/**
* Processes loading of this sample code through a web browser.
*
* @return void
*/
function runWWWVersion()
{
session_start();
// Note that all calls to endHTML() below end script execution!
// Check to make sure that the user has set a password.
$p = LOGIN_PASSWORD;
if (empty($p)) {
startHTML(false);
displayPasswordNotSetNotice();
endHTML();
}
// Grab any login credentials that might be waiting in the request
if (!empty($_POST['password'])) {
if ($_POST['password'] == LOGIN_PASSWORD) {
$_SESSION['authenticated'] = 'true';
} else {
// Invalid password. Stop and display a login screen.
startHTML(false);
requestUserLogin("Incorrect password.");
endHTML();
}
}
// If the user isn't authenticated, display a login screen
if (!isset($_SESSION['authenticated'])) {
startHTML(false);
requestUserLogin();
endHTML();
}
// Try to login. If login fails, log the user out and display an
// error message.
try {
$client = getClientLoginHttpClient(GAPPS_USERNAME . '@' . GAPPS_DOMAIN, GAPPS_PASSWORD);
$gapps = new Zend_Gdata_Gapps($client, GAPPS_DOMAIN);
} catch (Zend_Gdata_App_AuthException $e) {
session_destroy();
startHTML(false);
displayAuthenticationFailedNotice();
endHTML();
}
// Success! We're logged in.
// First we check for commands that can be submitted either though
// POST or GET (they don't make any changes).
if (!empty($_REQUEST['command'])) {
switch ($_REQUEST['command']) {
case 'retrieveUser':
startHTML();
retrieveUser($gapps, true, $_REQUEST['user']);
endHTML(true);
case 'retrieveAllUsers':
startHTML();
retrieveAllUsers($gapps, true);
endHTML(true);
case 'retrieveNickname':
startHTML();
retrieveNickname($gapps, true, $_REQUEST['nickname']);
endHTML(true);
case 'retrieveNicknames':
startHTML();
retrieveNicknames($gapps, true, $_REQUEST['user']);
endHTML(true);
case 'retrieveAllNicknames':
startHTML();
retrieveAllNicknames($gapps, true);
endHTML(true);
case 'retrieveEmailLists':
startHTML();
retrieveEmailLists($gapps, true, $_REQUEST['recipient']);
endHTML(true);
case 'retrieveAllEmailLists':
startHTML();
retrieveAllEmailLists($gapps, true);
endHTML(true);
case 'retrieveAllRecipients':
startHTML();
retrieveAllRecipients($gapps, true, $_REQUEST['emailList']);
endHTML(true);
}
}
// Now we handle the potentially destructive commands, which have to
// be submitted by POST only.
if (!empty($_POST['command'])) {
switch ($_POST['command']) {
case 'createUser':
startHTML();
createUser($gapps, true, $_POST['user'], $_POST['givenName'], $_POST['familyName'], $_POST['pass']);
endHTML(true);
case 'updateUserName':
startHTML();
updateUserName($gapps, true, $_POST['user'], $_POST['givenName'], $_POST['familyName']);
endHTML(true);
case 'updateUserPassword':
startHTML();
updateUserPassword($gapps, true, $_POST['user'], $_POST['pass']);
endHTML(true);
case 'setUserSuspended':
if ($_POST['mode'] == 'suspend') {
startHTML();
suspendUser($gapps, true, $_POST['user']);
endHTML(true);
} elseif ($_POST['mode'] == 'restore') {
startHTML();
restoreUser($gapps, true, $_POST['user']);
endHTML(true);
} else {
header('HTTP/1.1 400 Bad Request');
startHTML();
echo "<h2>Invalid mode.</h2>\n";
echo "<p>Please check your request and try again.</p>";
endHTML(true);
}
case 'setUserAdmin':
if ($_POST['mode'] == 'issue') {
startHTML();
giveUserAdminRights($gapps, true, $_POST['user']);
endHTML(true);
} elseif ($_POST['mode'] == 'revoke') {
startHTML();
revokeUserAdminRights($gapps, true, $_POST['user']);
endHTML(true);
} else {
header('HTTP/1.1 400 Bad Request');
startHTML();
echo "<h2>Invalid mode.</h2>\n";
echo "<p>Please check your request and try again.</p>";
endHTML(true);
}
case 'setForceChangePassword':
if ($_POST['mode'] == 'set') {
startHTML();
setUserMustChangePassword($gapps, true, $_POST['user']);
endHTML(true);
} elseif ($_POST['mode'] == 'clear') {
startHTML();
clearUserMustChangePassword($gapps, true, $_POST['user']);
endHTML(true);
} else {
