Пример #1
0
 public function resetpassword($email)
 {
     $settings = Plugin::getAllSettings("registered_users");
     $reset_pass_type = $settings['reset_pass_type'];
     $reset_pass_length = $settings['reset_pass_length'];
     $reset_password_subject = $settings['reset_password_subject'];
     $reset_password_from = $settings['reset_password_from'];
     $reset_email_body = $settings['reset_email_body'];
     $reset_email_confirmed = $settings['reset_email_confirmed'];
     $common = new RUCommon();
     $newpassword = $common->random_string($reset_pass_type, $reset_pass_length);
     $newpasswordencrypted = sha1($newpassword);
     $PDO = Record::getConnection();
     $updatepassword = "******" . TABLE_PREFIX . "user SET password='******' WHERE email='{$email}'";
     $updatepassword = $PDO->prepare($updatepassword);
     $updatepassword->execute();
     $subject = "{$reset_password_subject}";
     $headers = "From: {$reset_password_from}\r\nReply-To: no-reply";
     $message = '' . $reset_email_body . '' . $newpassword . '';
     mail($email, $subject, $message, $headers);
     echo $reset_email_confirmed;
 }
Пример #2
0
 public function registration_page()
 {
     global $__FROG_CONN__;
     // Only one Row in registration_settings table by default so id='1'...
     // if you need more you can, but you'll probably be writing most of this function again!
     $id = '1';
     $registration_settings = "SELECT * FROM " . TABLE_PREFIX . "registered_users_settings WHERE id='{$id}'";
     foreach ($__FROG_CONN__->query($registration_settings) as $row) {
         $al = $row['allow_login'];
         $lf = $row['login_form'];
         $cl = $row['login_closed_message'];
         $rp = $row['register_page'];
         $ali = $row['already_logged_in'];
         $len = $row['random_key_length'];
         $type = $row['random_key_type'];
     }
     if (AuthUser::isLoggedIn()) {
         echo $ali;
     } else {
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             // This is a quick bit of PHP form validation - I'd recommend some nice Javascript validation in addition if you can be bothered :)
             // Double the importance if you're capturing extra fields on signup...
             global $__FROG_CONN__;
             $name = mysql_escape_string($_POST['name']);
             $email = mysql_escape_string($_POST['email']);
             $username = mysql_escape_string($_POST['username']);
             $password = mysql_escape_string($_POST['password']);
             $confirm_pass = mysql_escape_string($_POST['confirm_pass']);
             $registration_settings = "SELECT * FROM " . TABLE_PREFIX . "registered_users_settings WHERE id='1'";
             $registration_settings = $__FROG_CONN__->prepare($registration_settings);
             $registration_settings->execute();
             while ($settings = $registration_settings->fetchObject()) {
                 $met = $settings->message_error_technical;
                 $message_empty_name = $settings->message_empty_name;
                 $message_empty_email = $settings->message_empty_email;
                 $message_empty_username = $settings->message_empty_username;
                 $message_empty_password = $settings->message_empty_password;
                 $message_empty_password_confirm = $settings->message_empty_password_confirm;
                 $message_notvalid_password = $settings->message_notvalid_password;
                 $message_notvalid_username = $settings->message_notvalid_username;
                 $message_notvalid_email = $settings->message_notvalid_email;
                 $type = $settings->random_key_type;
                 $len = $settings->random_key_length;
             }
             if (empty($_POST['name'])) {
                 echo $message_empty_name;
             } elseif (empty($_POST['email'])) {
                 echo $message_empty_email;
             } elseif (empty($_POST['username'])) {
                 echo $message_empty_username;
             } elseif (empty($_POST['password'])) {
                 echo $message_empty_password;
             } elseif (empty($_POST['confirm_pass'])) {
                 echo $message_empty_password_confirm;
             } elseif ($_POST['password'] != $_POST['confirm_pass']) {
                 echo $message_notvalid_password;
             } else {
                 // Check for unique username
                 global $__FROG_CONN__;
                 // Check User Table
                 $check_unique_username = "******" . TABLE_PREFIX . "user WHERE username='******'";
                 $result = $__FROG_CONN__->prepare($check_unique_username);
                 $result->execute();
                 $count = $result->rowCount();
                 // Check Temp User Table
                 $check_unique_username_temp = "SELECT * FROM " . TABLE_PREFIX . "registered_users_temp WHERE username='******'";
                 $check_unique_username_temp = $__FROG_CONN__->prepare($check_unique_username_temp);
                 $check_unique_username_temp->execute();
                 $check_unique_username_temp = $check_unique_username_temp->rowCount();
                 if ($count == '1' || $check_unique_username_temp == '1') {
                     echo $message_notvalid_username;
                 } else {
                     // We want to make sure that email isn't already registered
                     global $__FROG_CONN__;
                     // Check in Main User Table
                     $check_unique_email = "SELECT * FROM " . TABLE_PREFIX . "user WHERE email='{$email}'";
                     $result = $__FROG_CONN__->prepare($check_unique_email);
