/**
* This function is beign used to load info that's needed for the login page.
* it will try to auto-login, this can only be used while ingame, the web browser sends additional cookie information that's also stored in the open_ring db.
* We will compare the values and if they match, the user will be automatically logged in!
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function login()
{
global $INGAME_WEBPATH;
global $WEBPATH;
if (helpers::check_if_game_client()) {
//check if you are logged in ingame, this should auto login
$result = Helpers::check_login_ingame();
if ($result) {
//handle successful login
$_SESSION['user'] = $result['name'];
$_SESSION['id'] = WebUsers::getId($result['name']);
$_SESSION['ticket_user'] = serialize(Ticket_User::constr_ExternId($_SESSION['id']));
//go back to the index page.
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header('Location: ' . $INGAME_WEBPATH);
} else {
header('Location: ' . $WEBPATH);
}
throw new SystemExit();
}
}
$pageElements['ingame_webpath'] = $INGAME_WEBPATH;
$GETString = "";
foreach ($_GET as $key => $value) {
$GETString = $GETString . $key . '=' . $value . "&";
}
if ($GETString != "") {
$GETString = '?' . $GETString;
}
$pageElements['getstring'] = $GETString;
return $pageElements;
}
/**
* MODULE : Redirection
*/
public function index()
{
$url = $this->getData($this->getUrl(0), 'url');
if ($url) {
helpers::redirect($url, false);
}
}
/**
* This function is beign used to change the users emailaddress info.
* It will first check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* The emailaddress will be validated first. If the checking was successful the email will be updated and the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function userRegistration()
{
try {
//if logged in
if (WebUsers::isLoggedIn()) {
$dbl = new DBLayer("lib");
$dbl->update("settings", array('Value' => $_POST['userRegistration']), "`Setting` = 'userRegistration'");
$result['target_id'] = $_GET['id'];
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$pageElements = settings();
$pageElements = array_merge(settings(), $result);
$pageElements['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
// pass error and reload template accordingly
helpers::loadtemplate('settings', $pageElements);
throw new SystemExit();
} else {
//ERROR: user is not logged in
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
/**
* checks if entered values before registering are valid.
* @param $values array with Username,Password, ConfirmPass and Email.
* @return string Info: Returns a string, if input data is valid then "success" is returned, else an array with errors
*/
public function check_Register($values)
{
// check values
if (isset($values["Username"]) and isset($values["Password"]) and isset($values["ConfirmPass"]) and isset($values["Email"])) {
$user = Users::checkUser($values["Username"]);
$pass = Users::checkPassword($values["Password"]);
$cpass = Users::confirmPassword($pass, $values["Password"], $values["ConfirmPass"]);
$email = Users::checkEmail($values["Email"]);
} else {
$user = "";
$pass = "";
$cpass = "";
$email = "";
}
if (helpers::check_if_game_client() or isset($FORCE_INGAME)) {
if (isset($_POST["TaC"])) {
$tac = "success";
}
} else {
$tac = "success";
}
if ($user == "success" and $pass == "success" and $cpass == "success" and $email == "success" and $tac == "success") {
return "success";
} else {
global $TOS_URL;
$pageElements = array('USERNAME' => $user, 'PASSWORD' => $pass, 'CPASSWORD' => $cpass, 'EMAIL' => $email, 'TOS_URL' => $TOS_URL);
if ($user != "success") {
$pageElements['USERNAME_ERROR'] = 'TRUE';
} else {
$pageElements['USERNAME_ERROR'] = 'FALSE';
}
if ($pass != "success") {
$pageElements['PASSWORD_ERROR'] = 'TRUE';
} else {
$pageElements['PASSWORD_ERROR'] = 'FALSE';
}
if ($cpass != "success") {
$pageElements['CPASSWORD_ERROR'] = 'TRUE';
} else {
