set('error', __('Password and Confirm are not the same or too small!'));
redirect(get_url('user/add'));
}
// check if username >= 2 chars
if (strlen($data['username']) < 2) {
Flash::set('error', __('Username must contain a minimum of 2 characters!'));
redirect(get_url('user/add'));
}
$user = new User($data);
// Generate a salt and create encrypted password
$user->salt = AuthUser::generateSalt();
$user->password = AuthUser::generateHashedPassword($user->password, $user->salt);
if ($user->save()) {
// now we need to add permissions if needed
if (!empty($_POST['user_permission'])) {
UserPermission::setPermissionsFor($user->id, $_POST['user_permission']);
}
Flash::set('success', __('User has been added!'));
} else {
Flash::set('error', __('User has not been added!'));
}
redirect(get_url('user'));
}
