function verify($pseudo, $password, $password_verification, $email)
{
//verification pseudo
$pseudo_verification = verify_pseudo($pseudo);
//verification mots de passe
$passwords_verification = verify_passwords($password, $password_verification);
//verification email
$email_verification = verify_email($email);
return $pseudo_verification and $passwords_verification and $email_verification;
}
function nm_invite_email($emails, $message)
{
$user = wp_get_current_user();
$subject = 'Join ' . nm_user_public_name($user->ID) . ' at ' . get_bloginfo() . '!';
$emails = explode(',', $emails);
$headers = "";
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: admin@hotcars.com' . "\r\n";
$headers .= 'Subject: ' . $subject . "\r\n";
$email_message = '<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Join me at ' . get_bloginfo() . '!</title></head>
<body style="font-family:Verdana, Arial, Helvetica, sans-serif;color:#fff;font-size:13px;background:#000;color:#fff;">
<!-- top -->
<table cellspacing="0" cellpadding="0" border="0" align="center" style="border:#000 1px solid;padding:0;width:548px;">
<tr>
<td valign="top" style="width:358px;height:91px;padding:0 0 1px 0;background:#000;vertical-align:top;">
<a href="' . get_bloginfo('wpurl') . '" style="text-decoration:none;margin:0;padding:0;"><img src="' . get_bloginfo('stylesheet_directory') . '/images/email/header1.jpg" width="358" height="91" border="0" style="margin:0;padding:0;" alt="' . get_bloginfo() . ' logo" /></a>
</td>
<td valign="top" style="width:190px;height:91px;padding:0 0 1px 0;background:#000;vertical-align:top;">
<a href="' . get_bloginfo('wpurl') . '/forums/register.php" style="text-decoration:none;margin:0;padding:0;">
<img src="' . get_bloginfo('stylesheet_directory') . '/images/email/header2.jpg" width="190" height="91" border="0" style="margin:0;padding:0;" alt="Login to ' . get_bloginfo('wpurl') . '" />
</a>
</td>
</tr>
<tr>
<td colspan="2" valign="top" style="width:518px;padding:20px 15px 20px 15px;font-family:Verdana, Arial, Helvetica, sans-serif;font-size:13px;background:#333;color:#fff;">
<div style="font-size:16px;font-weight:bold;padding:0 0 6px 0;color:#fff;">Check out <a style="color:#fff;" href="' . get_bloginfo('wpurl') . '">' . get_bloginfo(wpurl) . '</a>!</div>
<strong>' . nm_user_public_name($user->ID) . '</strong> has personally invited you to join ' . get_bloginfo() . ':<br /><br />
<span style="padding-left:10px;"><em>' . $message . '</em></span><br /><br />
<a style="color:#fff;" href="' . get_bloginfo('wpurl') . '/forums/register.php">Sign up today</a>!<br /><br />
</td></tr></table></body></html>';
for ($i = 0; $i < count($emails); $i++) {
$emails[$i] = trim($emails[$i]);
if (verify_email($emails[$i])) {
global $wpdb;
mail($emails[$i], $subject, $email_message, $headers);
$errors = "<p class='message success'>Your Friend Invitations have been successfully sent!</p>";
}
}
return $errors;
}
function email_verifier($email)
{
if (verify_email($email)) {
// E-mail address looks to be in the proper format
// lets check the MX records
if (verify_email_dns($email)) {
// E-mail passed both checks
// echo 'Success - E-mail address appears to be valid.';
} else {
// E-mail is invalid, no MC record
echo "<script>alert('Error - E-mail domain does not have an MX record.');</script>";
echo "<script>top.window.location='post_cv.php';</script>";
exit;
}
} else {
// E-mail inst formatted correctly
// so we don't even check its MX record
echo "<script>alert('Error - E-mail address appears to be invalid.');</script>";
echo "<script>top.window.location='post_cv.php';</script>";
exit;
}
}
if (!$user_row) {
exit(json_encode(array('error' => 'internal_error')));
}
if (!password_verify($old_password, $user_row['hash'])) {
exit(json_encode(array('error' => 'invalid_credentials')));
}
$change_email = "";
if ($user_row['email'] !== $email) {
$valid_email_regex = "/^[a-zA-Z0-9.!#\$%&'*+\\/=?^_`{|}~-]+" . "@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?" . "(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\$/";
if (!preg_match($valid_email_regex, $email)) {
exit(json_encode(array('error' => 'invalid_email')));
}
$result = $conn->query("SELECT COUNT(id) AS count FROM users WHERE email = '{$email}'");
$matching_email_row = $result->fetch_assoc();
if ($matching_email_row['count'] !== '0') {
exit(json_encode(array('error' => 'email_taken')));
}
$escaped_email = $conn->real_escape_string($email);
$change_email = "email = '{$escaped_email}', email_verified = 0";
verify_email($user, $user_row['username'], $email);
}
$change_password = "";