$pageElements['CPASSWORD_ERROR'] = 'FALSE';
}
if ($email != "success") {
$pageElements['EMAIL_ERROR'] = 'TRUE';
} else {
$pageElements['EMAIL_ERROR'] = 'FALSE';
}
if (isset($_POST["TaC"])) {
$pageElements['TAC_ERROR'] = 'FALSE';
} else {
$pageElements['TAC_ERROR'] = 'TRUE';
}
return $pageElements;
}
}
public static function uglify($src)
{
$src = str_replace(chr(9), ' ', $src);
$x1 = [', ', ' }', '{ ', ' )', '( ', ' ]', ' [', ' :', ': '];
$x2 = [',', '}', '{', ')', '(', ']', '[', ':', ':'];
$src = str_replace($x1, $x2, $src);
$src = helpers::unduplicate($src, ' ');
$src = str_replace(PHP_EOL . ' ' . PHP_EOL, PHP_EOL, $src);
$src = str_replace(PHP_EOL . ' ', PHP_EOL, $src);
return trim($src);
}
function showOptions($calendar)
{
helpers::debug('showOptions()');
$html = "<form name=frmOptions method=POST>";
$html .= "<h2>Options</h2>";
$html .= $this->buildOptionList($calendar);
$html .= "<br><hr><input type=submit name='SaveOptions' value='Save' />";
$html .= "<input type=hidden name='calendar' value='{$calendar}' />";
$html .= "</form>";
return $html;
}
public function index()
{
try {
//$repository = $this->entityManager->getRepository('Usuarios');
//$users = $repository->findAll();
$user = $this->entityManager->find('Usuarios', 2);
$data = array('user' => $user->getNome(), 'pass' => $user->getIdade());
helpers::jsonResponse(0, 'Success', $data);
} catch (Exception $ex) {
helpers::jsonResponse(1, 'Error: ' . $ex->getMessage(), NULL);
}
}
/**
* This function is beign used to add a new user to the www database.
* it will first check if the sent $_POST variables are valid for registering, if one or more rules are broken (eg the username is too short) the template will be reloaded
* but this time with the appropriate error messages. If the checking was successful it will call the write_user() function (located in this same file). That function will create
* a new www user and matching ticket_user. It will also push the newly created user to the shard. In case the shard is offline, the new user will be temporary stored in the ams_querycache,
* waiting for the sync cron job to update it.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function add_user()
{
global $INGAME_WEBPATH;
$params = array('Username' => $_POST["Username"], 'Password' => $_POST["Password"], 'ConfirmPass' => $_POST["ConfirmPass"], 'Email' => $_POST["Email"]);
$webUser = new WebUsers();
//check if the POST variables are valid, before actual registering
$result = $webUser->check_Register($params);
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
// if all are good then create user
if ($result == "success") {
$edit = array('name' => $_POST["Username"], 'pass' => $_POST["Password"], 'mail' => $_POST["Email"], 'init' => $_POST["Email"], 'unhashpass' => $_POST["Password"], 'status' => 1, 'access' => $_SERVER['REQUEST_TIME']);
$status = write_user($edit);
if (Helpers::check_if_game_client()) {
//if registering ingame then we have to set the header and dont need to reload the template.
header('Location: email_sent.php');
throw new SystemExit();
}
$pageElements = settings();
$pageElements['ingame_webpath'] = $INGAME_WEBPATH;
$pageElements['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$pageElements['SUCCESS_ADD'] = $status;
if (isset($_GET['page']) && $_GET['page'] == "settings") {
helpers::loadtemplate('settings', $pageElements);
} else {
$pageElements['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('register_feedback', $pageElements);
}
throw new SystemExit();
} elseif (isset($_GET['page']) && $_GET['page'] == "settings") {
$pageElements = array_merge(settings(), $result);
// pass error and reload template accordingly
$pageElements['prevUsername'] = $_POST["Username"];
$pageElements['prevPassword'] = $_POST["Password"];
$pageElements['prevConfirmPass'] = $_POST["ConfirmPass"];
$pageElements['prevEmail'] = $_POST["Email"];