header('HTTP/1.1 400 Bad Request');
startHTML();
echo "<h2>Invalid mode.</h2>\n";
echo "<p>Please check your request and try again.</p>";
endHTML(true);
}
case 'deleteUser':
startHTML();
deleteUser($gapps, true, $_POST['user']);
endHTML(true);
case 'createNickname':
startHTML();
createNickname($gapps, true, $_POST['user'], $_POST['nickname']);
endHTML(true);
case 'deleteNickname':
startHTML();
deleteNickname($gapps, true, $_POST['nickname']);
endHTML(true);
case 'createEmailList':
startHTML();
createEmailList($gapps, true, $_POST['emailList']);
endHTML(true);
case 'deleteEmailList':
startHTML();
deleteEmailList($gapps, true, $_POST['emailList']);
endHTML(true);
case 'modifySubscription':
if ($_POST['mode'] == 'subscribe') {
startHTML();
addRecipientToEmailList($gapps, true, $_POST['recipient'], $_POST['emailList']);
endHTML(true);
} elseif ($_POST['mode'] == 'unsubscribe') {
startHTML();
removeRecipientFromEmailList($gapps, true, $_POST['recipient'], $_POST['emailList']);
endHTML(true);
} else {
header('HTTP/1.1 400 Bad Request');
startHTML();
echo "<h2>Invalid mode.</h2>\n";
echo "<p>Please check your request and try again.</p>";
endHTML(true);
}
}
}
// Check for an invalid command. If so, display an error and exit.
if (!empty($_REQUEST['command'])) {
header('HTTP/1.1 400 Bad Request');
startHTML();
echo "<h2>Invalid command.</h2>\n";
echo "<p>Please check your request and try again.</p>";
endHTML(true);
}
// If a menu parameter is available, display a submenu.
if (!empty($_REQUEST['menu'])) {
switch ($_REQUEST['menu']) {
case 'user':
startHTML();
displayUserMenu();
endHTML();
case 'nickname':
startHTML();
displayNicknameMenu();
endHTML();
case 'emailList':
startHTML();
displayEmailListMenu();
endHTML();
case 'logout':
startHTML(false);
logout();
endHTML();
default:
header('HTTP/1.1 400 Bad Request');
startHTML();
echo "<h2>Invalid menu selection.</h2>\n";
echo "<p>Please check your request and try again.</p>";
endHTML(true);
}
}
// If we get this far, that means there's nothing to do. Display
// the main menu.
// If no command was issued and no menu was selected, display the
// main menu.
startHTML();
displayMenu();
endHTML();
}
addAlert("danger", lang("ACCOUNT_SPECIFY_PASSWORD"));
apiReturnError($ajax, getReferralPage());
} else {
if (!passwordVerifyUF($passwordcheck, $loggedInUser->hash_pw)) {
//No match
addAlert("danger", lang("ACCOUNT_PASSWORD_INVALID"));
apiReturnError($ajax, getReferralPage());
}
}
}
// Prevent updating if someone attempts to update with the same password
if (passwordVerifyUF($password, $loggedInUser->hash_pw)) {
addAlert("danger", lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE"));
apiReturnError($ajax, getReferralPage());
}
if (!($password_hash = updateUserPassword($user_id, $password, $passwordc))) {
$error_count++;
} else {
// If we're updating for the currently logged in user, update their hash_pw field
if ($self) {
$loggedInUser->hash_pw = $password_hash;
}
$success_count++;
}
}
//Remove groups
if (!empty($rm_groups)) {
// Convert string of comma-separated group_id's into array
$group_ids_arr = explode(',', $rm_groups);
foreach ($group_ids_arr as $group_id) {
if (removeUserFromGroup($user_id, $group_id)) {
});
});
</script>
</head>
<body>
<?php
require_once 'requires.php';
require_once 'UI/navBar.php';
?>
<?php
if (isset($_POST['MY_ACCOUNT_FIRSTNAME']) && isset($_POST['MY_ACCOUNT_LASTNAME']) && isset($_POST['MY_ACCOUNT_EMAIL'])) {
updateUserInformation($user->id);
} else {
if (isset($_POST['MY_ACCOUNT_PASSWORD']) && isset($_POST['MY_ACCOUNT_VERIFY_PASSWORD'])) {
updateUserPassword($user->id);
}
}
?>
<div class="contents">
<div id="updateSuccess" class="alert alert-success">
<strong><i class="fa fa-check"></i>Success</strong> Your information has been successfully updated.
</div>
<div id="unmatchedPasswords" class="alert alert-danger">
<strong><i class="fa fa-times"></i>Unsuccessful</strong> Passwords do not match.