if ($new_password !== '') {
$hash = password_hash($new_password, PASSWORD_BCRYPT);
$change_password = "******";
}
$set_clause = implode(', ', array_filter(array($change_email, $change_password)));
if ($set_clause) {
$conn->query("UPDATE users SET {$set_clause} WHERE id={$user}");
}
exit(json_encode(array('success' => true)));
echo "<script>location.href = 'index.php'</script>";
} else {
}
?>
</div>
</div>
</section>
<!-- Footer -->
<?php
include "templates/footer.html";
if (isset($_POST['newm'])) {
echo "<script>location.href = '#openMessage'</script>";
} else {
if (isset($_POST['send'])) {
if (verify_email($_POST['to'], $result) == 1) {
session_start();
$variable = $_SESSION['usuario'];
$sql0 = "select nombre,apellidos from usuarios where usuario = '" . $variable . "';";
$resul_co = mysqli_query($con, $sql0);
while ($row = mysqli_fetch_array($resul_co)) {
$nombre = $row[0] . " " . $row[1];
}
$sql1 = "select usuario from usuarios where email = '" . $_POST['to'] . "';";
$resul_co1 = mysqli_query($con, $sql1);
while ($row1 = mysqli_fetch_array($resul_co1)) {
$para = $row1[0];
}
$fecha = date("j/m/Y, g:i a");
$insert_user = "******" . $para . "','" . $nombre . "',null,'" . $fecha . "','" . $_POST['asunto'] . "','" . $_POST['message'] . "')";
$r_query1 = mysqli_query($con, $insert_user);
function main_validation($email, $password1, $password2, $fname, $lname, $sex)
{
if (verify_email($email) == true and verify_password($password1, $password2, $lname) == true and validate_sex($sex) == true) {
//$username = validate_username($username);
$password = sha1($password1);
$cxn = $GLOBALS['cxn'];
$last_ip = $_SERVER['REMOTE_ADDR'];
$priv = "user";
$query = "INSERT INTO user_list (email, password, first_name, last_name, date_added, last_login, last_ip, privlege_level, sex) \n\t\t\t\tVALUES(?, ?, ?, ?, NOW(), NOW(), ?, ?, ?)";
$stm2 = $cxn->prepare($query);
if ($GLOBALS['$debug'] == true) {
echo $email . "..." . $password . "..." . $fname . "..." . $lname . "..." . $last_ip . "..." . $priv . "..." . $sex;
}
$stm2->bind_param("sssssss", $email, $password, $fname, $lname, $last_ip, $priv, $sex);
$stm2->execute();
$stm2->close();
// pull user ID for session data
$uid = get_user_id($email);
//// set session infos
$_SESSION['signed_in'] = true;
$_SESSION['fname'] = $fname;
$_SESSION['email'] = $email;
$_SESSION['user_id'] = $uid;
$_SESSION['privleges'] = "user";
//$_SESSION['city'] = $city;
//$_SESSION['state'] = $state;
return true;
} else {
$_SESSION['signed_in'] = false;
return false;
}
}
function do_userform($formatter, $options)
{
global $DBInfo;
$user =& $DBInfo->user;
# get cookie
$id = !empty($options['login_id']) ? $options['login_id'] : '';
$use_any = 0;
if (!empty($DBInfo->use_textbrowsers)) {
if (is_string($DBInfo->use_textbrowsers)) {
$use_any = preg_match('/' . $DBInfo->use_textbrowsers . '/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
} else {
$use_any = preg_match('/Lynx|w3m|links/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
}
}
$options['msg'] = '';
# e-mail conformation
if (!empty($options['ticket']) and $id and $id != 'Anonymous') {
$userdb =& $DBInfo->udb;
$suspended = false;
if ($userdb->_exists($id)) {
$user = $userdb->getUser($id);
} else {
if ($userdb->_exists($id, 1)) {
// suspended user
$suspended = true;
$user = $userdb->getUser($id, 1);
}
}
if ($user->id == $id) {
if ($user->info['eticket'] == $options['ticket']) {
list($dummy, $email) = explode('.', $options['ticket'], 2);
$user->info['email'] = $email;
$user->info['eticket'] = '';
if ($suspended) {
if (empty($DBInfo->register_confirm_admin)) {
$userdb->activateUser($id);
$userdb->saveUser($user);
} else {
$userdb->saveUser($user, array('suspended' => 1));
}
} else {
$userdb->saveUser($user);
}
$title = _("Successfully confirmed");
$options['msg'] = _("Your e-mail address is confirmed successfully");
if (!empty($DBInfo->register_confirm_admin)) {
$options['msg'] .= "<br />" . _("Your need to wait until your ID activated by admin");
}
} else {
if ($user->info['nticket'] == $options['ticket']) {
$title = _("Successfully confirmed");
$user->info['nticket'] = '';
$user->info['password'] = $user->info['npassword'];
$user->info['npassword'] = '';
$userdb->saveUser($user);
$options['msg'] = _("Your new password is confirmed successfully");
} else {
$title = _("Confirmation missmatched !");
$options['msg'] = _("Please try again to register your e-mail address");
}
}
} else {
if ($suspended) {
$title = _("Please wait until your ID is confirmed by admin!");
} else {
$title = _("ID does not exist !");
}
$options['msg'] = _("Please try again to register your e-mail address");