$pageElements['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$pageElements['do'] = "add_user";
helpers::loadtemplate('settings', $pageElements);
throw new SystemExit();
} else {
// pass error and reload template accordingly
$result['prevUsername'] = $_POST["Username"];
$result['prevPassword'] = $_POST["Password"];
$result['prevConfirmPass'] = $_POST["ConfirmPass"];
$result['prevEmail'] = $_POST["Email"];
$result['no_visible_elements'] = 'TRUE';
$pageElements['ingame_webpath'] = $INGAME_WEBPATH;
helpers::loadtemplate('register', $result);
throw new SystemExit();
}
}
public function index()
{
$results[] = array('name' => 'listagem de Usuarios', 'endpoint' => 'users');
//$u = new Usuarios();
//$u->setNome('teste');
//$u->setIdade(27);
//$this->entityManager->persist($u);
//$this->entityManager->flush();
//$results = $u->getId();
//helpers::jsonResponse(NULL, 'result', $results);
$results = $u->getId();
helpers::jsonResponse(NULL, 'result', $results);
}
/**
* MODULE : Formulaire de contact
*/
public function index()
{
// Envoi du mail
if ($this->getPost('submit')) {
$mail = helpers::mail($this->getPost('subject', helpers::STRING), $this->getData($this->getUrl(0), 'mail'), $this->getPost('subject', helpers::STRING), $this->getPost('message', helpers::STRING));
if ($mail) {
$this->setNotification('Mail envoyé avec succès !');
} else {
$this->setNotification('Impossible d\'envoyer le mail !');
}
helpers::redirect($this->getUrl());
}
// Interface d'écriture de mail
self::$content = template::openForm() . template::openRow() . template::text('mail', ['label' => 'Adresse mail', 'required' => true, 'col' => 6]) . template::newRow() . template::text('subject', ['label' => 'Sujet', 'required' => true, 'col' => 6]) . template::newRow() . template::textarea('message', ['label' => 'Sujet', 'required' => true, 'col' => 7]) . template::newRow() . template::submit('submit', ['col' => 2]) . template::closeRow() . template::closeForm();
}
private function _prepareValue($value)
{
if ($value != "") {
// Replace spaces with %20 to send params correctly
$value = str_replace(' ', '%20', $value);
}
// Check if the value is a boolean and set to correct type of string
if ($this->helpers->is_bool($value)) {
if ($value != "" && $value !== FALSE) {
$value = 'TRUE';
} else {
$value = 'FALSE';
}
}
return $value;
}
static function is_my_calendar($key)
{
$arr = explode('&', $_SERVER['REQUEST_URI']);
if (isset($arr[1])) {
$url_name = urldecode($arr[1]);
if (stripos($url_name, $key) > 0) {
return true;
}
}
if (isset($_POST['calendar'])) {
helpers::debug("is_my_calendar-\$_POST: " . $_POST['CalendarKey']);
if ($_POST['CalendarKey'] == $key) {
return true;
}
}
return false;
}
/**
* This function is beign used to login a user.
* It will first check if the sent POST data returns a match with the DB, if it does, some session variables will be appointed to the user and he will be redirected to the index page again.
* If it didn't match, the template will be reloaded and a matching error message will be shown.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function login()
{
global $INGAME_WEBPATH;
global $WEBPATH;
try {
$login_value = filter_var($_POST['LoginValue'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['Password'], FILTER_SANITIZE_STRING);
//check if the filtered sent POST data returns a match with the DB
$result = WebUsers::checkLoginMatch($login_value, $password);
if ($result != "fail") {
//handle successful login
$_SESSION['user'] = $result['Login'];
$_SESSION['id'] = $result['UId'];
$_SESSION['ticket_user'] = serialize(Ticket_User::constr_ExternId($_SESSION['id']));
$user = new WebUsers($_SESSION['id']);
$_SESSION['Language'] = $user->getLanguage();
$GETString = "";
foreach ($_GET as $key => $value) {
$GETString = $GETString . $key . '=' . $value . "&";
}
if ($GETString != "") {
$GETString = '?' . $GETString;
}
//go back to the index page.
