public function newUser()
{
$sess = new ppg_session();
$this->dbAccess = $sess->start("new_account.php");
$sess_data = $sess->get_data();
$log = new logger($sess_data->ppg_sessionId, "new_account.php");
$log->write("Starting up");
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$log->write("got the following");
if (!isset($request->email)) {
$log->write("Email isn't set on calling object", 9);
echo "Invalid Request sent";
return;
}
$log->write("Email gives -> {$request->email}");
$log->write("Password gives -> " . $request->pass);
$log->write("Handle gives -> " . $request->handle);
$result = $this->dbAccess->db_prepare("SELECT email,password,handle FROM `users` WHERE email = ?");
$result->bind_param('s', $request->email);
$this->dbAccess->db_execute(1, $result);
$result->bind_result($emName, $cPass, $shortName);
$rwCnt = 0;
if (!$this->validateEmail($request->email)) {
$log->write("Invalid e-mail entered - {$request->email}", 9);
$eMsg = "Invalid e-mail address";
echo $eMsg;
return;
}
while ($result->fetch()) {
$rwCnt++;
}
$log->write("Got {$rwCnt} from query");
$eMsg = "This address is already registered";
if ($rwCnt == 1) {
//email not found
$log->write("Email address found - {$request->email}");
echo $eMsg;
return;
}
if ($rwCnt == 0) {
//password validation - just in case some mong is trying it on.
if (strlen($request->pass <= '8')) {
echo "Your Password Must Contain At Least 8 Characters!";
return;
} elseif (!preg_match("#[0-9]+#", $request->pass)) {
echo "Your Password Must Contain At Least 1 Number!";
return;
} elseif (!preg_match("#[A-Z]+#", $request->pass)) {
echo "Your Password Must Contain At Least 1 Capital Letter!";
return;
} elseif (!preg_match("#[a-z]+#", $request->pass)) {
echo "Your Password Must Contain At Least 1 Lowercase Letter!";
return;
}
$log->write("Valid email address");
$log->write("Valid password");
$passHash = crypt($request->pass, "\$5\$poopingisalways1");
$result = $this->dbAccess->db_prepare("INSERT INTO `users` (\n \t\t\t\t\t`organisations_id`,\n \t\t\t\t\t`user_profiles_id`,\n \t\t\t\t\t`roles_id`,\n \t\t\t\t\t`calendars_id`,\n \t\t\t\t\t`resources_id`,\n \t\t\t\t\t`email`,\n \t\t\t\t\t`password`,\n \t\t\t\t\t`handle`,\n \t\t\t\t\t`verifylink`)\t\n \t\t\t\t\tVALUES(?,?,?,?,?,?,?,?,?)");
$orgId = 1;
$userProf = 2;
$roleId = 1;
$calId = 1;
$resourceId = 1;
$result->bind_param("iiiiissss", $orgId, $userProf, $roleId, $calId, $resourceId, $request->email, $passHash, $request->handle, $this->usrToken);
$this->dbAccess->db_execute(4, $result);
$subject = 'Welcome to PlanPrintGo';
$message = "Hello,\n\nPlease click or copy the link into your browser to activate your newly created Plan Print Go account.\n\n" . "http://192.168.56.10/php/verify.php?id={$this->usrToken}\n\n" . "If you didn't create this account please let us know at admin@planprintgo.com\n\nThanks from the team at PPG\n";
$headers = 'From: admin@planprintgo.com' . "\r\n" . 'Reply-To: admin@planprintgo.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
mail($request->email, $subject, $message, $headers);
$log->write("Login URL = http://192.168.56.10/php/verify.php?id={$this->usrToken}");
echo "cool";
return;
}
}
<?php
$path = $_SERVER['DOCUMENT_ROOT'];
$path .= "/php/ppg_session.php";
include_once $path;
$sess = new ppg_session();
$dbAccess = $sess->start("status.php");
$sess_data = $sess->get_data();
echo json_encode($sess_data);
return;
public function checkUser()
{
$sess = new ppg_session();
$this->dbAccess = $sess->start("login.php");
$sess_data = $sess->get_data();
$log = new logger($sess_data->ppg_sessionId, "login.php");
$log->write("Starting up");
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$log->write("got the following");
$log->write("Email gives -> " . $request->email);
$log->write("Password gives -> " . $request->pass);