}
$formatter->send_header("", $options);
$formatter->send_title($title, "", $options);
$formatter->send_footer("", $options);
return '';
}
$title = '';
if ($user->id == "Anonymous" and !empty($options['emailreset'])) {
setcookie('MONI_VERIFIED_EMAIL', '', time() - 3600, get_scriptname());
$options['msg'] .= '<br />' . _("Verification E-mail removed.");
$options['verifyemail'] = '';
$user->verified_email = '';
} else {
if ($user->id == "Anonymous" and !empty($options['login']) and !empty($options['verify_email'])) {
$email = base64_decode($options['login']);
$ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $email, 10));
if ($ticket == $options['verify_email']) {
$options['msg'] .= '<br />' . _("Your email address is successfully verified.");
$user->verified_email = $email;
setcookie('MONI_VERIFIED_EMAIL', $email, time() + 60 * 60 * 24 * 30, get_scriptname());
} else {
$options['msg'] .= '<br />' . _("Verification missmatched.");
}
} else {
if ($user->id == "Anonymous" and $options['verify'] == _("Verify E-mail address") and !empty($DBInfo->anonymous_friendly) and !empty($options['verifyemail'])) {
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['verifyemail'])) {
if (($ret = verify_email($options['verifyemail'])) < 0) {
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br/>' . _("Invalid email address or can't verify it.");
} else {
if (!empty($DBInfo->verify_email)) {
if ($DBInfo->verify_email == 1) {
$options['msg'] .= '<br/>' . _("Your email address is successfully verified.");
setcookie('MONI_VERIFIED_EMAIL', $options['verifyemail'], time() + 60 * 60 * 24 * 30, get_scriptname());
} else {
$opts = array();
$opts['subject'] = "[{$DBInfo->sitename}] " . _("Verify Email address");
$opts['email'] = $options['verifyemail'];
$opts['id'] = 'nobody';
$ticket = base64_encode(getTicket($_SERVER['REMOTE_ADDR'], $opts['email'], 10));
$enc = base64_encode($opts['email']);
$body = qualifiedUrl($formatter->link_url('UserPreferences', "?action=userform&login={$enc}&verify_email={$ticket}"));
$body = _("Please confirm your e-mail address") . "\n" . $body . "\n";
$ret = wiki_sendmail($body, $opts);
$options['msg'] .= '<br/>' . _("E-mail verification mail sent");
}
}
}
} else {
$options['msg'] .= '<br/>' . _("Your email address is not valid");
}
} else {
if ($user->id == "Anonymous" and !empty($options['login_id']) and isset($options['password']) and !isset($options['passwordagain'])) {
if (method_exists($user, 'login')) {
$user->login($formatter, $options);
$params = array();
$params['value'] = $options['page'];
do_goto($formatter, $params);
return;
}
# login
$userdb = $DBInfo->udb;
if ($userdb->_exists($id)) {
$user = $userdb->getUser($id);
$login_ok = 0;
if (!empty($DBInfo->use_safelogin)) {
if (isset($options['challenge']) and $options['_chall'] == $options['challenge']) {
#print '<pre>';
#print $options['password'].'<br />';
#print hmac($options['challenge'],$user->info['password']);
#print '</pre>';
if (hmac($options['challenge'], $user->info['password']) == $options['password']) {
$login_ok = 1;
}
} else {
# with no javascript browsers
$md5pw = md5($options['password']);
if ($md5pw == $user->info['password']) {
$login_ok = 1;
}
}
}
if ($login_ok or $user->checkPasswd($options['password']) === true) {
$options['msg'] = sprintf(_("Successfully login as '%s'"), $id);
$options['id'] = $user->id;
if ($user->id == 'Anonymous') {
// special case. login success but ID is not acceptable
$options['msg'] = _("Invalid user ID. Please register again");
} else {
$formatter->header($user->setCookie());
if (!isset($user->info['login_success'])) {
$user->info['login_success'] = 0;
}
if (!isset($user->info['login_fail'])) {
$user->info['login_fail'] = 0;
}
$user->info['login_success']++;
$user->info['last_login'] = gmdate("Y/m/d H:i:s", time());
$user->info['login_fail'] = 0;
// reset login
$user->info['remote'] = $_SERVER['REMOTE_ADDR'];
$userdb->saveUser($user);
$use_refresh = 1;
}
$DBInfo->user = $user;
} else {
$title = sprintf(_("Invalid password !"));
if (!isset($user->info['login_fail'])) {
$user->info['login_fail'] = 0;
}
$user->info['login_fail']++;
$user->info['remote'] = $_SERVER['REMOTE_ADDR'];
$userdb->saveUser($user);
$user->setID('Anonymous');
}
} else {
if (isset($options['login_id'][0])) {
if ($userdb->_exists($id, 1)) {
// suspended user
$title = sprintf(_("\"%s\" is waiting for activated by admin !"), $options['login_id']);
} else {
$title = sprintf(_("\"%s\" does not exist on this wiki !"), $options['login_id']);
}
$options['login_id'] = '';
} else {
$title = _("Make new ID on this wiki");