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header('Location: ' . $INGAME_WEBPATH . $GETString);
} else {
header('Location: ' . $WEBPATH . $GETString);
}
throw new SystemExit();
} else {
//handle login failure
$result = array();
$result['login_error'] = 'TRUE';
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('login', $result);
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
function reset_password()
{
//filter all data
$email = filter_var($_GET["email"], FILTER_SANITIZE_EMAIL);
$user = filter_var($_GET["user"], FILTER_SANITIZE_STRING);
$key = filter_var($_GET["key"], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['NewPass'], FILTER_SANITIZE_STRING);
$confirmpass = filter_var($_POST['ConfirmNewPass'], FILTER_SANITIZE_STRING);
$target_id = WebUsers::getId($user);
$webUser = new WebUsers($target_id);
if (WebUsers::getIdFromEmail($email) == $target_id && hash('sha512', $webUser->getHashedPass()) == $key) {
$params = array('user' => $user, 'CurrentPass' => "dummy", 'NewPass' => $password, 'ConfirmNewPass' => $confirmpass, 'adminChangesOther' => true);
$result = $webUser->check_change_password($params);
if ($result == "success") {
$result = array();
$status = WebUsers::setPassword($user, $password);
if ($status == 'ok') {
$result['SUCCESS_PASS'] = "******";
} else {
if ($status == 'shardoffline') {
$result['SUCCESS_PASS'] = "******";
}
}
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('reset_success', $result);
throw new SystemExit();
}
$GETString = "";
foreach ($_GET as $key => $value) {
$GETString = $GETString . $key . '=' . $value . "&";
}
if ($GETString != "") {
$GETString = '?' . $GETString;
}
$result['getstring'] = $GETString;
$result['prevNewPass'] = $password;
$result['prevConfirmNewPass'] = $confirmpass;
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('reset_password', $result);
throw new SystemExit();
}
}
function forgot_password()
{
$email = filter_var($_POST["Email"], FILTER_SANITIZE_EMAIL);
$target_id = WebUsers::getIdFromEmail($email);
if ($target_id == "FALSE") {
//the email address doesn't exist.
$result['prevEmail'] = $email;
$result['EMAIL_ERROR'] = 'TRUE';
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('forgot_password', $result);
throw new SystemExit();
}
$webUser = new WebUsers($target_id);
$target_username = $webUser->getUsername();
$target_hashedPass = $webUser->getHashedPass();
$hashed_key = hash('sha512', $target_hashedPass);
if (isset($_COOKIE['Language'])) {
$lang = $_COOKIE['Language'];
} else {
global $DEFAULT_LANGUAGE;
$lang = $DEFAULT_LANGUAGE;
}
global $AMS_TRANS;
$variables = parse_ini_file($AMS_TRANS . '/' . $lang . '.ini', true);
$mailText = array();
foreach ($variables['email'] as $key => $value) {
$mailText[$key] = $value;
}
//create the reset url
global $WEBPATH;
$resetURL = $WEBPATH . "?page=reset_password&user="******"&email=" . $email . "&key=" . $hashed_key;
//set email stuff
$recipient = $email;
$subject = $mailText['email_subject_forgot_password'];
$body = $mailText['email_body_forgot_password_header'] . $resetURL . $mailText['email_body_forgot_password_footer'];
Mail_Handler::send_mail($recipient, $subject, $body, NULL);
$result['EMAIL_SUCCESS'] = 'TRUE';
$result['prevEmail'] = $email;
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('forgot_password', $result);
throw new SystemExit();
}
/**
* Get total itterations and possible conversions for a group
*
* @since 1.1.0
*
* @param array $group Group config array
* @param bool $return_conversions Optional. To count conversions as well. Default is false
*
* @return array|int Total iterations as an integer or both iterations and conversions in an array
*/
public static function get_total(array $group, $return_conversions = false)
{
$total = $conversions = 0;
if (\ingot\testing\crud\group::valid($group)) {
$levers = helpers::v('levers', $group, []);
if (!empty($levers)) {
foreach ($levers[$group['ID']] as $lever) {
if (is_object($lever) && method_exists($lever, 'getDenominator')) {
$total += $lever->getDenominator();
if ($return_conversions) {
$conversions += $lever->getNumerator();
}
}
}
}
}
if (!$return_conversions) {
return $total;
} else {
return ['total' => $total, 'conversion' => $conversions];
}
}
/**
* workhorse of the website, it loads the template and shows it or returns th html.
* it uses smarty to load the $template, but before displaying the template it will pass the $vars to smarty. Also based on your language settings a matching
* array of words & sentences for that page will be loaded. In case the $returnHTML parameter is set to true, it will return the html instead of displaying the template.
*
* @param $template the name of the template(page) that we want to load.
* @param $vars an array of variables that should be loaded by smarty before displaying or returning the html.
* @param $returnHTML (default=false) if set to true, the html that should have been displayed, will be returned.
