public function resetpassword($email)
{
$settings = Plugin::getAllSettings("registered_users");
$reset_pass_type = $settings['reset_pass_type'];
$reset_pass_length = $settings['reset_pass_length'];
$reset_password_subject = $settings['reset_password_subject'];
$reset_password_from = $settings['reset_password_from'];
$reset_email_body = $settings['reset_email_body'];
$reset_email_confirmed = $settings['reset_email_confirmed'];
$common = new RUCommon();
$newpassword = $common->random_string($reset_pass_type, $reset_pass_length);
$newpasswordencrypted = sha1($newpassword);
$PDO = Record::getConnection();
$updatepassword = "******" . TABLE_PREFIX . "user SET password='******' WHERE email='{$email}'";
$updatepassword = $PDO->prepare($updatepassword);
$updatepassword->execute();
$subject = "{$reset_password_subject}";
$headers = "From: {$reset_password_from}\r\nReply-To: no-reply";
$message = '' . $reset_email_body . '' . $newpassword . '';
mail($email, $subject, $message, $headers);
echo $reset_email_confirmed;
}
public function registration_page()
{
global $__FROG_CONN__;
// Only one Row in registration_settings table by default so id='1'...
// if you need more you can, but you'll probably be writing most of this function again!
$id = '1';
$registration_settings = "SELECT * FROM " . TABLE_PREFIX . "registered_users_settings WHERE id='{$id}'";
foreach ($__FROG_CONN__->query($registration_settings) as $row) {
$al = $row['allow_login'];
$lf = $row['login_form'];
$cl = $row['login_closed_message'];
$rp = $row['register_page'];
$ali = $row['already_logged_in'];
$len = $row['random_key_length'];
$type = $row['random_key_type'];
}
if (AuthUser::isLoggedIn()) {
echo $ali;
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// This is a quick bit of PHP form validation - I'd recommend some nice Javascript validation in addition if you can be bothered :)
// Double the importance if you're capturing extra fields on signup...
global $__FROG_CONN__;
$name = mysql_escape_string($_POST['name']);
$email = mysql_escape_string($_POST['email']);
$username = mysql_escape_string($_POST['username']);
$password = mysql_escape_string($_POST['password']);
$confirm_pass = mysql_escape_string($_POST['confirm_pass']);
$registration_settings = "SELECT * FROM " . TABLE_PREFIX . "registered_users_settings WHERE id='1'";
$registration_settings = $__FROG_CONN__->prepare($registration_settings);
$registration_settings->execute();
while ($settings = $registration_settings->fetchObject()) {
$met = $settings->message_error_technical;
$message_empty_name = $settings->message_empty_name;
$message_empty_email = $settings->message_empty_email;
$message_empty_username = $settings->message_empty_username;
$message_empty_password = $settings->message_empty_password;
$message_empty_password_confirm = $settings->message_empty_password_confirm;
$message_notvalid_password = $settings->message_notvalid_password;
$message_notvalid_username = $settings->message_notvalid_username;
$message_notvalid_email = $settings->message_notvalid_email;
$type = $settings->random_key_type;
$len = $settings->random_key_length;
}
if (empty($_POST['name'])) {
echo $message_empty_name;
} elseif (empty($_POST['email'])) {
echo $message_empty_email;
} elseif (empty($_POST['username'])) {
echo $message_empty_username;
} elseif (empty($_POST['password'])) {
echo $message_empty_password;
} elseif (empty($_POST['confirm_pass'])) {
echo $message_empty_password_confirm;
} elseif ($_POST['password'] != $_POST['confirm_pass']) {
echo $message_notvalid_password;
} else {
// Check for unique username
global $__FROG_CONN__;
// Check User Table
$check_unique_username = "******" . TABLE_PREFIX . "user WHERE username='******'";
$result = $__FROG_CONN__->prepare($check_unique_username);
$result->execute();
$count = $result->rowCount();
// Check Temp User Table
$check_unique_username_temp = "SELECT * FROM " . TABLE_PREFIX . "registered_users_temp WHERE username='******'";
$check_unique_username_temp = $__FROG_CONN__->prepare($check_unique_username_temp);
$check_unique_username_temp->execute();
$check_unique_username_temp = $check_unique_username_temp->rowCount();
if ($count == '1' || $check_unique_username_temp == '1') {
echo $message_notvalid_username;
} else {
// We want to make sure that email isn't already registered
global $__FROG_CONN__;
// Check in Main User Table