                     $result->execute();
                     $count = $result->rowCount();
                     // Check Temp User Table
                     $check_unique_email_temp = "SELECT * FROM " . TABLE_PREFIX . "registered_users_temp WHERE email='{$email}'";
                     $check_unique_email_temp = $__FROG_CONN__->prepare($check_unique_email_temp);
                     $check_unique_email_temp->execute();
                     $check_unique_email_temp = $check_unique_email_temp->rowCount();
                     if ($count == 1 || $check_unique_email_temp == 1) {
                         echo $message_notvalid_email;
                     } else {
                         $common = new RUCommon();
                         $random_key = $common->random_string($type, $len);
                         $password = sha1($password);
                         $today = date('Y-m-d G:i:s');
                         global $__FROG_CONN__;
                         $sql = "INSERT INTO " . TABLE_PREFIX . "registered_users_temp VALUES ('','" . $name . "','" . $email . "','" . $username . "','" . $password . "','" . $random_key . "','" . $today . "')";
                         $stmt = $__FROG_CONN__->prepare($sql);
                         $stmt->execute();
                         $common->confirmation_email($email, $name);
                         $registration_settings = "SELECT * FROM " . TABLE_PREFIX . "registered_users_settings WHERE id='1'";
                         foreach ($__FROG_CONN__->query($registration_settings) as $row) {
                             $register_confirm_msg = $row['register_confirm_msg'];
                         }
                         echo $register_confirm_msg;
                     }
                 }
             }
         } else {
             global $__FROG_CONN__;
             $registration_settings = "SELECT * FROM " . TABLE_PREFIX . "registered_users_settings WHERE id='1'";
             foreach ($__FROG_CONN__->query($registration_settings) as $row) {
                 $register_page = $row['register_page'];
             }
             echo '<form id="registration" class="registration" action="' . URL_PUBLIC . '' . $register_page . '' . URL_SUFFIX . '" method="post">';
             global $__FROG_CONN__;
             // Only one Row in registration_settings table by default so id='1'...
             // if you need more you can, but you'll probably be writing most of this function again!
             $id = '1';
             $registration_settings = "SELECT * FROM " . TABLE_PREFIX . "registered_users_settings WHERE id='{$id}'";
             foreach ($__FROG_CONN__->query($registration_settings) as $row) {
                 $ar = $row['allow_registrations'];
                 $met = $row['message_error_technical'];
                 $cm = $row['closed_message'];
                 $rf = $row['registration_form'];
             }
             // Check the registration status
             if ($ar == '1') {
                 // if registration is Open
                 echo $rf;
                 // Show Registration Form
             } elseif ($ar == '0') {
                 // if registration is Closed
                 echo $cm;
                 // Show Closed Shop Message - useful for testing with closed set of users
             } else {
                 // You will get this message if the allow_registration row in the registration_settings table value does not equal 1 (open) or 0 (closed)
                 echo $met;
             }
             echo '</form>';
         }
     }
 }
Пример #3
0
 public function resetpassword($email)
 {
     global $__FROG_CONN__;
     $registration_settings = "SELECT * FROM " . TABLE_PREFIX . "registered_users_settings WHERE id='1'";
     foreach ($__FROG_CONN__->query($registration_settings) as $row) {
         $reset_pass_type = $row['reset_pass_type'];
         $reset_pass_length = $row['reset_pass_length'];
         $reset_password_subject = $row['reset_password_subject'];
         $reset_password_from = $row['reset_password_from'];
         $reset_email_body = $row['reset_email_body'];
         $reset_email_confirmed = $row['reset_email_confirmed'];
     }
     $common = new RUCommon();
     $newpassword = $common->random_string($reset_pass_type, $reset_pass_length);
     $newpasswordencrypted = sha1($newpassword);
     $updatepassword = "******" . TABLE_PREFIX . "user SET password='******' WHERE email='{$email}'";
     $updatepassword = $__FROG_CONN__->prepare($updatepassword);
     $updatepassword->execute();
     $subject = "{$reset_password_subject}";
     $headers = "From: {$reset_password_from}\r\nReply-To: no-reply";
     $message = '' . $reset_email_body . '' . $newpassword . '';
     mail($email, $subject, $message, $headers);
     echo $reset_email_confirmed;
 }
Пример #4
0
 public function registration_page()
 {
     $settings = Plugin::getAllSettings("registered_users");
     $al = $settings['allow_login'];
     //$lf = $settings['login_form'];
     $cl = $settings['login_closed_message'];
     //$rp = $row['register_page'];
     $rp = new View('../../plugins/registered_users/views/registration');
     $ali = $settings['already_logged_in'];
     $len = $settings['random_key_length'];
     $type = $settings['random_key_type'];
     if (AuthUser::isLoggedIn()) {
         echo $ali;
     } else {
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             // This is a quick bit of PHP form validation - I'd recommend some nice Javascript validation in addition if you can be bothered :)
             // Double the importance if you're capturing extra fields on signup...