* @return in case $returnHTML=true, it returns the html of the template being loaded.
*/
public static function loadTemplate($template, $vars = array(), $returnHTML = false)
{
//error_log(print_r($_GET,true));
//error_log(print_r($_POST,true));
global $AMS_LIB;
global $SITEBASE;
global $AMS_TRANS;
global $INGAME_LAYOUT;
global $AMS_CACHEDIR;
global $AMS_PLUGINS;
// define('SMARTY_SPL_AUTOLOAD',1);
require_once $AMS_LIB . '/smarty/libs/Smarty.class.php';
spl_autoload_register('__autoload');
$smarty = new Smarty();
$smarty->setCompileDir($SITEBASE . '/templates_c/');
$smarty->setCacheDir($AMS_CACHEDIR);
$smarty->setConfigDir($SITEBASE . '/configs/');
// turn smarty debugging on/off
$smarty->debugging = false;
// caching must be disabled for multi-language support
$smarty->caching = false;
$smarty->cache_lifetime = 300;
$smarty->addPluginsDir($AMS_PLUGINS);
if (function_exists('apc_cache_info')) {
// production
//$smarty->caching = true;
//$smarty->setCachingType("apc");
//$smarty->compile_check = false;
}
// needed by smarty.
helpers::create_folders();
global $FORCE_INGAME;
// if ingame, then use the ingame templates
if (helpers::check_if_game_client() or $FORCE_INGAME) {
$smarty->template_dir = $AMS_LIB . '/ingame_templates/';
$smarty->setConfigDir($AMS_LIB . '/configs');
$variables = parse_ini_file($AMS_LIB . '/configs/ingame_layout.ini', true);
foreach ($variables[$INGAME_LAYOUT] as $key => $value) {
$smarty->assign($key, $value);
}
} else {
$smarty->template_dir = $SITEBASE . '/templates/';
$smarty->setConfigDir($SITEBASE . '/configs');
}
foreach ($vars as $key => $value) {
$smarty->assign($key, $value);
}
// load page specific variables that are language dependent
$variables = Helpers::handle_language();
if ($template != 'layout_plugin') {
foreach ($variables[$template] as $key => $value) {
$smarty->assign($key, $value);
}
}
// load ams content variables that are language dependent
foreach ($variables['ams_content'] as $key => $value) {
$smarty->assign($key, $value);
}
//load ams content variables that are language dependent
foreach ($variables['ams_content'] as $key => $value) {
$smarty->assign($key, $value);
}
$id = session_id();
$smarty->assign("sessionid", $id);
$dbl = new DBLayer("lib");
$statement = $dbl->executeWithoutParams("SELECT * FROM settings");
$rows = $statement->fetchAll();
foreach ($rows as &$value) {
$smarty->assign($value['Setting'], $value['Value']);
}
// smarty inheritance for loading the matching wrapper layout (with the matching menu bar)
if (isset($vars['permission']) && $vars['permission'] == 3) {
$inherited = "extends:layout_admin.tpl|";
} else {
if (isset($vars['permission']) && $vars['permission'] == 2) {
$inherited = "extends:layout_mod.tpl|";
} else {
if (isset($vars['permission']) && $vars['permission'] == 1) {
$inherited = "extends:layout_user.tpl|";
} else {
$inherited = "";
}
}
}
// if $returnHTML is set to true, return the html by fetching the template else display the template.