</div>
<h1>My Account</h1>
<?php
$userInformation = getCurrentUserInformation($user);
?>
$arrConstants = evaluate_Letter_Constants($arrLetterInfo["lettertype"]);
//Check if there is session email list to retrieve out
if (isset($_SESSION["arrUpdateEmails"])) {
$arrEmails = $_SESSION["arrUpdateEmails"];
} else {
$arrEmails = get_Unsended_EmailList($letterInfo->LetterID, $letterInfo->RecipientGroupName);
}
$arrContent = $_SESSION["arrContent"];
//Call the function to setup reviwer account
while (list($memberName, $email) = each($arrEmails)) {
//Update the mail log
$result = updateMailLog($memberName, $letterInfo->LetterID);
if ($result === true) {
//Successful Mail Log update
//Now update the user password
$result = updateUserPassword($memberName, $arrPassword[$memberName]);
//If can log the email
if ($result === true) {
//Successful Password Update
//Send Email to user
//~ $mail = new Mail();
//~ $mail -> Organization($conferenceInfo -> ConferenceCodeName);
//~ $mail -> ReplyTo($conferenceInfo -> ConferenceContact);
//~ $mail -> From($conferenceInfo -> ConferenceContact);
//~ $mail -> To($email);
//~ $mail -> Subject(stripslashes($arrLetterInfo["subject"]));
//~ $mail -> Body($arrContent[$memberName]);
//~ if ($arrLetterInfo["cc"] != "")
//~ $mail -> Cc($arrLetterInfo["cc"]);
//~ $mail -> Priority(1);
//~ $mail -> Send();
$error = true;
$show = 'securityForm';
}
break;
case 3:
//we are submitting a new password (only for encrypted)
if ($_POST['userID'] == '' || $_POST['key'] == '') {
header("location: ../index.php");
}
if (strcmp($_POST['pw0'], $_POST['pw1']) != 0 || trim($_POST['pw0']) == '') {
$error = true;
$show = 'recoverForm';
} else {
$error = false;
$show = 'recoverSuccess';
updateUserPassword($_POST['userID'], $_POST['pw0'], $_POST['key']);
}
break;
}
} elseif (isset($_GET['a']) && $_GET['a'] == 'recover' && $_GET['email'] != "") {
$show = 'invalidKey';
$result = checkEmailKey($_GET['email'], urldecode(base64_decode($_GET['u'])));
if ($result == false) {
$error = true;
$show = 'invalidKey';
} elseif ($result['status'] == true) {
$error = false;
$show = 'recoverForm';
$securityUser = $result['userID'];
}
}
if ($result == false) {
// key does not match our key.. bad key
header("Location: /dashboard/login");
} elseif ($result['status'] == true) {
// key is kewl
$securityUser = $result['userID'];
if (isset($_POST['reset'])) {
// need to escape characters
$password = sanitize($_POST['password']);
$confirm_password = sanitize($_POST['confirm_password']);
if (strcmp($password, $confirm_password) !== 0 || trim($password) === '') {
// passwords dont match or password was empty
$_SESSION['pass_match'] = true;
header("Refresh:0");
} else {
updateUserPassword($securityUser, $password, sanitize($_GET['email']));
// let user know it was successful and redirect to login
header("Location: /dashboard/login");
}
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="login">
/**
\brief User bearbeiten
Ändert die Daten eines Users
*/
function User_edit()
{
#check rights
$rank = $this->userdata['rights']['useredit']['rank'];
if (!$rank) {
#no permission
$this->_header("", "no permission");
}
$page = param_num("page", 1);
$id = param_num("id");
if (!$id) {
$this->_header();
}
$return = getUserByID($id);
if (!$return) {
$this->_header();
}
#check rights
if ($rank > 1 && $this->userdata['aid'] != $return['aid'] || $rank > 2 && $this->userdata['gala'] != $return['gala']) {
#no permission
$this->_header("", "no permission");
}
$data = $_SESSION['steps'];
#information message, step 2
if ($data['useredit']) {
#save step
unset($data['useredit']);
$_SESSION['steps'] = $data;
$this->forms['information']['url'] = $this->backtracking->backlink();
$this->forms['information']['title'] = "Benutzerdaten ändern";
$this->forms['information']['message'] = "Änderung erfolgreich";
$this->forms['information']['style'] = "green";
$this->show('message_information', "Benutzerdaten ändern");
}
#formular send
if ($this->userdata['rights']['changegroup']) {
$grouplist = getGroupList($this->userdata['rights']['changegroup']['rank']);
if ($return['gid']) {
for ($i = 0; $i < count($grouplist); $i++) {
if ($grouplist[$i]['gid'] == $return['gid']) {