             global $__CMS_CONN__;
             $PDO = Record::getConnection();
             $name = $_POST['name'];
             $email = $_POST['email'];
             $username = $_POST['username'];
             $password = $_POST['password'];
             $confirm_pass = $_POST['confirm_pass'];
             $met = $settings["message_error_technical"];
             $message_empty_name = $settings["message_empty_name"];
             $message_empty_email = $settings["message_empty_email"];
             $message_empty_username = $settings["message_empty_username"];
             $message_empty_password = $settings["message_empty_password"];
             $message_empty_password_confirm = $settings["message_empty_password_confirm"];
             $message_notvalid_password = $settings["message_notvalid_password"];
             $message_notvalid_username = $settings["message_notvalid_username"];
             $message_notvalid_email = $settings["message_notvalid_email"];
             $type = $settings["random_key_type"];
             $len = $settings["random_key_length"];
             if (empty($_POST['name'])) {
                 echo $message_empty_name;
             } elseif (empty($_POST['email'])) {
                 echo $message_empty_email;
             } elseif (empty($_POST['username'])) {
                 echo $message_empty_username;
             } elseif (empty($_POST['password'])) {
                 echo $message_empty_password;
             } elseif (empty($_POST['confirm_pass'])) {
                 echo $message_empty_password_confirm;
             } elseif ($_POST['password'] != $_POST['confirm_pass']) {
                 echo $message_notvalid_password;
             } else {
                 // Check for unique username
                 $PDO = Record::getConnection();
                 // Check User Table
                 $check_unique_username = "******" . TABLE_PREFIX . "user WHERE username=:username";
                 $result = $PDO->prepare($check_unique_username);
                 $result->execute(array("username" => $username));
                 $count = $result->rowCount();
                 // Check Temp User Table
                 $check_unique_username_temp = "SELECT * FROM " . TABLE_PREFIX . "registered_users_temp WHERE username=:username";
                 $check_unique_username_temp = $PDO->prepare($check_unique_username_temp);
                 $check_unique_username_temp->execute(array("username" => $username));
                 $check_unique_username_temp = $check_unique_username_temp->rowCount();
                 if ($count == '1' || $check_unique_username_temp == '1') {
                     echo $message_notvalid_username;
                 } else {
                     // We want to make sure that email isn't already registered
                     global $__CMS_CONN__;
                     // Check in Main User Table
                     $check_unique_email = "SELECT * FROM " . TABLE_PREFIX . "user WHERE email=:email";
                     $result = $PDO->prepare($check_unique_email);
                     $result->execute(array("email" => $email));
                     $count = $result->rowCount();
                     // Check Temp User Table
                     $check_unique_email_temp = "SELECT * FROM " . TABLE_PREFIX . "registered_users_temp WHERE email=:email";
                     $check_unique_email_temp = $PDO->prepare($check_unique_email_temp);
                     $check_unique_email_temp->execute(array("email" => $email));
                     $check_unique_email_temp = $check_unique_email_temp->rowCount();
                     if ($count == 1 || $check_unique_email_temp == 1) {
                         echo $message_notvalid_email;
                     } else {
                         $common = new RUCommon();
                         $random_key = $common->random_string($type, $len);
                         //$password = sha1($password);
                         $today = date('Y-m-d G:i:s');
                         $sql = "INSERT INTO " . TABLE_PREFIX . "registered_users_temp (name, email, username, password, rand_key, reg_date) VALUES (:name, :email, :username , :password, :random_key, :today)";
                         $PDO->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
                         $stmt = $PDO->prepare($sql);
                         $stmt->execute(array("name" => $name, "email" => $email, "username" => $username, "password" => $password, "random_key" => $random_key, "today" => $today));
                         $common->confirmation_email($email, $name);
                         $register_confirm_msg = $settings['register_confirm_msg'];
                         echo $register_confirm_msg;
                     }
                 }
             }
         } else {
             $register_page = $settings['register_page'];
             echo '<form id="registration" class="registration" action="' . URL_PUBLIC . '' . $register_page . '' . URL_SUFFIX . '" method="post">';
             $ar = $settings['allow_registrations'];
             $met = $settings['message_error_technical'];
             $cm = $settings['closed_message'];
             //$rf = $row['registration_form'];
             $rf = new View('../../plugins/registered_users/views/registration');
             // Check the registration status
             if ($ar == '1') {
                 // if registration is Open
                 echo $rf;
                 // Show Registration Form
             } elseif ($ar == '0') {
                 // if registration is Closed
                 echo $cm;
                 // Show Closed Shop Message - useful for testing with closed set of users
             } else {
                 // You will get this message if the allow_registration row in the registration_settings table value does not equal 1 (open) or 0 (closed)
                 echo $met;
             }
             echo '</form>';
         }
     }
 }