if ($returnHTML == true) {
return $smarty->fetch($inherited . $template . '.tpl');
} else {
$smarty->display($inherited . $template . '.tpl');
}
}
/**
* MODULE : Liste des news
*/
public function index()
{
if ($this->getData($this->getUrl(0))) {
$pagination = helpers::pagination($this->getData($this->getUrl(0)), $this->getUrl());
$news = helpers::arrayCollumn($this->getData($this->getUrl(0)), 'date', 'SORT_DESC');
for ($i = $pagination['first']; $i < $pagination['last']; $i++) {
self::$content .= '<h3>' . $this->getData($this->getUrl(0), $news[$i], 'title') . '</h3>' . '<h4>' . date('d/m/Y - H:i', $this->getData($this->getUrl(0), $news[$i], 'date')) . '</h4>' . $this->getData($this->getUrl(0), $news[$i], 'content');
}
self::$content .= $pagination['pages'];
}
}
/**
* MODULE : Déconnexion
*/
public function logout()
{
$this->removeCookie();
helpers::redirect('./', false);
}
//login.php
require_once 'assets/initialize.php';
if (isset($_SESSION['ID'])) {
//cek apakah sudah ada session login kalau sudah login arahkan ke dashboard user
header("Location: userdashboard.php");
}
$smarty = new Smarty();
$smarty->template_dir = 'theme';
$smarty->compile_dir = 'cache';
$smarty->assign('basename', BASENAME);
$smarty->assign('link', LINK_URL);
/*
* Located in the assets/classes folder
*/
$helpers = new helpers();
// cek password
if (isset($_POST['signin'])) {
$i = new laksanakan();
if (!empty($_POST['email']) || !empty($_POST['password'])) {
$email = addslashes($_POST['email']);
$pass = addslashes($_POST['password']);
$inputdata = " `id`,`nama`, `password`, `email`, `hak`, `statuss` ";
$wheres = " `email` = '" . $email . "' limit 1 ";
$cekquery = $i->ambilDetail($inputdata, 'user', $wheres);
if (!empty($cekquery[0]->password) || !empty($cekquery[0]->email)) {
$password = $cekquery[0]->password;
if (password_verify($pass, $password)) {
if (!isset($_SESSION)) {
session_start();
}
/**
* L�scht eintr�ge aus der Datenbank
*
* @param UTF8String $table
* @param UTF8String $where
* @param array $where_parameters
*
* @result bool
*/
public static function delete($table, $where, $where_parameters = array())
{
// Nur wenn in $where etwas drin steht, sonst wird die ganze Tabelle gel�scht :-(
if ($where != "") {
$db = self::getPDO();
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try {
$sql = "DELETE FROM `" . self::tablePrefix() . $table . "` WHERE " . $where;
$statement = $db->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$statement->execute($where_parameters);
return true;
} catch (PDOException $e) {
helpers::debugError('Database error: ' . $e->getMessage());
return false;
}
} else {
return false;
}
}
<?php
# Descrição Controller
$app->get('/Descricao', function () use($app) {
# select * from DESCRICAO
$results = Descricao::all();
# send( Deu erro?, Mensagem do erro, Dados a serem enviados )
return helpers::send(false, '', $results);
});
/**
* This function is beign used to change the users password.
* It will first check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* If the executing user tries to change someone elses password, he doesn't has to fill in the previous password. The password will be validated first. If the checking was successful the password will be updated and the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_password()
{
try {
//if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_POST['target_id'])) {
$adminChangesOther = false;
//if target_id is the same as session id or is admin
if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
if ($_POST['target_id'] == $_SESSION['id']) {
//if the password is of the executing user himself
$target_username = $_SESSION['user'];
} else {
//if the password is of someone else.
$webUser = new WebUsers($_POST['target_id']);
$target_username = $webUser->getUsername();
//isAdmin is true when it's the admin, but the target_id != own id
$adminChangesOther = true;
$_POST["CurrentPass"] = "******";
}
$webUser = new WebUsers($_POST['target_id']);
$params = array('user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
$result = $webUser->check_change_password($params);
if ($result == "success") {
//edit stuff into db
