public function DoReg() { $fname = Database::prepData($_POST['first_name']); $lname = Database::prepData($_POST['last_name']); $email = Database::prepData($_POST['email']); $pass1 = Database::prepData($_POST['password']); $pass2 = Database::prepData($_POST['password2']); $phone = Database::prepData($_POST['phone']); $gender = Database::prepData($_POST['gender']); //Validation for email and password if ($pass1 != $pass2) { $_SESSION['err'][] = "<li>Passwords do not match! </li>"; } if ($this->emailExits($email)) { $_SESSION['err'][] = "<li>Email already exists! </li>"; } //Add new user if there are no errors if (count($_SESSION['err']) == 0) { $pass = md5($pass1); $code = randomkey(); $sql = "INSERT INTO `user`(`first_name`, `last_name`, `email`, `password`, `phone`, `is_activated`, `user_category_id`, `gender`,activation_code) VALUES('{$fname}','{$lname}','{$email}','{$pass}',{$phone}',0,2,'{$gender}','{$code}')"; Database::performQuery($sql); $_SESSION['name'] = $fname . ' ' . $lname; $_SESSION['email'] = $email1; $_SESSION['user_id'] = self::SetUserId($email); $_SESSION['live'] = 1; redirect_to(BASE_URL . '/?go=regPhoto'); } else { redirect_to(BASE_URL . '/?go=reg'); } }
/** * The new one... * * Function to insert Participant data while auto creating token if non is supported... * @param $sUser * @param $sPass * @param $iVid * @param $sParticipantData (FIRSTNAME;LASTNAME;EMAIL;LANG;TOKEN;VALIDFROM;VALIDTO;attrib1,attrib2,attrib3,attrib4,attrib5::) * @return unknown_type */ function insertParticipants($iVid, $sParticipantData) { global $connect; global $dbprefix; $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; include "lsrc.config.php"; //$this = new lsrcHelper(); // check for appropriate rights // if(!$this->checkUser($sUser, $sPass)) // { // throw new SoapFault("Authentication: ", "User or password wrong"); // exit; // } $this->debugLsrc("wir sind in " . __FUNCTION__ . " Line " . __LINE__ . ", {$iVid}, {$sParticipantData} "); // check if there is a $iVid, else abort if (!isset($iVid) || $iVid == '' || $iVid == 0) { return 0; } // check if the Survey we want to populate with data and tokens already exists, else -> Fault if (!$this->surveyExists($iVid)) { $this->debugLsrc("wir sind in " . __FUNCTION__ . " Line " . __LINE__ . ", survey does not exist "); return 0; } $this->createTokenTable($iVid); //set the Seperators to default if nothing is set in the lsrc.config.php if (!isset($sDatasetSeperator) || $sDatasetSeperator == '') { $sDatasetSeperator = "::"; } if (!isset($sDatafieldSeperator) || $sDatafieldSeperator == '') { $sDatafieldSeperator = ";"; } // prepare to fill the table lime_tokens_* // this is sensitiv, if the Seperator is not the defined one, almost everything could happen, BE AWARE OF YOUR SEPERATOR!... $asDataset = explode($sDatasetSeperator, $sParticipantData); // write the tokens to the token_table $iCountParticipants = count($asDataset); $iInsertedParticipants = 0; foreach ($asDataset as $sData) { //some extra sql statement comes in here later $attributes = ''; $attributesData = ''; $validity = ''; $validityData = ''; if ($sData != '') { $asDatafield = explode($sDatafieldSeperator, $sData); $checkCnt = 1; $iDataLength = count($asDatafield); for ($n = 0; $n >= $iDataLength; ++$n) { if ($asDatafield[$n] == '') { $asDatafield[$n] = null; } } // token generieren while ($checkCnt > 0) { $value = randomkey(10); //change randomkey value for different tokenlength (up to 36 chars max.) $cQuery = "select token from " . $dbprefix . "tokens_" . $iVid . " where token = '" . $value . "'; "; $result = db_execute_assoc($cQuery); $checkCnt = $result->RecordCount(); } if (!isset($asDatafield[4]) || $asDatafield[4] == '') { $asDatafield[4] = $value; } //set session language if no language is set if (!isset($asDatafield[3]) || $asDatafield[3] == '') { $asDatafield[3] = $_SESSION['lang']; } //Begin to prepare our statement here. One array for the columns to insert and a parallel array with the values. $insertColumns = array('firstname', 'lastname', 'email', 'language', 'token'); $insertValues = array($asDatafield[0], $asDatafield[1], $asDatafield[2], $asDatafield[3], $asDatafield[4]); if (isset($asDatafield[5]) && $asDatafield[5] != null) { //$validity .