}
$form = macro_UserPreferences($formatter, '', $options);
}
} else {
if (!empty($options['logout'])) {
# logout
header($user->unsetCookie(), false);
if (session_name() != '') {
$path = get_scriptname();
// for moniwiki internal
header('Set-Cookie: ' . session_name() . '=' . $user->id . '; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=' . $path, false);
// for some user plugins
$params = session_get_cookie_params();
header('Set-Cookie: ' . session_name() . '=' . $user->id . '; expires=Tuesday, 01-Jan-1999 12:00:00 GMT; Path=' . $params['path'], false);
}
// call logout method
if (method_exists($user, 'logout')) {
$user->logout($formatter, $options);
} else {
$options['msg'] = _("Cookie deleted !");
}
$user->id = 'Anonymous';
$DBInfo->user = $user;
$use_refresh = 1;
} else {
if (!empty($DBInfo->use_sendmail) and $options['login'] == _("E-mail new password") and $user->id == "Anonymous" and !empty($options['email']) and !empty($options['login_id'])) {
# email new password
$title = '';
if (!$use_any and $DBInfo->use_ticket) {
if ($options['__seed'] and $options['check']) {
$mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4);
if ($mycheck == $options['check']) {
$ok_ticket = 1;
} else {
$title = _("Invalid ticket !");
}
} else {
$title = _("You need a ticket !");
}
} else {
$ok_ticket = 1;
}
$userdb =& $DBInfo->udb;
if ($userdb->_exists($id)) {
$user = $userdb->getUser($id);
}
if ($ok_ticket and $user->id != "Anonymous") {
if ($options['email'] == $user->info['email'] and $user->info['eticket'] == '') {
#make new password
$mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10));
$mypass = substr($mypass, 0, 8);
$options['password'] = $mypass;
$old_passwd = $user->info['password'];
if ($DBInfo->use_safelogin) {
$ret = $user->setPasswd(md5($mypass), md5($mypass), 1);
} else {
$ret = $user->setPasswd($mypass, $mypass);
}
$new_passwd = $user->info['password'];
$user->info['password'] = $old_passwd;
$user->info['npassword'] = $new_passwd;
#make ticket
$ticket = md5(time() . $user->id . $options['email']);
$user->info['nticket'] = $ticket . "." . $options['email'];
// save join agreement
if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
$user->info['join_agreement'] = 'agree';
if (!empty($DBInfo->agreement_version)) {
$user->info['join_agreement_version'] = $DBInfo->agreement_version;
}
}
$userdb->saveUser($user);
# XXX
$opts['subject'] = "[{$DBInfo->sitename}] " . _("New password confirmation");
$opts['email'] = $options['email'];
$opts['id'] = 'nobody';
$body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
$body = _("Please confirm your new password") . "\n" . $body . "\n";
$body .= sprintf(_("Your new password is %s"), $mypass) . "\n\n";
$body .= _("Please change your password later") . "\n";
$ret = wiki_sendmail($body, $opts);
if (is_array($ret)) {
$title = _("Fail to e-mail notification !");
$options['msg'] = $ret['msg'];
} else {
$title = _("New password is sent to your e-mail !");
$options['msg'] = _("Please check your e-mail");
}
} else {
if ($options['email'] != $user->info['email']) {
$title = _("Fail to e-mail notification !");
$options['msg'] = _("E-mail mismatch !");
} else {
$title = _("Invalid request");
$options['msg'] = _("Please confirm your e-mail address first !");
}
}
} else {
if (!$ok_ticket) {
$title = _("Invalid ticket !");
} else {
$title = _("ID and e-mail mismatch !");
}
$options['msg'] = _("Please try again or make a new profile");
}
$formatter->send_header("", $options);
$formatter->send_title($title, "", $options);
$formatter->send_footer("", $options);
return;
} else {
if ($user->id == "Anonymous" and !empty($options['login_id']) and ($options['password'] and $options['passwordagain'] or $DBInfo->use_safelogin and $options['email'])) {
# create profile
$title = '';
if (!$use_any and !empty($DBInfo->use_ticket)) {
if ($options['__seed'] and $options['check']) {
$mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4);
if ($mycheck == $options['check']) {
$ok_ticket = 1;
} else {
$title = _("Invalid ticket !");
}
} else {
$title = _("You need a ticket !");
}
} else {
$ok_ticket = 1;
}
$id = $user->getID($options['login_id']);
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $id)) {
if (($ret = verify_email($id)) < 0) {
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br/>' . _("Invalid email address or can't verify it.");
} else {
$options['email'] = $id;
$user->setID($id);
}
} else {
if (!preg_match("/\\//", $id)) {
$user->setID($id);
}
}
// protect http:// style id
if (!empty($DBInfo->use_agreement) and empty($options['joinagreement'])) {
