/**
* This function is beign used to change the users emailaddress info.
* It will first check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* The emailaddress will be validated first. If the checking was successful the email will be updated and the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function userRegistration()
{
try {
//if logged in
if (WebUsers::isLoggedIn()) {
$dbl = new DBLayer("lib");
$dbl->update("settings", array('Value' => $_POST['userRegistration']), "`Setting` = 'userRegistration'");
$result['target_id'] = $_GET['id'];
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$pageElements = settings();
$pageElements = array_merge(settings(), $result);
$pageElements['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
// pass error and reload template accordingly
helpers::loadtemplate('settings', $pageElements);
throw new SystemExit();
} else {
//ERROR: user is not logged in
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
/**
* This function is beign used to add a new user to the www database.
* it will first check if the sent $_POST variables are valid for registering, if one or more rules are broken (eg the username is too short) the template will be reloaded
* but this time with the appropriate error messages. If the checking was successful it will call the write_user() function (located in this same file). That function will create
* a new www user and matching ticket_user. It will also push the newly created user to the shard. In case the shard is offline, the new user will be temporary stored in the ams_querycache,
* waiting for the sync cron job to update it.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function add_user()
{
global $INGAME_WEBPATH;
$params = array('Username' => $_POST["Username"], 'Password' => $_POST["Password"], 'ConfirmPass' => $_POST["ConfirmPass"], 'Email' => $_POST["Email"]);
$webUser = new WebUsers();
//check if the POST variables are valid, before actual registering
$result = $webUser->check_Register($params);
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
// if all are good then create user
if ($result == "success") {
$edit = array('name' => $_POST["Username"], 'pass' => $_POST["Password"], 'mail' => $_POST["Email"], 'init' => $_POST["Email"], 'unhashpass' => $_POST["Password"], 'status' => 1, 'access' => $_SERVER['REQUEST_TIME']);
$status = write_user($edit);
if (Helpers::check_if_game_client()) {
//if registering ingame then we have to set the header and dont need to reload the template.
header('Location: email_sent.php');
throw new SystemExit();
}
$pageElements = settings();
$pageElements['ingame_webpath'] = $INGAME_WEBPATH;
$pageElements['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$pageElements['SUCCESS_ADD'] = $status;
if (isset($_GET['page']) && $_GET['page'] == "settings") {
helpers::loadtemplate('settings', $pageElements);
} else {
$pageElements['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('register_feedback', $pageElements);
}
throw new SystemExit();
} elseif (isset($_GET['page']) && $_GET['page'] == "settings") {
$pageElements = array_merge(settings(), $result);
// pass error and reload template accordingly
$pageElements['prevUsername'] = $_POST["Username"];
$pageElements['prevPassword'] = $_POST["Password"];
$pageElements['prevConfirmPass'] = $_POST["ConfirmPass"];
$pageElements['prevEmail'] = $_POST["Email"];
$pageElements['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$pageElements['do'] = "add_user";
helpers::loadtemplate('settings', $pageElements);
throw new SystemExit();
} else {
// pass error and reload template accordingly
$result['prevUsername'] = $_POST["Username"];
$result['prevPassword'] = $_POST["Password"];
$result['prevConfirmPass'] = $_POST["ConfirmPass"];
$result['prevEmail'] = $_POST["Email"];
$result['no_visible_elements'] = 'TRUE';
$pageElements['ingame_webpath'] = $INGAME_WEBPATH;
helpers::loadtemplate('register', $result);
throw new SystemExit();
}
}
/**
* This function is beign used to login a user.
* It will first check if the sent POST data returns a match with the DB, if it does, some session variables will be appointed to the user and he will be redirected to the index page again.
* If it didn't match, the template will be reloaded and a matching error message will be shown.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function login()
{
global $INGAME_WEBPATH;
global $WEBPATH;
try {
$login_value = filter_var($_POST['LoginValue'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['Password'], FILTER_SANITIZE_STRING);
//check if the filtered sent POST data returns a match with the DB
$result = WebUsers::checkLoginMatch($login_value, $password);
if ($result != "fail") {
//handle successful login
$_SESSION['user'] = $result['Login'];
$_SESSION['id'] = $result['UId'];
$_SESSION['ticket_user'] = serialize(Ticket_User::constr_ExternId($_SESSION['id']));
$user = new WebUsers($_SESSION['id']);
$_SESSION['Language'] = $user->getLanguage();
$GETString = "";
foreach ($_GET as $key => $value) {
$GETString = $GETString . $key . '=' . $value . "&";
}
if ($GETString != "") {
$GETString = '?' . $GETString;
}
//go back to the index page.