= ',validfrom'; //$validityData .=",'$asDatafield[5]'"; $insertColumns[] = 'validfrom'; $insertValues[] = $asDatafield[5]; } if (isset($asDatafield[6]) && $asDatafield[5] != null) { //$validity .= ',validuntil'; //$validityData .=",'$asDatafield[6]'"; $insertColumns[] = 'validuntil'; $insertValues[] = $asDatafield[6]; } if (isset($asDatafield[7]) && $asDatafield[7] != '') { $asAttributes = explode(",", $asDatafield[7]); $n = 0; foreach ($asAttributes as $attribute) { ++$n; //$check = "SELECT attribute_$n FROM {$dbprefix}_tokens_$iVid "; $sql = "ALTER TABLE {$dbprefix}tokens_{$iVid} ADD COLUMN attribute_{$n} VARCHAR(255); "; //$attributes.=",attribute_$n"; //$attributesData.= ",'$attribute'"; $insertColumns[] = "attribute_{$n}"; $insertValues[] = $attribute; $this->debugLsrc("wir sind in " . __FUNCTION__ . " Line " . __LINE__ . ", Attribute_{$n} mit {$attribute} anlegen ,sql: {$sql}"); //modify_database("","$sql"); $connect->Execute($sql); } } /*$sInsertParti = "INSERT INTO ".$dbprefix."tokens_".$iVid ."(firstname,lastname,email,token," ."language $validity $attributes) " ."VALUES ('{$asDatafield[0]}', '{$asDatafield[1]}' , '{$asDatafield[2]}', '{$asDatafield[4]}' , " ."'{$asDatafield[3]}' $validityData $attributesData) ";*/ $sInsertParti = "INSERT INTO {$dbprefix}tokens_{$iVid} (" . implode(',', $insertColumns) . ") VALUES (" . trim(str_repeat('?,', count($insertColumns)), ',') . ");"; $this->debugLsrc("{$sInsertParti}"); // $sInsertParti = "INSERT INTO ".$dbprefix."tokens_".$iVid // ."(firstname,lastname,email,emailstatus,token," // ."language,sent,completed,attribute_1,attribute_2,mpid)" // ."VALUES ('".$asDatafield[0]."' , // '".$asDatafield[1]."' , '".$asDatafield[2]."' , 'OK' , '".$asDatafield[5]."', // '".$_SESSION['lang']."', 'N', 'N', '".$asDatafield[3]."' , '".$asDatafield[4]."' , NULL); "; // if ($connect->Execute($sInsertParti, $insertValues)) { ++$iInsertedParticipants; // check participants eMail status and set it // see http://data.iana.org/TLD/tlds-alpha-by-domain.txt $maxrootdomainlength = 32; if (1 == preg_match("/^[_a-zA-Z0-9-]+(\\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\\.[a-zA-Z0-9-]+)*\\.(([0-9]{1,3})|([a-zA-Z]{2," . $maxrootdomainlength . "}))\$/ix", $asDatafield[2])) { $this->changeTable("tokens_" . $iVid, "emailstatus", "OK", "email='{$asDatafield[2]}'"); } // if(isset($asDatafield[7]) && $asDatafield[7]!='') // { // $asAttributes = explode(",", $asDatafield[7]); // $n=0; // foreach($asAttributes as $attribute) // { // // ++$n; // //$check = "SELECT attribute_$n FROM {$dbprefix}_tokens_$iVid "; // // $sql = "ALTER TABLE {$dbprefix}tokens_$iVid ADD COLUMN attribute_$n VARCHAR(255); "; // $attributes.=",attribute_$n"; // $attributesData.= ",'$attribute'"; // // $this->debugLsrc("wir sind in ".__FUNCTION__." Line ".__LINE__.", Attribute_$n mit $attribute anlegen ,sql: $sql"); // //modify_database("","$sql"); // $connect->Execute($sql); // // // $insert = "UPDATE {$dbprefix}tokens_$iVid " // . " SET attribute_$n='$attribute' WHERE token='$asDatafield[4]' "; // // $this->debugLsrc("$insert"); // $connect->Execute($insert); // } // } } } } return "" . $iCountParticipants . "Datasets given, " . $iInsertedParticipants . " rows inserted. "; }