$title = _("Please check join agreement.");
} else {
if ($ok_ticket and $user->id != "Anonymous") {
if (!empty($DBInfo->use_safelogin)) {
$mypass = base64_encode(getTicket(time(), $_SERVER['REMOTE_ADDR'], 10));
$mypass = substr($mypass, 0, 8);
$options['password'] = $mypass;
$ret = $user->setPasswd(md5($mypass), md5($mypass), 1);
} else {
$ret = $user->setPasswd($options['password'], $options['passwordagain']);
}
if (!empty($DBInfo->password_length) and strlen($options['password']) < $DBInfo->password_length) {
$ret = 0;
}
if ($ret <= 0) {
if ($ret == 0) {
$title = _("too short password!");
} else {
if ($ret == -1) {
$title = _("mismatch password!");
} else {
if ($ret == -2) {
$title = _("not acceptable character found in the password!");
}
}
}
} else {
if ($ret < 8 and empty($DBInfo->use_safelogin)) {
$options['msg'] = _("Your password is too simple to use as a password !");
}
$udb = $DBInfo->udb;
if ($options['email']) {
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
if (($ret = verify_email($options['email'])) < 0) {
$options['email'] = '';
// reset email address
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br/>' . _("Can't verify E-mail address! Please check your email address.");
}
} else {
$options['msg'] .= '<br/>' . _("Your email address is not valid");
}
}
if ($udb->isNotUser($user)) {
if (!empty($DBInfo->no_register)) {
$options['msg'] = _("Fail to register");
$options['err'] = _("You are not allowed to register on this wiki");
$options['err'] .= "\n" . _("Please contact WikiMasters");
do_invalid($formatter, $options);
return;
}
$title = sprintf(_("Successfully added as '%s'"), _html_escape($user->id));
$options['id'] = $user->id;
$ticket = md5(time() . $user->id . $options['email']);
$user->info['eticket'] = $ticket . "." . $options['email'];
if (!empty($DBInfo->use_safelogin)) {
$options['msg'] = sprintf(_("Successfully added as '%s'"), $user->id);
$options['msg'] .= '<br />' . _("Please check your mailbox");
}
$args = array();
if ($options['email'] == $id or !empty($DBInfo->register_confirm_email)) {
$args = array('suspended' => 1);
}
if (!empty($DBInfo->register_confirm_admin)) {
$args = array('suspended' => 1);
}
if (!empty($DBInfo->register_confirm_admin)) {
if (!empty($options['msg'])) {
$options['msg'] .= '<br />';
}
$options['msg'] .= _("Your need to wait until your ID activated by admin");
}
// save join agreement
if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
$user->info['join_agreement'] = 'agree';
if (!empty($DBInfo->agreement_version)) {
$user->info['join_agreement_version'] = $DBInfo->agreement_version;
}
}
if (empty($DBInfo->use_safelogin) && empty($args['suspended'])) {
$formatter->header($user->setCookie());
}
$ret = $udb->addUser($user, $args);
# XXX
if (!empty($options['email']) and preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
$options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation");
$body = '';
if (!empty($DBInfo->email_register_header) and file_exists($DBInfo->email_register_header)) {
$body = file_get_contents($DBInfo->email_register_header);
$body = str_replace(array('@sitename@'), array($DBInfo->sitename), $body);
}
$body .= _("Please confirm your email address") . "\n\n";
$body .= qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
$body .= "\n";
if (!empty($DBInfo->use_safelogin)) {
$body .= "\n" . sprintf(_("Your initial password is %s"), $mypass) . "\n\n";
$body .= _("Please change your password later") . "\n";
}
$ret = wiki_sendmail($body, $options);
if (is_array($ret)) {
$options['msg'] .= $ret['msg'];
} else {
$options['msg'] .= '<br/>' . _("Confirmation E-mail sent");
}
}
} else {
# already exist user
$user = $udb->getUser($user->id);
if ($user->checkPasswd($options['password']) === true) {
$options['msg'] .= sprintf(_("Successfully login as '%s'"), $id);
$options['id'] = $user->id;
$formatter->header($user->setCookie());
$udb->saveUser($user);
# XXX
} else {
$title = _("Invalid password !");
}
}
}
} else {
if (empty($title)) {
$title = _("Invalid username !");
}
}
}
} else {
if ($user->id != "Anonymous") {
# save profile
$udb =& $DBInfo->udb;
$userinfo = $udb->getUser($user->id);
if (!empty($options['password']) and !empty($options['passwordagain'])) {
$chall = 0;
if (!empty($DBInfo->use_safelogin)) {
if (isset($options['_chall'])) {
$chall = $options['challenge'];
} else {
$chall = rand(100000);
$options['password'] = hmac($chall, $options['password']);
}
}
//echo 'chall=',$chall,' ',$options['password'];
if ($userinfo->checkPasswd($options['password'], $chall) === true) {
if ($DBInfo->use_safelogin) {
$mypass = md5($options['passwordagain']);
