public function changePwd($email, $ucode, $newPwd)
{
$query = "select count(1) from user_registration where emailaddress=\"" . Coder::cleanXSS($this->db, $email) . "\" and uniqCode=\"{$ucode}\"";
if ($this->db->query($query) != 1) {
throw new Exception("Invalid URL", -1);
} else {
$newPwd = Auth::encrypt($newPwd);
$query = "update user_registration set pwd=\"{$newPwd}\" where \n\t\t\t\temailaddress=\"{$email}\" and uniqCode=\"{$ucode}\" limit 1";
$this->db->query($query);
}
}
public function login($emailaddress, $password)
{
$emailaddress = Coder::cleanXSS($this->db, $emailaddress);
//$password = Coder::cleanXSS($this->db, $password);
$password = Auth::encrypt($password);
$query = "select userID, userStatus from user_registration where emailaddress=\"{$emailaddress}\" and pwd=\"{$password}\"";
//and userStatus='active'";
$result = $this->db->query($query);
if (!is_array($result) || count($result) < 1 || !isset($result[0]["userID"])) {
throw new Exception("incorrect email address or password", -1);
}
if ($result[0]["userStatus"] != 'active') {
throw new Exception("user's email address is not verified", -1);
}
$userID = $result[0]["userID"];
if ($userID <= 0) {
throw new Exception("current user is not allowed to login", -1);
}
$this->setupSession($userID);
return $this;
}
private function createLocalUser($fields)
{
if (!isset($fields['emailaddress']) || !isset($fields['displayName']) || !isset($fields['pwd'])) {
throw new Exception("incorrect parameters", -11);
}
$keys = $values = "(";
foreach ($fields as $key => $value) {
$key = Coder::cleanXSS($this->db, $key);
if ($key == 'pwd') {
$value = Auth::encrypt($value);
} else {
$value = Coder::cleanXSS($this->db, $value);
}
$fields[$key] = $value;
$keys .= "{$key}, ";
$values .= "\"{$value}\", ";
}
/*
* Function: disable email verification
* Date: 2016/03/01
$uniqCode = Coder::createRandomCode();
$mailer = new Mailer();
$result = $mailer->sendVerification($fields['emailaddress'], $fields['displayName'], $uniqCode);
if ($result == false)
throw new Exception("failed to send verification email", -1);
$keys .= "uniqCode, userStatus, createdDateTime, updatedDateTime)";
$values .= "\"$uniqCode\", \"pending\", now(), now())";
*/
$keys .= "uniqCode, userStatus, createdDateTime, updatedDateTime)";
$values .= "\"{$uniqCode}\", \"active\", now(), now())";
$query = "insert into user_registration {$keys} values {$values}";
return $this->db->query($query);
}
private function view2model()
{
$model = $this->replyResult["reply"];
Coder::cleanXSS($this->db, $model["parentReplyID"], "int");
Coder::cleanXSS($this->db, $model["newsID"], "int");
Coder::cleanXSS($this->db, $model["userID"], "int");
Coder::cleanXSS($this->db, $model["replyStatement"]);
Coder::cleanXSS($this->db, $model["replyContent"]);
Coder::cleanXSS($this->db, $model["replyType"]);
return $model;
}