header("Cache-Control: max-age=1");
if (Helpers::check_if_game_client()) {
header('Location: ' . $INGAME_WEBPATH . $GETString);
} else {
header('Location: ' . $WEBPATH . $GETString);
}
throw new SystemExit();
} else {
//handle login failure
$result = array();
$result['login_error'] = 'TRUE';
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('login', $result);
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
function forgot_password()
{
$email = filter_var($_POST["Email"], FILTER_SANITIZE_EMAIL);
$target_id = WebUsers::getIdFromEmail($email);
if ($target_id == "FALSE") {
//the email address doesn't exist.
$result['prevEmail'] = $email;
$result['EMAIL_ERROR'] = 'TRUE';
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('forgot_password', $result);
throw new SystemExit();
}
$webUser = new WebUsers($target_id);
$target_username = $webUser->getUsername();
$target_hashedPass = $webUser->getHashedPass();
$hashed_key = hash('sha512', $target_hashedPass);
if (isset($_COOKIE['Language'])) {
$lang = $_COOKIE['Language'];
} else {
global $DEFAULT_LANGUAGE;
$lang = $DEFAULT_LANGUAGE;
}
global $AMS_TRANS;
$variables = parse_ini_file($AMS_TRANS . '/' . $lang . '.ini', true);
$mailText = array();
foreach ($variables['email'] as $key => $value) {
$mailText[$key] = $value;
}
//create the reset url
global $WEBPATH;
$resetURL = $WEBPATH . "?page=reset_password&user="******"&email=" . $email . "&key=" . $hashed_key;
//set email stuff
$recipient = $email;
$subject = $mailText['email_subject_forgot_password'];
$body = $mailText['email_body_forgot_password_header'] . $resetURL . $mailText['email_body_forgot_password_footer'];
Mail_Handler::send_mail($recipient, $subject, $body, NULL);
$result['EMAIL_SUCCESS'] = 'TRUE';
$result['prevEmail'] = $email;
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('forgot_password', $result);
throw new SystemExit();
}
function reset_password()
{
//filter all data
$email = filter_var($_GET["email"], FILTER_SANITIZE_EMAIL);
$user = filter_var($_GET["user"], FILTER_SANITIZE_STRING);
$key = filter_var($_GET["key"], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['NewPass'], FILTER_SANITIZE_STRING);
$confirmpass = filter_var($_POST['ConfirmNewPass'], FILTER_SANITIZE_STRING);
$target_id = WebUsers::getId($user);
$webUser = new WebUsers($target_id);
if (WebUsers::getIdFromEmail($email) == $target_id && hash('sha512', $webUser->getHashedPass()) == $key) {
$params = array('user' => $user, 'CurrentPass' => "dummy", 'NewPass' => $password, 'ConfirmNewPass' => $confirmpass, 'adminChangesOther' => true);
$result = $webUser->check_change_password($params);
if ($result == "success") {
$result = array();
$status = WebUsers::setPassword($user, $password);
if ($status == 'ok') {
$result['SUCCESS_PASS'] = "******";
} else {
if ($status == 'shardoffline') {
$result['SUCCESS_PASS'] = "******";
}
}
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('reset_success', $result);
throw new SystemExit();
}
$GETString = "";
foreach ($_GET as $key => $value) {
$GETString = $GETString . $key . '=' . $value . "&";
}
if ($GETString != "") {
$GETString = '?' . $GETString;
}
$result['getstring'] = $GETString;
$result['prevNewPass'] = $password;
$result['prevConfirmNewPass'] = $confirmpass;
$result['no_visible_elements'] = 'TRUE';
helpers::loadtemplate('reset_password', $result);
throw new SystemExit();
}
}
/**
* This function is beign used to change the users password.
* It will first check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* If the executing user tries to change someone elses password, he doesn't has to fill in the previous password. The password will be validated first. If the checking was successful the password will be updated and the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_password()
{
try {
//if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_POST['target_id'])) {
$adminChangesOther = false;
//if target_id is the same as session id or is admin
if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
if ($_POST['target_id'] == $_SESSION['id']) {
//if the password is of the executing user himself
$target_username = $_SESSION['user'];
} else {
//if the password is of someone else.