// XXX
$ret = $userinfo->setPasswd($mypass, $mypass, 1);
} else {
$ret = $userinfo->setPasswd($options['passwordagain']);
}
if ($ret <= 0) {
if ($ret == 0) {
$title = _("too short password!");
} else {
if ($ret == -1) {
$title = _("mismatch password !");
} else {
if ($ret == -2) {
$title = _("not acceptable character found in the password!");
}
}
}
$options['msg'] = _("Password is not changed !");
} else {
$title = _("Password is changed !");
if ($ret < 8) {
$options['msg'] = _("Password is too simple to use as a password !");
}
}
} else {
$title = _("Invalid password !");
$options['msg'] = _("Password is not changed !");
}
}
if (isset($options['user_css'])) {
$userinfo->info['css_url'] = $options['user_css'];
}
if (isset($options['timezone'])) {
list($hour, $min) = explode(':', $options['timezone']);
$min = $min * 60;
$min = $hour < 0 ? -1 * $min : $min;
$tz_offset = $hour * 3600 + $min;
$userinfo->info['tz_offset'] = $tz_offset;
}
if (!empty($DBInfo->use_agreement) and !empty($options['joinagreement'])) {
$userinfo->info['join_agreement'] = 'agree';
if (!empty($DBInfo->agreement_version)) {
$userinfo->info['join_agreement_version'] = $DBInfo->agreement_version;
}
}
$button_check_email_again = !empty($options['button_check_email_again']) ? 1 : 0;
if ($button_check_email_again and !empty($userinfo->info['eticket'])) {
list($dummy, $email) = explode('.', $userinfo->info['eticket'], 2);
if (!empty($email)) {
$options['email'] = $email;
}
}
if (!empty($options['email']) and $options['email'] != $userinfo->info['email']) {
if (preg_match('/^[a-z][a-z0-9_\\-\\.]+@[a-z][a-z0-9_\\-]+(\\.[a-z0-9_]+)+$/i', $options['email'])) {
if (($ret = verify_email($options['email'])) < 0) {
$ret = -$ret;
$options['msg'] .= '<br />' . 'ERROR Code: ' . $ret;
$options['msg'] .= '<br />' . _("Invalid email address or can't verify it.");
} else {
$ticket = md5(time() . $userinfo->info['id'] . $options['email']);
$userinfo->info['eticket'] = $ticket . "." . $options['email'];
$options['subject'] = "[{$DBInfo->sitename}] " . _("E-mail confirmation");
$body = qualifiedUrl($formatter->link_url('', "?action=userform&login_id={$user->id}&ticket={$ticket}.{$options['email']}"));
$body = _("Please confirm your email address") . "\n" . $body;
$ret = wiki_sendmail($body, $options);
if (is_array($ret)) {
$options['msg'] = $ret['msg'];
} else {
$options['msg'] = _("E-mail confirmation mail sent");
}
}
} else {
$options['msg'] = _("Your email address is not valid");
}
}
if (!empty($userinfo->info['idtype']) and $userinfo->info['idtype'] == 'openid' and isset($options['nick']) and $options['nick'] != $userinfo->info['nick']) {
$nick = $userinfo->getID($options['nick']);
// nickname check XXX
if (!$udb->_exists($nick)) {
$userinfo->info['nick'] = $nick;
} else {
$options['msg'] = _("Your Nickname already used as ID in this wiki");
}
}
$udb->saveUser($userinfo);
#$options['css_url']=$options['user_css'];
if (!isset($options['msg'])) {
$options['msg'] = _("Profiles are saved successfully !");
}
} else {
if ($user->id == "Anonymous" and isset($options['openid_url'])) {
# login with openid
include_once 'lib/openid.php';
session_start();
$process_url = qualifiedUrl($formatter->link_url("UserPreferences", "?action=userform"));
$trust_root = qualifiedUrl($formatter->link_url(""));
$openid = new SimpleOpenID();
$openid->SetIdentity($options['openid_url']);
$openid->SetTrustRoot($trust_root);
$openid->SetRequiredFields(array('nickname', 'email', 'fullname'));
$openid->SetOptionalFields(array('language', 'timezone'));
if ($openid->GetOpenIDServer()) {
$openid->SetApprovedURL($process_url);
// Send Response from OpenID server to this script
$openid->Redirect();
// This will redirect user to OpenID Server
return;
} else {
$error = $openid->GetError();
#echo "ERROR CODE: " . $error['code'] . "<br>";
#echo "ERROR DESCRIPTION: " . $error['description'] . "<br>";
$options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']);
}
} else {
if (!empty($options['openid_mode']) and $options['openid_mode'] == 'id_res') {
// OpenID result
include_once 'lib/openid.php';
if (!preg_match('/utf-?8/i', $DBInfo->charset)) {
$options['openid_sreg_nickname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_nickname']);
$options['openid_sreg_fullname'] = iconv('utf-8', $DBInfo->charset, $options['openid_sreg_fullname']);
}
$openid = new SimpleOpenID();
$openid->SetIdentity($options['openid_identity']);
$openid_validation_result = $openid->ValidateWithServer();
if ($openid_validation_result == true) {
// OK HERE KEY IS VALID
$userdb =& $DBInfo->udb;
// XXX