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$succresult = settings();
$status = WebUsers::setPassword($target_username, $_POST["NewPass"]);
if ($status == 'ok') {
$succresult['SUCCESS_PASS'] = "******";
} else {
if ($status == 'shardoffline') {
$succresult['SUCCESS_PASS'] = "******";
}
}
$succresult['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$succresult['no_visible_elements'] = 'FALSE';
$succresult['username'] = $_SESSION['user'];
$succresult['target_id'] = $_POST['target_id'];
helpers::loadtemplate('settings', $succresult);
throw new SystemExit();
} else {
$result['prevCurrentPass'] = filter_var($_POST["CurrentPass"], FILTER_SANITIZE_STRING);
$result['prevNewPass'] = filter_var($_POST["NewPass"], FILTER_SANITIZE_STRING);
$result['prevConfirmNewPass'] = filter_var($_POST["ConfirmNewPass"], FILTER_SANITIZE_STRING);
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['no_visible_elements'] = 'FALSE';
$result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$settings = settings();
$result = array_merge($result, $settings);
helpers::loadtemplate('settings', $result);
throw new SystemExit();
}
} else {
//ERROR: permission denied!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: The form was not filled in correclty
header("Cache-Control: max-age=1");
header("Location: index.php?page=settings");
throw new SystemExit();
}
} else {
//ERROR: user is not logged in
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
function getClass($class, $id)
{
if ($class == 'category' || $class == 'subcategory') {
if (session::get('id_user') == 0) {
return true;
} else {
if ($class == 'subcategory') {
if ($id == 'new') {
helpers::getParam('id_category', $id);
}
$x = $class::find($id);
if (!x) {
$id = -1;
} else {
$id = $x->id_category;
}
}
$p = checkPermisssions(session::get('id_user'));
foreach ($p as $r) {
if ($r->id_category == $id) {
$err = true;
}
}
if (!$err) {
return true;
} else {
return false;
}
}
} else {
return true;
}
}
<?php
//userdashboar.php
require_once 'assets/initialize.php';
//require_once('assets/classes/fungsi.class.php');
if (!isset($_SESSION['ID'])) {
//cek apakah sudah ada session login kalau belum login arahkan form login
header("Location: login.php");
}
$helpers = new helpers();
$smarty = new Smarty();
$smarty->template_dir = 'theme';
$smarty->compile_dir = 'cache';
//$smarty->debugging = true;
//$smarty->caching = true;
//$smarty->cache_lifetime = 220;
$smarty->assign('basename', BASENAME);
$timestamp = time();
$smarty->assign('timestamp', $timestamp);
$md5salt = md5('unique_salt' . $timestamp);
$smarty->assign('md5salt', $md5salt);
$i = new laksanakan();
$tdbase = " u.*, h.nama AS hakakses ";
$ndbase = " user ";
#paging
$rowuser = $i->ambil(' count(id) AS jmlid ', $ndbase, " ");
$jml = $rowuser[0]->jmlid;
if (isset($_GET["page"])) {
$page = $_GET["page"];
} else {
$page = 1;
//lupapassword.php
require_once 'assets/initialize.php';
require_once 'assets/classes/fungsi.class.php';
if (isset($_SESSION['ID'])) {
//cek apakah sudah ada session login kalau sudah login arahkan ke dashboard user
header("Location: userdashboard.php");
}
$smarty = new Smarty();
$smarty->template_dir = 'theme';
$smarty->compile_dir = 'cache';
$smarty->assign('basename', BASENAME);
$smarty->assign('link', LINK_URL);
/*
* Located in the assets/classes folder
*/
$helpers = new helpers();
$i = new laksanakan();
//cek jiga reset mempunyai nilai
if (isset($_GET['reset'])) {
$inputdata = " `id`,`email`,`resetpasswd` ";
$wheres = " `resetpasswd` = '" . $_GET['reset'] . "' limit 1 ";
$cekquery = $i->ambilDetail($inputdata, 'user', $wheres);
if (!empty($cekquery[0]->id)) {
$smarty->assign('resetpass', $cekquery[0]->id);
//jika pass di simpan
if (isset($_POST['savepass']) && $_POST['savepass'] == 'ok' && !empty($_POST['password'])) {
$ndbase = " user ";
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$tdbase = " password = '******' , resetpasswd = '' ";
$wheres = " id = " . $cekquery[0]->id . " ";
$hasil = $i->updateDB($tdbase, $ndbase, $wheres);
/**
* Get default text color
*
* @since 0.2.0
*
*/
public static function text_color()
{
/**
* Set default for button color