$webUser = new WebUsers($_POST['target_id']);
$target_username = $webUser->getUsername();
//isAdmin is true when it's the admin, but the target_id != own id
$adminChangesOther = true;
$_POST["CurrentPass"] = "******";
}
$webUser = new WebUsers($_POST['target_id']);
$params = array('user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
$result = $webUser->check_change_password($params);
if ($result == "success") {
//edit stuff into db
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$succresult = settings();
$status = WebUsers::setPassword($target_username, $_POST["NewPass"]);
if ($status == 'ok') {
$succresult['SUCCESS_PASS'] = "******";
} else {
if ($status == 'shardoffline') {
$succresult['SUCCESS_PASS'] = "******";
}
}
$succresult['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$succresult['no_visible_elements'] = 'FALSE';
$succresult['username'] = $_SESSION['user'];
$succresult['target_id'] = $_POST['target_id'];
helpers::loadtemplate('settings', $succresult);
throw new SystemExit();
} else {
$result['prevCurrentPass'] = filter_var($_POST["CurrentPass"], FILTER_SANITIZE_STRING);
$result['prevNewPass'] = filter_var($_POST["NewPass"], FILTER_SANITIZE_STRING);
$result['prevConfirmNewPass'] = filter_var($_POST["ConfirmNewPass"], FILTER_SANITIZE_STRING);
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['no_visible_elements'] = 'FALSE';
$result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$settings = settings();
$result = array_merge($result, $settings);
helpers::loadtemplate('settings', $result);
throw new SystemExit();
}
} else {
//ERROR: permission denied!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: The form was not filled in correclty
header("Cache-Control: max-age=1");
header("Location: index.php?page=settings");
throw new SystemExit();
}
} else {
//ERROR: user is not logged in
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
/**
* This function is beign used to change the users emailaddress info.
* It will first check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* The emailaddress will be validated first. If the checking was successful the email will be updated and the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_mail()
{
try {
//if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_POST['target_id'])) {
//check if the user who executed this function is the person of whom the emailaddress is or if it's a mod/admin.
if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
if ($_POST['target_id'] == $_SESSION['id']) {
//if the email is of the executing user himself
$target_username = $_SESSION['user'];
} else {
//if its from someone else.
$webUser = new WebUsers($_POST['target_id']);
$target_username = $webUser->getUsername();
}
$webUser = new WebUsers($_POST['target_id']);
//check if emailaddress is valid.
$reply = $webUser->checkEmail($_POST['NewEmail']);
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$result = settings();
if ($reply != "success") {
$result['EMAIL_ERROR'] = 'TRUE';
} else {
$result['EMAIL_ERROR'] = 'FALSE';
}
$result['prevNewEmail'] = filter_var($_POST["NewEmail"], FILTER_SANITIZE_EMAIL);
if ($reply == "success") {
//if validation was successful, update the emailaddress
$status = WebUsers::setEmail($target_username, filter_var($_POST["NewEmail"], FILTER_SANITIZE_EMAIL));
if ($status == 'ok') {
$result['SUCCESS_MAIL'] = "OK";
} else {
if ($status == 'shardoffline') {
$result['SUCCESS_MAIL'] = "SHARDOFF";
}
}
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['no_visible_elements'] = 'FALSE';
$result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
if (isset($_GET['id'])) {
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) && $_POST['target_id'] != $_SESSION['id']) {
$result['isMod'] = "TRUE";
}
}
helpers::loadtemplate('settings', $result);
throw new SystemExit();
} else {
$result['EMAIL'] = $reply;
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['no_visible_elements'] = 'FALSE';
$result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
if (isset($_GET['id'])) {
if (Ticket_User::isMod(unserialize($_SESSION['ticket_user'])) && $_POST['target_id'] != $_SESSION['id']) {
$result['isMod'] = "TRUE";
}
}
$result['CEMAIL_ERROR'] = true;
helpers::loadtemplate('settings', $result);
throw new SystemExit();
}
} else {
//ERROR: permission denied!
$_SESSION['error_code'] = "403";
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: The form was not filled in correctly
header("Location: index.php?page=settings");
throw new SystemExit();
}
} else {
//ERROR: user is not logged in
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
/**
* This function is beign used to change the users personal info.