$user->setID($options['openid_identity']);
// XXX
if (!empty($options['openid_language'])) {
$user->info['language'] = strtolower($options['openid_sreg_language']);
}
//$user->info['tz_offset']=$options['openid_timezone'];
if ($userdb->_exists($options['openid_identity'])) {
$user = $userdb->getUser($options['openid_identity']);
$user->info['idtype'] = 'openid';
$options['msg'] .= sprintf(_("Successfully login as '%s' via OpenID."), $options['openid_identity']);
$formatter->header($user->setCookie());
$userdb->saveUser($user);
// always save
} else {
if (!empty($DBInfo->no_register) and $DBInfo->no_register == 1) {
$options['msg'] = _("Fail to register");
$options['err'] = _("You are not allowed to register on this wiki");
$options['err'] .= "\n" . _("Please contact WikiMasters");
do_invalid($formatter, $options);
return;
}
if ($options['openid_sreg_nickname']) {
$nick = $user->getID($options['openid_sreg_nickname']);
if (!$userdb->_exists($nick)) {
$user->info['nick'] = $nick;
} else {
$options['msg'] = sprintf(_("Your Nickname %s already used as ID in this Wiki."), $nick);
}
}
$user->info['email'] = $options['openid_sreg_email'];
$user->info['idtype'] = 'openid';
$userdb->addUser($user);
$formatter->header($user->setCookie());
$userdb->saveUser($user);
$options["msg"] .= sprintf(_("OpenID Authentication successful and saved as %s."), $options['openid_identity']);
}
$options['id'] = $user->id;
} else {
if ($openid->IsError() == true) {
// ON THE WAY, WE GOT SOME ERROR
$error = $openid->GetError();
$options["msg"] = sprintf(_("Authentication request was failed: %s"), $error['description']);
} else {
// Signature Verification Failed
$options["msg"] = _("Invalid OpenID Authentication request");
echo "INVALID AUTHORIZATION";
}
}
} else {
if (!empty($DBInfo->use_agreement) and $options['login'] == _("Make profile")) {
$options['agreement'] = 1;
$form = macro_UserPreferences($formatter, '', $options);
} else {
$options["msg"] = _("Invalid request");
}
}
}
}
}
}
}
}
}
}
}
$myrefresh = '';
if (!empty($DBInfo->use_refresh) and !empty($use_refresh)) {
$sec = $DBInfo->use_refresh - 1;
if (!empty($options['return_url'])) {
$lnk = $options['return_url'];
} else {
$lnk = $formatter->link_url($formatter->page->urlname, '?action=show');
}
$myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk);
}
$formatter->send_header($myrefresh, $options);
$formatter->send_title($title, "", $options);
if (!$title && (empty($DBInfo->control_read) or $DBInfo->security->is_allowed('read', $options))) {
$lnk = $formatter->link_to('?action=show');
if (empty($form)) {
echo sprintf(_("return to %s"), $lnk);
} else {
echo $form;
}
} else {
if (!empty($form)) {
print $form;
}
# else $formatter->send_page("Goto UserPreferences");
}
$formatter->send_footer("", $options);
}
/// TO DO:
/*
* need to add validation:
* ///Check for empty
* check that lat and lng are valid
* check that address geocodes (again???)
* ///check that times regex to valid
* ///check that event time comes after current date
* ///also check that event end is not before start
* check that name and description have at least 5 letters in them maybe?
*/
// process the contact info, if any
$isOk = false;
if ($isContactInfo == 1) {
if ($contactType == "email") {
$isOk = verify_email($contactInfo);
}
if ($contactType == "phone") {
$isOk = verify_phone($contactInfo);
$contactInfo = $contactInfo['phone1'] . $contactInfo['phone2'] . $contactInfo['phone3'];
}
} else {
$isContactInfo = 0;
}
// in case something nasty happened.
// clean a bit:
$all_fields = clean_fields($all_fields);
extract($all_fields);
// main validation check
if (checkEmpties($all_fields)) {
if (dateCheckValid($all_fields)) {
echo "<script>alert('Ocurrio un error al intentar de dar de su usuario.');</script>";
}
} else {
/* Cuando la imagen es de un formato no permitido o supera el tamaño maximo*/
echo "<script>alert('Imagen no permitida');</script>";
}
}
} else {
/* si las contraseñas no coinciden */
echo "<script>alert('Las contraseñas no coinciden,<br>los campos contraseña y confirmar contraseña deben ser iguales.');</script>";
}
}
}
} else {
if (isset($_POST['recovery'])) {
if (verify_email($_POST['reemail'], $result) == 1) {
/* aquí entra si ya existe el usuario*/
$sqlres = "SELECT usuario,password FROM usuarios where email='" . $_POST['reemail'] . "'";
$resultres = mysqli_query($con, $sqlres);
if ($resultres) {
while ($rowres = mysqli_fetch_row($resultres)) {
$reuser = $rowres[0];
$repass = $rowres[1];
}
}
$email = '*****@*****.**';
$para = $_POST['reemail'];
$titulo = 'INFORMACIÓN DE CUENTA';
$header = 'From: ' . $email;