$canchangegroup = true;
break;
}
}
} else {
$canchangegroup = true;
}
}
if ($canchangegroup) {
$this->template->assign("changegroup", 1);
} else {
$this->template->assign("group", $return['groupname']);
}
if ($rank == 1) {
$allylist = getAllyList();
} else {
$this->template->assign("ally", $this->userdata['tag']);
}
$this->template->assign("rank", $rank);
$galalist = array();
if ($_REQUEST['send']) {
$items['login']['value'] = param_str("login", true);
$items['nick']['value'] = param_str("nick", true);
$items['ircauth']['value'] = param_str("ircauth", true);
$items['pos']['value'] = param_num("pos", null, true);
$items['gala']['value'] = param_num("gala", null, true);
$password = param_str("password", true);
if ($rank == 1) {
$items['aid']['value'] = param_num("ally", 0, true);
#check allyid
if ($items['aid']['value']) {
$ally = 0;
for ($i = 0; $i < count($allylist); $i++) {
if ($items['aid']['value'] == $allylist[$i]['aid']) {
$ally =& $allylist[$i];
$ally['selected'] = "selected";
break;
}
}
}
if (!$ally) {
$this->_header("", "Ungültige Allianzid!");
}
} else {
$items['aid']['value'] = $this->userdata['aid'];
}
#check gala
if ($rank < 3) {
$galalist = getGalaListbyAlly($items['aid']['value']);
if (!$galalist) {
$errors[] = "Die Allianz hat keine Galaxien!";
$galalist[] = array("gala" => "keine");
}
} else {
$items['gala']['value'] = $this->userdata['gala'];
$this->template->assign("gala", $this->userdata['gala']);
}
if ($_REQUEST['next_x']) {
if (!$items['nick']['value']) {
$errors[] = "Nickname darf nicht leer sein!";
$items['nick']['bgrd'] = '_error';
}
if (!$items['login']['value']) {
$errors[] = "Login darf nicht leer sein!";
$items['login']['bgrd'] = '_error';
}
if (!$items['pos']['value']) {
$items['pos']['bgrd'] = '_error';
$errors[] = "Die Position darf nicht leer sein!";
}
if ($canchangegroup) {
#check gid
$items['gid']['value'] = param_num('group', 0, true);
if ($items['gid']['value']) {
$group = 0;
for ($i = 0; $i < count($grouplist); $i++) {
if ($items['gid']['value'] == $grouplist[$i]['gid']) {
$group =& $grouplist[$i];
$group['selected'] = "selected";
break;
}
}
if (!$group) {
$this->_header();
}
}
} else {
$items['gid']['value'] = $return['gid'];
}
#check nickname
if ($items['nick']['value'] && strtolower($items['nick']['value']) != strtolower($return['nick']) && getUserByNick($items['nick']['value'])) {
$errors[] = 'User existiert bereits!';
$items['nick']['bgrd'] = '_error';
}
#check login
if ($items['login']['value'] && strtolower($items['login']['value']) != strtolower($return['login']) && getUserByLogin($items['login']['value'])) {
$errors[] = 'Login existiert bereits!';
$items['login']['bgrd'] = '_error';
}
#check galaid
if ($items['gala']['value'] && $rank < 3) {
$galaxy = 0;
for ($i = 0; $i < count($galalist); $i++) {
if ($items['gala']['value'] == $galalist[$i]['gala']) {
$galaxy =& $galalist[$i];
$galaxy['selected'] = "selected";
break;
}
}
if (!$galaxy) {
$this->_header("index.php", "Ungültige Galaid!");
}
}
if (!$errors && ($return['gala'] != $items['gala']['value'] || $return['pos'] != $items['pos']['value'])) {
$chkuser = getUserByPos($items['gala']['value'], $items['pos']['value']);
if ($chkuser) {
$errors[] = "User existiert bereits, <a href=\"admin.php?action=userdetails&id=" . $chkuser['uid'] . "\">" . $chkuser['nick'] . " (" . $chkuser['gala'] . ":" . $chkuser['pos'] . ")</a>";
$items['pos']['bgrd'] = '_error';
}
}
if (!$errors) {
#save step
$data['useredit'] = 1;
$_SESSION['steps'] = $data;
if ($password) {
#eigenes pw geändert
if ($return['uid'] == $this->userdata['uid']) {
updateUserPassword($return['uid'], $password);
$sessionuserdata['id'] = $this->userdata['uid'];
$sessionuserdata['password'] = md5($password);
$_SESSION['sessionuserdata'] = $sessionuserdata;
} else {
updatePassword($return['uid'], $password);
}
addToLogfile("Passwort von " . $return['nick'] . " geändert", "Admin", $this->userdata['uid']);
}
addToLogfile("User " . $return['nick'] . " bearbeitet", "Admin", $this->userdata['uid']);
updateAdminUser($return['uid'], $items['nick']['value'], $items['login']['value'], $items['gala']['value'], $items['pos']['value'], $items['gid']['value'], $items['ircauth']['value']);