*
* @since 0.2.0
*
* @param string $default The default color
*/
return helpers::prepare_color(apply_filters('ingot_default_text_color', 'ffffff'), false);
}
private static function sendmail($to, $subject, $message, $headers)
{
helpers::debug("Email event triggered");
$db = new CalendarDatabase();
$arrUsers = array();
$grpUserArr = array();
$email_addresses = '';
$arr = explode("\n", $to);
foreach ($arr as $invite) {
##clean off the (xyz) stuff
$temp = explode('(', $invite);
$invite = trim($temp[0]);
if (strpos($invite, "#") === 0) {
$grpUserArr = $db->getGroupUsers(str_replace("#", "", $invite));
$arrUsers = array_merge($grpUserArr, $arrUsers);
} else {
$arrUsers[] = $invite;
}
}
$arrUsers = array_unique($arrUsers);
foreach ($arrUsers as $u) {
$user = User::newFromName($u);
if ($user) {
if (!$user->getEmail() == '') {
$email_addresses .= $user->getEmail() . ",";
}
}
}
if ($email_addresses != "") {
helpers::debug("Emails sent to: {$email_addresses}");
mail($email_addresses, $subject, $message, $headers);
}
}
private function buildLink($event)
{
$limit = $this->subject_max_length;
$time = '';
if (!$event['allday']) {
$time = helpers::event_time($event['start']);
}
$title = $event['subject'];
//dont cut this text
$subject = $time . $event['subject'];
$endTag = '';
$pos = strrpos($subject, '</');
if ($pos !== false) {
## if we're here, then we need to remove the end html tag and re-add it after the $limit trim
$limit += 3;
// add 3 to the set lengh limit since "<b><s>...tags" arent displayed
$endTag = substr($subject, $pos, strlen($subject));
$subject = substr($subject, 0, $pos);
//helpers::debug($removed . "-" . $subject);
}
$len = strlen($subject);
if ($len > $limit) {
$subject = trim(substr($subject, 0, $limit)) . "...";
}
## re-add any removed html tags
$subject = $subject . $endTag;
$tag = 'eventtag' . $event['id'];
$text = $event['text'] . ' ';
## this fixes the line feed issue in the comments/text
$text = str_replace("\r\n", "<br>", $text);
## we're passing these strings into javascript, so we need to handle special characters
## need to come back and re-visit this... there has to be a better way...
$title = $this->fixJavascriptSpecialChars($title);
$text = $this->fixJavascriptSpecialChars($text);
$url = $this->cleanLink($this->title) . '&Name=' . $this->key . '&EditEvent=' . $event['id'];
if ($this->options['summary_js']) {
$link = "<a href=\"{$url}\" title='' name='{$tag}' onmouseover=\"EventSummary('{$tag}','{$title}','{$text}')\" onmouseout=\"ClearEventSummary()\" >{$subject}</a>";
} else {
$link = "<a href=\"{$url}\" title='{$title}' name='{$tag}' >{$subject}</a>";
}
return $link;
}
require_once 'assets/initialize.php';
if (!isset($_SESSION['ID'])) {
//cek apakah sudah ada session login kalau sudah login arahkan ke dashboard user
header("Location: index.php");
}
$smarty = new Smarty();
$smarty->template_dir = 'theme';
$smarty->compile_dir = 'cache';
//$smarty->debugging = true;
//$smarty->caching = true;
//$smarty->cache_lifetime = 220;
$smarty->assign('basename', BASENAME);
/*
* Located in the assets/classes folder
*/
$helpers = new helpers();
//cek apakah submit di klik
//jika isset submit terisi maka proses data untuk masukan pendaftaran ke db
if (isset($_POST['submit'])) {
$i = new laksanakan();
//cek jika data yang di $_POST tidak kosong
if (!empty($_POST['nama']) || !empty($_POST['email']) || !empty($_POST['notelp']) || !empty($_POST['tgllahir']) || !empty($_POST['alamat']) || !empty($_POST['kodepos']) || !empty($_POST['jeniskelamin']) || !empty($_POST['password'])) {
//rubah passwoar menjadi hash
$nama = addslashes($_POST['nama']);
$email = addslashes($_POST['email']);
$pass = addslashes($_POST['password']);
$password = password_hash($pass, PASSWORD_DEFAULT);
//form input masukan dalam satu array
$inputdata = array('nama' => $nama, 'email' => $email, 'notelp' => $_POST['notelp'], 'tgllahir' => $_POST['tgllahir'], 'alamat' => $_POST['alamat'], 'kodepos' => $_POST['kodepos'], 'jeniskelamin' => $_POST['jeniskelamin'], 'password' => $password, 'tgldaftar' => date("Y-m-d"), 'hak' => '99', 'status' => '0');
//set update=false
$_POST['update'] = 'false';