if ($register_errormsg != "") { include "index.php"; exit; } //Check if this email already exists in token database $query = "SELECT email FROM {$dbprefix}tokens_{$surveyid}\n" . "WHERE email = " . db_quoteall(sanitize_email(returnglobal('register_email'))); $result = $connect->Execute($query) or safe_die($query . "<br />" . $connect->ErrorMsg()); //Checked if ($result->RecordCount() > 0) { $register_errormsg = $clang->gT("The email you used has already been registered."); include "index.php"; exit; } $mayinsert = false; while ($mayinsert != true) { $newtoken = randomkey(15); $ntquery = "SELECT * FROM {$dbprefix}tokens_{$surveyid} WHERE token='{$newtoken}'"; $ntresult = $connect->Execute($ntquery); //Checked if (!$ntresult->RecordCount()) { $mayinsert = true; } } $postfirstname = sanitize_xss_string(strip_tags(returnglobal('register_firstname'))); $postlastname = sanitize_xss_string(strip_tags(returnglobal('register_lastname'))); /*$postattribute1=sanitize_xss_string(strip_tags(returnglobal('register_attribute1'))); $postattribute2=sanitize_xss_string(strip_tags(returnglobal('register_attribute2'))); */ //Insert new entry into tokens db $query = "INSERT INTO {$dbprefix}tokens_{$surveyid}\n" . "(firstname, lastname, email, emailstatus, token)\n" . "VALUES (?, ?, ?, ?, ?)"; $result = $connect->Execute($query, array($postfirstname, $postlastname, returnglobal('register_email'), 'OK', $newtoken)) or safe_die($query . "<br />" . $connect->ErrorMsg()); //Checked - According to adodb docs the bound variables are quoted automatically
function setUserRightsCas($user, $role = "") { include_once "../config-defaults.php"; //include("../config.php"); //Not needed since config-defaults includes config.php $_SESSION['user'] = $user; $_SESSION['loginID'] = 1; $_SESSION['dateformat'] = 1; $_SESSION['adminlang'] = $defaultlang; $_SESSION['htmleditormode'] = 'default'; $_SESSION['checksessionpost'] = randomkey(10); $_SESSION['pw_notify'] = false; switch ($role) { case "admin": //echo "hallo"; $_SESSION['USER_RIGHT_CREATE_SURVEY'] = 1; $_SESSION['USER_RIGHT_CONFIGURATOR'] = 1; $_SESSION['USER_RIGHT_CREATE_USER'] = 1; $_SESSION['USER_RIGHT_DELETE_USER'] = 1; $_SESSION['USER_RIGHT_SUPERADMIN'] = 1; $_SESSION['USER_RIGHT_MANAGE_TEMPLATE'] = 1; $_SESSION['USER_RIGHT_MANAGE_LABEL'] = 1; break; default: //echo "default"; $_SESSION['USER_RIGHT_CREATE_SURVEY'] = 1; $_SESSION['USER_RIGHT_CONFIGURATOR'] = 1; $_SESSION['USER_RIGHT_CREATE_USER'] = 0; $_SESSION['USER_RIGHT_DELETE_USER'] = 0; $_SESSION['USER_RIGHT_SUPERADMIN'] = 0; $_SESSION['USER_RIGHT_MANAGE_TEMPLATE'] = 1; $_SESSION['USER_RIGHT_MANAGE_LABEL'] = 1; break; } }
if (!isset($tokenlength) || $tokenlength == '') { $tokenlength = 15; } // select all existing tokens $ntquery = "SELECT token FROM " . db_table_name("tokens_{$surveyid}") . " group by token"; $ntresult = db_execute_assoc($ntquery); while ($tkrow = $ntresult->FetchRow()) { $existingtokens[$tkrow['token']] = null; } $newtokencount = 0; $tkquery = "SELECT tid FROM " . db_table_name("tokens_{$surveyid}") . " WHERE token IS NULL OR token=''"; $tkresult = db_execute_assoc($tkquery) or safe_die("Mucked up!<br />{$tkquery}<br />" . $connect->ErrorMsg()); while ($tkrow = $tkresult->FetchRow()) { $isvalidtoken = false; while ($isvalidtoken == false) { $newtoken = randomkey($tokenlength); if (!isset($existingtokens[$newtoken])) { $isvalidtoken = true; $existingtokens[$newtoken] = null; } } $itquery = "UPDATE " . db_table_name("tokens_{$surveyid}") . " SET token='{$newtoken}' WHERE tid={$tkrow['tid']}"; $itresult = $connect->Execute($itquery); $newtokencount++; } $message = str_replace("{TOKENCOUNT}", $newtokencount, $clang->gT("{TOKENCOUNT} tokens have been created")); $tokenoutput .= "<div class='successheader'>{$message}</div>\n"; } $tokenoutput .= "</div>\n"; } if ($subaction == "delete" && (bHasRight($surveyid, 'edit_survey_property') || bHasRight($surveyid, 'activate_survey'))) {