$this->_header("admin.php?action=edituser&id=" . $return['uid'] . "&send");
}
}
} else {
if ($return['gid'] && $this->userdata['rights']['changegroup']) {
for ($i = 0; $i < count($grouplist); $i++) {
if ($return['gid'] == $grouplist[$i]['gid']) {
$grouplist[$i]['selected'] = "selected";
break;
}
}
}
if ($rank == 1) {
#select ally
for ($i = 0; $i < count($allylist); $i++) {
if ($return['aid'] == $allylist[$i]['aid']) {
$ally =& $allylist[$i];
$ally['selected'] = "selected";
break;
}
}
}
if ($rank < 3) {
$galalist = getGalaListbyAlly($return['aid']);
if (!$galalist) {
$errors[] = "Die Allianz hat keine Galaxien!";
$galalist[] = array("gala" => "keine");
} else {
#select gala
for ($i = 0; $i < count($galalist); $i++) {
if ($return['gala'] == $galalist[$i]['gala']) {
$galalist[$i]['selected'] = "selected";
break;
}
}
}
} else {
$this->template->assign("gala", $this->userdata['gala']);
}
$items['ircauth']['value'] = $return['ircauth'];
$items['nick']['value'] = $return['nick'];
$items['login']['value'] = $return['login'];
$items['pos']['value'] = $return['pos'];
}
$this->template->assign("errors", $errors);
$this->template->assign("galalist", $galalist);
$this->template->assign("allylist", $allylist);
if (!$items['ircauth']['value']) {
$items['ircauth']['bgrd'] = "_optional";
}
if (!$items['password']['value']) {
$items['password']['bgrd'] = "_optional";
}
$this->template->assign("items", $items);
$this->template->assign("grouplist", $grouplist);
$this->template->assign("id", $return['uid']);
$this->template->assign("username", $return['nickname']);
$this->show('user_edit_form', "Benutzerdaten ändern");
}
function rememberPassword($email)
{
$return = returnValue();
getDBCredentials('X');
// validate email format
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$return->value = false;
$return->msg = "Invalid email format";
return $return;
}
$user = selectUserByEmail($email);
if (!$user) {
$return->value = false;
$return->msg = "Email not in DB";
return $return;
}
$newPassword = randomPassword();
$password = hash('sha256', $newPassword);
require_once 'PHPMailer/class.phpmailer.php';
$mail = new PHPMailer();
$mail->CharSet = 'UTF-8';
$mail->SetFrom('*****@*****.**', 'SecureCodingTeam6');
$mail->SMTPAuth = true;
$mail->Host = "smtp.gmail.com";
$mail->SMTPSecure = "ssl";
$mail->Username = "******";
$mail->Password = "******";
$mail->Port = "465";
$mail->isSMTP();
$mail->AddAddress($user->EMAIL, $user->FIRST_NAME . " " . $user->LAST_NAME);
$mail->Subject = "New Password";
$mail->MsgHTML("Your new password is " . $newPassword);
$mail->send();
updateUserPassword($user->ID, $password);
$return->value = true;
$return->msg = "Your password successfully sent your e-mail address";
return $return;
}
/** Undocumented Function.
* Basically performs the whole login routine
* @todo Document it
*/
function login()
{
$allow_login_query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'allow_login'";
$allow_login_result = mysql_query($allow_login_query);
$allow_login_result = mysql_fetch_array($allow_login_result);
if (isset($_GET['subaction'])) {
if ($_GET['subaction'] == "resetPasswd") {
return resetPasswd($allow_login_result[0]);
}
if ($allow_login_result[0]) {
if ($_GET['subaction'] == "register") {
require_once "registration.lib.php";
return register();
}
}
global $openid_enabled;
if ($openid_enabled == 'true' && $allow_login_result[0]) {
if ($_GET['subaction'] == "openid_login") {
if (isset($_POST['process'])) {
$openid_url = trim($_POST['openid_identifier']);
openid_endpoint($openid_url);
}
}
if ($_GET['subaction'] == "openid_verify") {
if ($_GET['openid_mode'] != "cancel") {
$openid_url = $_GET['openid_identity'];
// Get the user's OpenID Identity as returned to us from the OpenID Provider
$openid = new Dope_OpenID($openid_url);
//Create a new Dope_OpenID object.
$validate_result = $openid->validateWithServer();
//validate to see if everything was recieved properly
if ($validate_result === TRUE) {
$userinfo = $openid->filterUserInfo($_GET);
return openid_login($userinfo);
} else {
if ($openid->isError() === TRUE) {
// Else if you're here, there was some sort of error during processing.