$result = $this->dbAccess->db_prepare("SELECT `organisations_id`,`id`,`user_profiles_id`,`roles_id`,`calendars_id`,`resources_id`,`email`,`password`,`handle` FROM `users` WHERE `email` = ?");
$result->bind_param('s', $request->email);
$this->dbAccess->db_execute(1, $result);
$result->bind_result($orgId, $userId, $userProfileId, $roleId, $calendarId, $resourceId, $emName, $cPass, $shortName);
//print_r($result);
//echo "<br>";
$rwCnt = 0;
while ($result->fetch()) {
$rwCnt++;
}
$log->write("Got {$rwCnt} from query");
$eMsg = "Login Failed";
if ($rwCnt == 0) {
//email not found
$log->write("Email address not found - {$request->email}");
echo $eMsg;
return;
}
if ($rwCnt == 1) {
$log->write("Valid email address");
$log->write("Password crypt = " . $cPass);
if (strcmp(crypt($request->pass, "\$5\$poopingisalways1"), $cPass) == 0) {
// want to switch to https - SSL here
//load data into session here
$sess_data->usersOrgId = $orgId;
$sess_data->usersId = $userId;
$sess_data->usersUserProfileId = $userProfileId;
$sess_data->loginName = $shortName;
$sess_data->loggedIn = true;
$sess->update_session();
$_SESSION['ppg_id'] = $sess_data->loginName;
$rtnObj->loginName = $shortName;
// Check if user is has been validated
if ($sess_data->usersUserProfileId > 2) {
$rtnObj->loggedIn = true;
echo json_encode($rtnObj);
return;
} else {
$rtnObj->loggedIn = false;
$log->write("User login attempted for {$userId} - not email validated", 9);
echo json_encode($rtnObj);
return;
}
} else {
$cString = crypt($request->pass, "\$5\$poopingisalways1");
$log->write("Password validation failed -> crypt gives {$cString} vs. {$cPass}");
$rtnObj->loginName = "";
$rtnObj->loggedIn = false;
echo json_encode($rtnObj);
return;
}
}
$rtnObj->loginName = "";
$rtnObj->loggedIn = false;
echo json_encode($rtnObj);
return;
}
public function verifyUserAccount()
{
$sess = new ppg_session();
$this->dbAccess = $sess->start("verify.php");
$sess_data = $sess->get_data();
$log = new logger($sess_data->ppg_sessionId, "verify.php");
$log->write("Starting up");
$id = $_GET['id'];
if (strlen($id) == 40) {
if (preg_match("/^[[:alnum:]]+\$/", $id) == 0) {
$log->write("Input string is incorrect = {$id}", 9);
return;
}
$result = $this->dbAccess->db_prepare("SELECT id,user_profiles_id,handle FROM users USE INDEX (verify_long) WHERE verifylink = ?");
if (!$result) {
$log->write("Prepare failed", 1);
return;
}
$result->bind_param('s', $id);
$result->execute();
$result->bind_result($uId, $profId, $handle);
$rwCnt = 0;
while ($result->fetch()) {
$rwCnt++;
}
if ($rwCnt > 1) {
$log->write("Found more than one verify user", 9);
return;
} else {
if ($rwCnt == 1) {
if ($profId != 2) {
$log->write("User account for id = {$uId} currently set to {$profId}", 9);
header('Location: /index.html');
die;
}
$log->write("Creating new organisations record with name = {$handle} and users.id = {$uId}");
$result = $this->dbAccess->db_prepare("INSERT INTO `organisations` (\t\n \t\t\t\t\t`name`,\n \t\t\t\t\t`user_created_id`\n \t\t\t\t\t)\n \t\t\t\t\t\tVALUES(?,?)");
$result->bind_param('si', $handle, $uId);
$this->dbAccess->db_execute(2, $result);
$result = $this->dbAccess->db_prepare("SELECT `id` FROM `organisations` WHERE `user_created_id` = {$uId}");
$this->dbAccess->db_execute(3, $result);
$result->bind_result($orgId);
$rwCnt = 0;
while ($result->fetch()) {
$rwCnt++;
}
if ($rwCnt > 1) {
$log->write("Found more than one organisations record for this user", 3);
return;
} else {
if ($rwCnt == 1) {
$log->write("OrgId = {$orgId} / UserId = {$uId}");
$result = $this->dbAccess->db_prepare("UPDATE `users` SET `user_profiles_id` = 3,`organisations_id` = {$orgId} WHERE `id` = {$uId}");
$this->dbAccess->db_execute(4, $result);
$log->write("Activated account id = {$uId}");
header('Location: /index.html');
die;
}
}
} else {
$log->write("verify not found", 9);
return;
}
}
} else {
return;
}
}