} else { //get one time pw from db $srow = $result->FetchRow(); $otpw = $srow['one_time_pw']; //check if passed password and one time password from database DON'T match if ($pw != $otpw) { //no match -> warning $loginsummary = "<p>" . $clang->gT("Passed single-use password was wrong or user doesn't exist") . "<br />"; $loginsummary .= "<br /><br /><a href='{$scriptname}'>" . $clang->gT("Continue") . "</a><br /> \n"; } else { //delete one time password in database $uquery = "UPDATE " . db_table_name('users') . "\n\t\t\t\t\tSET one_time_pw=''\n\t\t\t\t\tWHERE users_name='" . db_quote($user) . "'"; $uresult = $connect->Execute($uquery); //data necessary for following functions $_SESSION['user'] = $srow['users_name']; $_SESSION['checksessionpost'] = randomkey(10); $_SESSION['loginID'] = $srow['uid']; $_SESSION['dateformat'] = $srow['dateformat']; $_SESSION['htmleditormode'] = $srow['htmleditormode']; $_SESSION['full_name'] = $srow['full_name']; GetSessionUserRights($_SESSION['loginID']); // Check if the user has changed his default password if (strtolower($srow['password']) == 'password') { $_SESSION['pw_notify'] = true; } else { $_SESSION['pw_notify'] = false; } //delete passed information unset($_GET['user']); unset($_GET['onepass']); }
} else { $utquery .= "SET completed='Y'\n"; } $utquery .= "WHERE token='{$_POST['token']}'"; $utresult = $connect->Execute($utquery) or safe_die("Couldn't update tokens table!<br />\n{$utquery}<br />\n" . $connect->ErrorMsg()); } if (isset($_POST['save']) && $_POST['save'] == "on") { $srid = $connect->Insert_ID(); //CREATE ENTRY INTO "saved_control" $scdata = array("sid" => $surveyid, "srid" => $srid, "identifier" => $saver['identifier'], "access_code" => $password, "email" => $saver['email'], "ip" => $_SERVER['REMOTE_ADDR'], "refurl" => getenv("HTTP_REFERER"), 'saved_thisstep' => 0, "status" => "S", "saved_date" => date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust)); if ($connect->AutoExecute("{$dbprefix}saved_control", $scdata, 'INSERT')) { $scid = $connect->Insert_ID("{$dbprefix}saved_control", "scid"); $dataentryoutput .= "<font class='successtitle'>" . $clang->gT("Your survey responses have been saved successfully. You will be sent a confirmation e-mail. Please make sure to save your password, since we will not be able to retrieve it for you.") . "</font><br />\n"; $tkquery = "SELECT * FROM " . db_table_name("tokens_{$surveyid}"); if ($tkresult = $connect->Execute($tkquery)) { $tokendata = array("firstname" => $saver['identifier'], "lastname" => $saver['identifier'], "email" => $saver['email'], "token" => randomkey(15), "language" => $saver['language'], "sent" => date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i", $timeadjust), "completed" => "N"); $connect->AutoExecute(db_table_name("tokens_" . $surveyid), $tokendata, 'INSERT'); $dataentryoutput .= "<font class='successtitle'>" . $clang->gT("A token entry for the saved survey has been created too.") . "</font><br />\n"; } if ($saver['email']) { //Send email if (validate_email($saver['email']) && !returnglobal('redo')) { $subject = $clang->gT("Saved Survey Details"); $message = $clang->gT("Thank you for saving your survey in progress. The following details can be used to return to this survey and continue where you left off. Please keep this e-mail for your reference - we cannot retrieve the password for you."); $message .= "\n\n" . $thissurvey['name'] . "\n\n"; $message .= $clang->gT("Name") . ": " . $saver['identifier'] . "\n"; $message .= $clang->gT("Password") . ": " . $saver['password'] . "\n\n"; $message .= $clang->gT("Reload your survey by clicking on the following link (or pasting it into your browser):") . ":\n"; $message .= $publicurl . "/index.php?sid={$surveyid}&loadall=reload&scid=" . $scid . "&lang=" . urlencode($saver['language']) . "&loadname=" . urlencode($saver['identifier']) . "&loadpass="******"&token=" . $tokendata['token'];