$the_error = $openid->getError();
$error = "Error Code: {$the_error['code']}<br />";
$error .= "Error Description: {$the_error['description']}<br />";
} else {
//Else validation with the server failed for some reason.
$error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}";
}
}
} else {
displayerror("User cancelled the OpenID authorization");
}
}
if ($_GET['subaction'] == "openid_pass") {
if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
displayerror("You are trying to link an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
return;
} else {
$openid_url = $_SESSION['openid_url'];
$openid_email = $_SESSION['openid_email'];
unset($_SESSION['openid_url']);
unset($_SESSION['openid_email']);
if (!isset($_POST['user_password'])) {
displayerror("Empty Passwords not allowed");
return;
}
$user_passwd = $_POST['user_password'];
$info = getUserInfo($openid_email);
if (!$info) {
displayerror("No user with Email {$openid_email}");
} else {
$check = checkLogin($info['user_loginmethod'], $info['user_name'], $openid_email, $user_passwd);
if ($check) {
//Password was correct. Link the account
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $info['user_id'] . ")";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=openid_pass while trying to Link OpenID account");
if ($result) {
displayinfo("Account successfully Linked. Log In one more time to continue.");
}
} else {
displayerror("The password you specified was incorrect");
}
}
}
}
if ($_GET['subaction'] == "quick_openid_reg") {
if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
displayerror("You are trying to register an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
return;
} else {
$openid_url = $_SESSION['openid_url'];
$openid_email = $_SESSION['openid_email'];
unset($_SESSION['openid_url']);
unset($_SESSION['openid_email']);
if (!isset($_POST['user_name']) || $_POST['user_name'] == "") {
displayerror("You didn't specified your Full name. Please <a href=\"./+login\">Login</a> again.");
return;
}
$openid_fname = escape($_POST['user_name']);
//Now let's start making the dummy user
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`,`user_loginmethod`) " . "VALUES ('" . $openid_email . "', '" . $openid_email . "','" . $openid_fname . "','0',1,'openid');";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to insert information of new account");
if ($result) {
$id = mysql_insert_id();
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $id . ")";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to Link OpenID account");
if ($result) {
displayinfo("Account successfully registered. You can now login via OpenID. Please complete your profile information after logging in.");
}
}
return "";
}
}
}
}
if (!isset($_POST['user_email'])) {
return loginForm($allow_login_result[0]);
} else {
/*if it is,
then userLDAPVerify($user_email,$user_passwd);
if the password is correct, update his password in DB
else $dontloginLDAP = true;
}
else {
if(userLDAPVerify($user_email,$user_passwd)) {
create his row in DB with loginmethod = ldap and user_activated = 1
(for this, use the createUser funciton in common.lib.php)
}
}*/
global $cookieSupported;
$login_status = false;
if ($cookieSupported == true) {
if ($_POST['user_email'] == "" || $_POST['user_password'] == "") {
displayerror("Blank e-mail or password NOT allowed. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
return loginForm($allow_login_result[0]);
} else {
$user_email = escape($_POST['user_email']);
$user_passwd = escape($_POST['user_password']);
$login_method = '';
if (!check_email($user_email)) {
displayerror("Your E-Mail Provider has been blackilisted. Please contact the website administrator");
return loginForm($allow_login_result[0]);
}
if ($temp = getUserInfo($user_email)) {
// check if exists in DB
$login_status = checkLogin($temp['user_loginmethod'], $temp['user_name'], $user_email, $user_passwd);
// This is to make sure when user logs in through LDAP, ADS or IMAP accounts, his passwords should be changed in database also, incase its old.
if ($login_status) {
updateUserPassword($user_email, $user_passwd);
}
//update passwd in db
} else {
//if user is not in db
global $authmethods;
if (strpos($user_email, '@') > -1) {
$tmp = explode('@', $user_email);
$user_name = $tmp[0];
$user_domain = strtolower($tmp[1]);
} else {
$user_name = $user_email;
}
if (isset($user_domain) && $user_domain == $authmethods['imap']['user_domain']) {
if ($login_status = checkLogin('imap', $user_name, $user_email, $user_passwd)) {
$login_method = 'imap';
}
} elseif (isset($user_domain) && $user_domain == $authmethods['ads']['user_domain']) {
if ($login_status = checkLogin('ads', $user_name, $user_email, $user_passwd)) {
$login_method = 'ads';
}
} elseif (isset($user_domain) && $user_domain == $authmethods['ldap']['user_domain']) {
if ($login_status = checkLogin('ldap', $user_name, $user_email, $user_passwd)) {
$login_method = 'ldap';
}
}
if ($login_status) {
//create new user in db and activate the user (only if user's login is valid)
$user_fullname = strtoupper($user_name);
$user_md5passwd = md5($user_passwd);
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_loginmethod`, `user_activated`) " . "VALUES (DEFAULT, '{$user_name}', '{$user_email}', '{$user_fullname}', '{$user_md5passwd}', '{$login_method}', '1')";
mysql_query($query) or die(mysql_error() . " creating new user !");
} else {
displaywarning("Incorrect username and/or password for <b>" . (isset($user_domain) ? $user_domain . "</b> domain!" : $user_name . "</b> user"));
}
}
if ($login_status) {
$temp = getUserInfo($user_email);
if (!$temp['user_activated']) {
displayinfo("The e-mail has not yet been verified. Kindly check your email and click on verification link. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
// if user exists in db and admin has set user_activated = false delibrately
// then it means that the user has been denied access !!!