* It will first check if the user who executed this function is the person of whom the information is or if it's a mod/admin. If this is not the case the page will be redirected to an error page.
* afterwards the current info will be loaded, which will be used to determine what to update. After updating the information, the settings template will be reloaded. Errors made by invalid data will be shown
* also after reloading the template.
* @author Daan Janssens, mentored by Matthew Lagoe
*/
function change_info()
{
try {
//if logged in
if (WebUsers::isLoggedIn()) {
if (isset($_POST['target_id'])) {
// check if the user who executed this function is the person of whom the information is or if it's a mod/admin.
if ($_POST['target_id'] == $_SESSION['id'] || Ticket_User::isMod(unserialize($_SESSION['ticket_user']))) {
if ($_POST['target_id'] == $_SESSION['id']) {
//if the info is of the executing user himself
$target_username = $_SESSION['user'];
} else {
//if the info is from someone else.
$webUser = new WebUsers($_POST['target_id']);
$target_username = $webUser->getUsername();
}
$webUser = new WebUsers($_POST['target_id']);
//use current info to check for changes
$current_info = $webUser->getInfo();
$current_info['FirstName'] = filter_var($current_info['FirstName'], FILTER_SANITIZE_STRING);
$current_info['LastName'] = filter_var($current_info['LastName'], FILTER_SANITIZE_STRING);
$current_info['Country'] = filter_var($current_info['Country'], FILTER_SANITIZE_STRING);
$current_info['Gender'] = filter_var($current_info['Gender'], FILTER_SANITIZE_NUMBER_INT);
$updated = false;
$values = array();
$values['user'] = $target_username;
//make the query that will update the data.
$query = "UPDATE ams_user SET ";
if ($_POST['FirstName'] != "" && $_POST['FirstName'] != $current_info['FirstName']) {
$query = $query . "FirstName = :fName ";
$updated = true;
$values['fName'] = filter_var($_POST['FirstName'], FILTER_SANITIZE_STRING);
}
if ($_POST['LastName'] != "" && $_POST['LastName'] != $current_info['LastName']) {
if ($updated) {
$query = $query . ", LastName = :lName ";
} else {
$query = $query . "LastName = :lName ";
}
$updated = true;
$values['lName'] = filter_var($_POST['LastName'], FILTER_SANITIZE_STRING);
}
if ($_POST['Country'] != "AA" && $_POST['Country'] != $current_info['Country']) {
if ($updated) {
$query = $query . ", Country = :country ";
} else {
$query = $query . "Country = :country ";
}
$updated = true;
$values['country'] = filter_var($_POST['Country'], FILTER_SANITIZE_STRING);
}
if ($_POST['Gender'] != $current_info['Gender']) {
if ($updated) {
$query = $query . ", Gender = :gender ";
} else {
$query = $query . "Gender = :gender ";
}
$updated = true;
$values['gender'] = filter_var($_POST['Gender'], FILTER_SANITIZE_NUMBER_INT);
}
//finish the query!
$query = $query . "WHERE Login = :user";
//if some field is update then:
if ($updated) {
//execute the query in the web DB.
$dbw = new DBLayer("web");
$dbw->execute($query, $values);
}
//reload the settings inc function before recalling the settings template.
global $SITEBASE;
require_once $SITEBASE . '/inc/settings.php';
$result = settings();
if ($updated) {
$result['info_updated'] = "OK";
}
$result['permission'] = unserialize($_SESSION['ticket_user'])->getPermission();
$result['username'] = $_SESSION['user'];
$result['no_visible_elements'] = 'FALSE';
$result['target_id'] = $_POST['target_id'];
global $INGAME_WEBPATH;
$result['ingame_webpath'] = $INGAME_WEBPATH;
helpers::loadtemplate('settings', $result);
throw new SystemExit();
} else {
//ERROR: permission denied!
$_SESSION['error_code'] = "403";
header("Cache-Control: max-age=1");
header("Location: index.php?page=error");
throw new SystemExit();
}
} else {
//ERROR: The form was not filled in correclty
header("Cache-Control: max-age=1");
header("Location: index.php?page=settings");
throw new SystemExit();
}
} else {
//ERROR: user is not logged in
header("Cache-Control: max-age=1");
header("Location: index.php");
throw new SystemExit();
}
} catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
throw new SystemExit();
}
}