$check_unique_email = "SELECT * FROM " . TABLE_PREFIX . "user WHERE email='{$email}'";
$result = $__FROG_CONN__->prepare($check_unique_email);
$result->execute();
$count = $result->rowCount();
// Check Temp User Table
$check_unique_email_temp = "SELECT * FROM " . TABLE_PREFIX . "registered_users_temp WHERE email='{$email}'";
$check_unique_email_temp = $__FROG_CONN__->prepare($check_unique_email_temp);
$check_unique_email_temp->execute();
$check_unique_email_temp = $check_unique_email_temp->rowCount();
if ($count == 1 || $check_unique_email_temp == 1) {
echo $message_notvalid_email;
} else {
$common = new RUCommon();
$random_key = $common->random_string($type, $len);
$password = sha1($password);
$today = date('Y-m-d G:i:s');
global $__FROG_CONN__;
$sql = "INSERT INTO " . TABLE_PREFIX . "registered_users_temp VALUES ('','" . $name . "','" . $email . "','" . $username . "','" . $password . "','" . $random_key . "','" . $today . "')";
$stmt = $__FROG_CONN__->prepare($sql);
$stmt->execute();
$common->confirmation_email($email, $name);
$registration_settings = "SELECT * FROM " . TABLE_PREFIX . "registered_users_settings WHERE id='1'";
foreach ($__FROG_CONN__->query($registration_settings) as $row) {
$register_confirm_msg = $row['register_confirm_msg'];
}
echo $register_confirm_msg;
}
}
}
} else {
global $__FROG_CONN__;
$registration_settings = "SELECT * FROM " . TABLE_PREFIX . "registered_users_settings WHERE id='1'";
foreach ($__FROG_CONN__->query($registration_settings) as $row) {
$register_page = $row['register_page'];
}
echo '<form id="registration" class="registration" action="' . URL_PUBLIC . '' . $register_page . '' . URL_SUFFIX . '" method="post">';
global $__FROG_CONN__;
// Only one Row in registration_settings table by default so id='1'...
// if you need more you can, but you'll probably be writing most of this function again!
$id = '1';
$registration_settings = "SELECT * FROM " . TABLE_PREFIX . "registered_users_settings WHERE id='{$id}'";
foreach ($__FROG_CONN__->query($registration_settings) as $row) {
$ar = $row['allow_registrations'];
$met = $row['message_error_technical'];
$cm = $row['closed_message'];
$rf = $row['registration_form'];
}
// Check the registration status
if ($ar == '1') {
// if registration is Open
echo $rf;
// Show Registration Form
} elseif ($ar == '0') {
// if registration is Closed
echo $cm;
// Show Closed Shop Message - useful for testing with closed set of users
} else {
// You will get this message if the allow_registration row in the registration_settings table value does not equal 1 (open) or 0 (closed)
echo $met;
}
echo '</form>';
}
}
}
public function resetpassword($email)
{
global $__FROG_CONN__;
$registration_settings = "SELECT * FROM " . TABLE_PREFIX . "registered_users_settings WHERE id='1'";
foreach ($__FROG_CONN__->query($registration_settings) as $row) {
$reset_pass_type = $row['reset_pass_type'];
$reset_pass_length = $row['reset_pass_length'];
$reset_password_subject = $row['reset_password_subject'];
$reset_password_from = $row['reset_password_from'];
$reset_email_body = $row['reset_email_body'];
$reset_email_confirmed = $row['reset_email_confirmed'];
}
$common = new RUCommon();
$newpassword = $common->random_string($reset_pass_type, $reset_pass_length);
$newpasswordencrypted = sha1($newpassword);
$updatepassword = "******" . TABLE_PREFIX . "user SET password='******' WHERE email='{$email}'";
$updatepassword = $__FROG_CONN__->prepare($updatepassword);
$updatepassword->execute();
$subject = "{$reset_password_subject}";
$headers = "From: {$reset_password_from}\r\nReply-To: no-reply";
$message = '' . $reset_email_body . '' . $newpassword . '';
mail($email, $subject, $message, $headers);
echo $reset_email_confirmed;
}
public function registration_page()
{
$settings = Plugin::getAllSettings("registered_users");
$al = $settings['allow_login'];
//$lf = $settings['login_form'];
$cl = $settings['login_closed_message'];
//$rp = $row['register_page'];
$rp = new View('../../plugins/registered_users/views/registration');
$ali = $settings['already_logged_in'];
$len = $settings['random_key_length'];
$type = $settings['random_key_type'];
if (AuthUser::isLoggedIn()) {
echo $ali;
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// This is a quick bit of PHP form validation - I'd recommend some nice Javascript validation in addition if you can be bothered :)
// Double the importance if you're capturing extra fields on signup...