} else {
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` ='{$temp['user_id']}'";
mysql_query($query) or die(mysql_error() . " in login.lib.L:111");
$_SESSION['last_to_last_login_datetime'] = $temp['user_lastlogin'];
setAuth($temp['user_id']);
//exit();
//displayinfo("Welcome " . $temp['user_name'] . "!");
return $temp['user_id'];
}
} else {
displaywarning("Wrong E-mail or password. <a href='./+login&subaction=resetPasswd'>Lost Password?</a><br />");
return loginForm($allow_login_result[0]);
}
}
return 0;
} else {
showCookieWarning();
return 0;
}
}
}
$firstName = "";
$lastName = "";
$name = $results['first_name'] . " " . $results['last_name'];
updateUserName($userID, $firstName, $lastName);
}
if (!empty($usernamerovided)) {
echo "<p>changing username </p>";
updateUserUsername($userID, $usernamerovided);
}
if (!empty($emailProvided)) {
echo "<p>changing email </p>";
updateUserEmail($userID, $emailProvided);
}
if (!empty($passwordProvided)) {
echo "<p>changing password </p>";
updateUserPassword($userID, $passwordProvided);
}
if ($deleteRequested) {
delete_user_account($userID);
}
}
?>
</div>
<!-- right side -->
<div class="col-md-3"></div>
</div>
</body>
</html>
<?php
include 'includes/overall/footer.php';
<?php
require_once "../../../../include/config.php";
if ($_REQUEST) {
$userId = $_REQUEST['userId'];
$oldPassword = test_input($_REQUEST['oldPassword']);
$newPassword = test_input($_REQUEST['newPassword']);
$reNewPassword = test_input($_REQUEST['reNewPassword']);
if ($newPassword == $reNewPassword) {
// its ok lets go
if (updateUserPassword($userId, $newPassword)) {
successRegisterMessage($successMessage);
} else {
failedRegisterMessage($notValidInputMessage);
}
} else {
failedRegisterMessage($notMatchPasswords);
}
} else {
echo "error";
}
<?php
require_once __DIR__ . "/../config.php";
require_once INCLUDES_PATH . "/authentication.php";
require_once TEMPLATES_PATH . "/utils.php";
require_once DATABASE_PATH . "/user.php";
if (!isUserLoggedIn()) {
showError("You need to be logged in to access this page");
die;
}
if (isset($_POST['submit'])) {
if (isset($_POST['old_password']) && isset($_POST['new_password']) && isset($_POST['new_password_confirm'])) {
try {
$old_password = $_POST['old_password'];
$new_password = $_POST['new_password'];
$new_password_confirm = $_POST['new_password_confirm'];
$userID = getUserID();
if ($new_password != $new_password_confirm) {
showError("New password confirmation doesn't match new password.");
} else {
updateUserPassword($userID, $old_password, $new_password);
showSuccess("User profile edited.");
}
} catch (Exception $e) {
showError($e->getMessage());
}
} else {
showError("User information missing.");
}
}
/*
this section for options for members that
can modify profile info, update picture and upload submition
if will diplay proper info on the back pannel
this includes officers and the member that owns the profile
*/
print_r($_FILES);
if (isset($request_obj->arg[1])) {
if ($request_obj->arg[1] == "updateProfile") {
updateMemberProfile($request_obj);
}
if ($request_obj->arg[1] == "uploadPic") {
uploadMemberPicture($request_obj);
}
if ($request_obj->arg[1] == "updatePass") {
updateUserPassword($request_obj, $error);
}
if ($request_obj->arg[1] == "submitionUpload") {
$tabs['profile_section'] = "closed-section";
$tabs['submit_section'] = "open-section";
$tabs['profile_tab'] = "closed-tab";
$tabs['submit_tab'] = "open-tab";
uploadMemberSubmitions($request_obj);
}
if ($request_obj->arg[1] == "updateEmail") {
updateUserEmail($request_obj);
}
if ($request_obj->arg[1] == "updateQuote") {
updatPesonalQuote($request_obj);
}
}
function changePassword()
{
$data = $_SESSION['steps'];
#information message, step 2
if ($data['changepwd']) {
#save registration step
unset($data['changepwd']);
$_SESSION['steps'] = $data;
$this->forms['information']['action'] = "";