$msjCorreo = "Los datos de su cuenta son:\nUsuario: {$reuser}\n Contraseña: {$repass}";
if (mail($para, $titulo, $msjCorreo, $header)) {
<?php
require_once 'config.php';
require_once 'auth.php';
require_once 'verify_lib.php';
header("Content-Type: application/json");
if ($https && !isset($_SERVER['HTTPS'])) {
// We're using mod_rewrite .htaccess for HTTPS redirect; this shouldn't happen
exit(json_encode(array('error' => 'tls_failure')));
}
if (!user_logged_in()) {
exit(json_encode(array('error' => 'not_logged_in')));
}
$viewer_id = get_viewer_id();
$result = $conn->query("SELECT username, email, email_verified FROM users WHERE id = {$viewer_id}");
$user_row = $result->fetch_assoc();
$username = $user_row['username'];
$email = $user_row['email'];
$email_verified = $user_row['email_verified'];
if ($email_verified) {
exit(json_encode(array('error' => 'already_verified')));
}
verify_email($viewer_id, $username, $email);
exit(json_encode(array('success' => true)));
exit(json_encode(array('error' => 'empty_password')));
}
$valid_username_regex = "/^[a-zA-Z0-9-_]+\$/";
if (!preg_match($valid_username_regex, $username)) {
exit(json_encode(array('error' => 'invalid_username')));
}
$valid_email_regex = "/^[a-zA-Z0-9.!#\$%&'*+\\/=?^_`{|}~-]+" . "@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?" . "(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\$/";
if (!preg_match($valid_email_regex, $email)) {
exit(json_encode(array('error' => 'invalid_email')));
}
$username = $conn->real_escape_string($username);
$email = $conn->real_escape_string($email);
$result = $conn->query("SELECT COUNT(id) AS count FROM users " . "WHERE LCASE(username) = LCASE('{$username}')");
$matching_username_row = $result->fetch_assoc();
if ($matching_username_row['count'] !== '0') {
exit(json_encode(array('error' => 'username_taken')));
}
$result = $conn->query("SELECT COUNT(id) AS count FROM users WHERE LCASE(email) = LCASE('{$email}')");
$matching_email_row = $result->fetch_assoc();
if ($matching_email_row['count'] !== '0') {
exit(json_encode(array('error' => 'email_taken')));
}
$hash = password_hash($password, PASSWORD_BCRYPT);
$time = round(microtime(true) * 1000);
// in milliseconds
$conn->query("INSERT INTO ids(table_name) VALUES('users')");
$id = $conn->insert_id;
$conn->query("INSERT INTO users(id, username, hash, email, creation_time) " . "VALUES ({$id}, '{$username}', '{$hash}', '{$email}', {$time})");
create_user_cookie($id);
verify_email($id, $username, $email, true);
exit(json_encode(array('success' => true)));
fputs($fp, "QUIT\r\n");
fclose($fp);
if (substr($line, 0, 3) != '250') {
// SMTP 서버가 이 주소를 인식하지 못하므로 잘못된 주소임
$error = $line;
return false;
} else {
// 주소를 인식했음
return true;
}
}
$error = '메일 교환기에 도달하지 못하였습니다.';
return false;
}
if ($mode == "verify") {
$ret = verify_email($address, &$error);
echo "<meta charset=\"euc-kr\">";
if ($ret) {
echo "<script>alert('이메일주소 검사 성공');</script>";
} else {
echo "<script>alert('이메일주소 검사 실패\\n\\n{$error}');</script>";
}
echo "<script>location.href='{$PHP_SELF}';</script>";
exit;
}
?>
<meta charset="utf-8">
<title>이메일주소 검사 프로그램</title>
<form method="post">
<input type="hidden" name="mode" value="verify">
function main_validation($email, $password)
{
$errors = $GLOBALS['errors'];
$email2 = verify_email($email);
if ($email2 != false) {
if (verify_password($password, $email2)) {
$cxn = $GLOBALS['cxn'];
$query_email = "SELECT user_id, first_name, privlege_level FROM user_list WHERE email=?";
$stm2 = $cxn->prepare($query_email);
$stm2->bind_param("s", $email2);
$stm2->execute();
$stm2->bind_result($user_id, $first_name, $privleges);
$stm2->fetch();
$stm2->close();
$last_ip = $_SERVER['REMOTE_ADDR'];
//pulled out the one in the table, so we don't need to use prepareds again.
$query_login_time = "UPDATE user_list SET last_login=NOW(), last_ip='{$last_ip}' WHERE user_id='{$user_id}' ";
$res = mysqli_query($cxn, $query_login_time) or die("error: " . mysqli_error($cxn));
/// set session infos
$_SESSION['signed_in'] = true;
$_SESSION['email'] = $email2;
$_SESSION['fname'] = $first_name;
$_SESSION['user_id'] = $user_id;
$_SESSION['privleges'] = $privleges;
//$_SESSION['city'] = $city;
//$_SESSION['state'] = $state;
$arr = array("user_id" => $user_id, "name" => $first_name);
return $arr;
} else {
$errors .= "password did not match our records";
$GLOBALS['errors'] = $errors;
$_SESSION['signed_in'] = false;
return array("user_id" => 0, "name" => "failure");
}
} else {
$errors .= "email was not found";
$GLOBALS['errors'] = $errors;
$_SESSION['signed_in'] = false;
return array("user_id" => 0, "name" => "failure");
}
}