global $__CMS_CONN__;
$PDO = Record::getConnection();
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
$confirm_pass = $_POST['confirm_pass'];
$met = $settings["message_error_technical"];
$message_empty_name = $settings["message_empty_name"];
$message_empty_email = $settings["message_empty_email"];
$message_empty_username = $settings["message_empty_username"];
$message_empty_password = $settings["message_empty_password"];
$message_empty_password_confirm = $settings["message_empty_password_confirm"];
$message_notvalid_password = $settings["message_notvalid_password"];
$message_notvalid_username = $settings["message_notvalid_username"];
$message_notvalid_email = $settings["message_notvalid_email"];
$type = $settings["random_key_type"];
$len = $settings["random_key_length"];
if (empty($_POST['name'])) {
echo $message_empty_name;
} elseif (empty($_POST['email'])) {
echo $message_empty_email;
} elseif (empty($_POST['username'])) {
echo $message_empty_username;
} elseif (empty($_POST['password'])) {
echo $message_empty_password;
} elseif (empty($_POST['confirm_pass'])) {
echo $message_empty_password_confirm;
} elseif ($_POST['password'] != $_POST['confirm_pass']) {
echo $message_notvalid_password;
} else {
// Check for unique username
$PDO = Record::getConnection();
// Check User Table
$check_unique_username = "******" . TABLE_PREFIX . "user WHERE username=:username";
$result = $PDO->prepare($check_unique_username);
$result->execute(array("username" => $username));
$count = $result->rowCount();
// Check Temp User Table
$check_unique_username_temp = "SELECT * FROM " . TABLE_PREFIX . "registered_users_temp WHERE username=:username";
$check_unique_username_temp = $PDO->prepare($check_unique_username_temp);
$check_unique_username_temp->execute(array("username" => $username));
$check_unique_username_temp = $check_unique_username_temp->rowCount();
if ($count == '1' || $check_unique_username_temp == '1') {
echo $message_notvalid_username;
} else {
// We want to make sure that email isn't already registered
global $__CMS_CONN__;
// Check in Main User Table
$check_unique_email = "SELECT * FROM " . TABLE_PREFIX . "user WHERE email=:email";
$result = $PDO->prepare($check_unique_email);
$result->execute(array("email" => $email));
$count = $result->rowCount();
// Check Temp User Table
$check_unique_email_temp = "SELECT * FROM " . TABLE_PREFIX . "registered_users_temp WHERE email=:email";
$check_unique_email_temp = $PDO->prepare($check_unique_email_temp);
$check_unique_email_temp->execute(array("email" => $email));
$check_unique_email_temp = $check_unique_email_temp->rowCount();
if ($count == 1 || $check_unique_email_temp == 1) {
echo $message_notvalid_email;
} else {
$common = new RUCommon();
$random_key = $common->random_string($type, $len);
//$password = sha1($password);
$today = date('Y-m-d G:i:s');
$sql = "INSERT INTO " . TABLE_PREFIX . "registered_users_temp (name, email, username, password, rand_key, reg_date) VALUES (:name, :email, :username , :password, :random_key, :today)";
$PDO->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $PDO->prepare($sql);
$stmt->execute(array("name" => $name, "email" => $email, "username" => $username, "password" => $password, "random_key" => $random_key, "today" => $today));
$common->confirmation_email($email, $name);
$register_confirm_msg = $settings['register_confirm_msg'];
echo $register_confirm_msg;
}
}
}
} else {
$register_page = $settings['register_page'];
echo '<form id="registration" class="registration" action="' . URL_PUBLIC . '' . $register_page . '' . URL_SUFFIX . '" method="post">';
$ar = $settings['allow_registrations'];
$met = $settings['message_error_technical'];
$cm = $settings['closed_message'];
//$rf = $row['registration_form'];
$rf = new View('../../plugins/registered_users/views/registration');
// Check the registration status
if ($ar == '1') {
// if registration is Open
echo $rf;
// Show Registration Form
} elseif ($ar == '0') {
// if registration is Closed
echo $cm;
// Show Closed Shop Message - useful for testing with closed set of users
} else {
// You will get this message if the allow_registration row in the registration_settings table value does not equal 1 (open) or 0 (closed)
echo $met;
}
echo '</form>';
}
}
}