$this->forms['information']['url'] = $this->backtracking->backlink();
$this->forms['information']['title'] = "Passwort ändern";
$this->forms['information']['message'] = "Passwortänderung erfolgreich";
$this->forms['information']['style'] = "green";
$this->show('message_information', "Passwort ändern");
}
#formular send
if ($_REQUEST['step']) {
$items['oldpassword'] = param_str("oldpassword", true);
$items['password'] = param_str("password", true);
$items['password2'] = param_str("password2", true);
$errors = false;
#check if empty
foreach ($items as $key => $value) {
if (!$value) {
$this->forms['changepwd']['fields'][$key]['error'] = 'Feld darf nicht leer sein!';
$this->forms['changepwd']['fields'][$key]['bgrd'] = '_error';
$errors = true;
} else {
$this->forms['changepwd']['fields'][$key]['value'] = $value;
}
}
#check passwords
if (!$errors && $items['password'] != $items['password2']) {
$errors = true;
$this->forms['changepwd']['fields']['password']['error'] = 'Passwörter müssen gleich sein!';
$this->forms['changepwd']['fields']['password']['bgrd'] = '_error';
$this->forms['changepwd']['fields']['password2']['error'] = 'Passwörter müssen gleich sein!';
$this->forms['changepwd']['fields']['password2']['bgrd'] = '_error';
}
#check old password
if (!$errors && $this->userdata['password'] != md5($items['oldpassword'])) {
$errors = true;
$this->forms['changepwd']['fields']['oldpassword']['error'] = 'Passwort ungültig!';
$this->forms['changepwd']['fields']['oldpassword']['bgrd'] = '_error';
}
if (!$errors) {
updateUserPassword($this->userdata['uid'], $items['password']);
$sessionuserdata['id'] = $this->userdata['uid'];
$sessionuserdata['password'] = md5($items['password']);
$_SESSION['sessionuserdata'] = $sessionuserdata;
addToLogfile("Passwort geändert", "User", $this->userdata['uid']);
#save step
$data['changepwd'] = 1;
$_SESSION['steps'] = $data;
$this->_header("user.php?action=changepwd&send");
}
}
if ($this->userdata['changepw']) {
$this->forms['changepwd']['message'] = "Sie müssen ihr Passwort jetzt ändern !";
}
$this->forms['changepwd']['url'] = 'user.php';
$this->forms['changepwd']['action'] = 'changepwd';
$this->show('user_changepwd_form', "Passwort ändern");
}
if (!isset($USER->id)) {
return;
}
require 'queries/userQueries.php';
$PAGE->id = 'authNewPassword';
//check PUT object for password from front end
parse_str(file_get_contents("php://input"), $_PUT);
if (isset($_PUT['password']) && !empty($_PUT['password'])) {
$newPassword = $_PUT['password'];
} else {
return errorHandler("missing password", 503);
}
//print debug statement
if ($SERVERDEBUG) {
echo "\r\n inputs:";
echo json_encode($newPassword);
}
//create passwordHash for db
$passwordHash = password_hash($newPassword, PASSWORD_BCRYPT, array('cost' => 11));
//setup for query
$stmt = updateUserPassword($DB, $USER->id, $passwordHash);
if (!$stmt) {
return;
}
// createNewList already send error.
if (!$stmt->execute()) {
return errorHandler("failed to create this user {$stmt->errno}: {$stmt->error}");
}
if ($stmt->affected_rows != 1) {
return errorHandler("Updated {$stmt->affected_rows} rows", 503);
}
<?php
session_start();
if (!isset($_SESSION['user'])) {
header('Location: index.php');
}
require_once 'db_connect.php';
echo "<br> <script type='text/javascript'> \$('#welcomeMsg').text('Welcome " . $_SESSION['user'] . "'); </script>";
if (isset($_POST['submit'])) {
updateUserPassword();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>E-Learning</title>
<link href="css/zerogrid.css" type="text/css" rel="stylesheet" />
<link href="css/main.css" type="text/css" rel="stylesheet"/>
<link rel="stylesheet" type="text/css" href="css/style.css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
<script>
$(function(){
$("form").submit(function(){
var newPass=$("#newpassword").val();
var rePass=$("#repassword").val();
if(newPass!=rePass)
{
$("#passError").show();