function change_user_details($user_name, $user_email, $user_password) { $user_id = $_SESSION['user_id']; if (validate_user_name($user_name) != true) { return '<span class="error_span">Name must be <u>letters only</u> and be <u>2 to 12 letters long</u>. If your name is longer, use a short version of your name</span>'; } if (validate_user_email($user_email) != true) { return '<span class="error_span">Email must be a valid email address and be no more than 50 characters long</span>'; } elseif (validate_user_password($user_password) != true && !empty($user_password)) { return '<span class="error_span">Password must be at least 4 characters</span>'; } elseif (user_name_exists($user_name, $conn) == true && $user_name != $_SESSION['user_name']) { return '<span class="error_span">Name is already in use. If you have the same name as someone else, use another spelling that identifies you</span>'; } elseif (user_email_exists($user_email) == true && $user_email != $_SESSION['user_email']) { return '<span class="error_span">Email is already registered</span>'; } else { if (empty($user_password)) { mysqli_query($conn, "UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysqli_error($conn)) . '</span>'); } else { $user_password = encrypt_password($user_password); mysqli_query($conn, "UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}', user_password='******' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysqli_error($conn)) . '</span>'); } mysqli_query($conn, "UPDATE " . global_mysql_reservations_table . " SET reservation_user_name='{$user_name}', reservation_user_email='{$user_email}' WHERE reservation_user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysqli_error($conn)) . '</span>'); $_SESSION['user_name'] = $user_name; $_SESSION['user_email'] = $user_email; $user_password = strip_salt($user_password); setcookie(global_cookie_prefix . '_user_email', $user_email, time() + 3600 * 24 * intval(global_remember_login_days)); setcookie(global_cookie_prefix . '_user_password', $user_password, time() + 3600 * 24 * intval(global_remember_login_days)); return 1; } }
function remindme($lang) { $with_name = true; $with_captcha = true; $action = 'init'; if (isset($_POST['remindme_send'])) { $action = 'remindme'; } $login = $confirmed = $code = $token = false; if (!empty($_SESSION['login'])) { $login = $_SESSION['login']; } else { if (!empty($_SESSION['user']['name'])) { $login = $_SESSION['user']['name']; } else { if (!empty($_SESSION['user']['mail'])) { $login = $_SESSION['user']['mail']; } } } switch ($action) { case 'remindme': if (isset($_POST['remindme_login'])) { $login = strtolower(strflat(readarg($_POST['remindme_login']))); } if (isset($_POST['remindme_confirmed'])) { $confirmed = readarg($_POST['remindme_confirmed']) == 'on' ? true : false; } if (isset($_POST['remindme_code'])) { $code = readarg($_POST['remindme_code']); } if (isset($_POST['remindme_token'])) { $token = readarg($_POST['remindme_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_login = false; $bad_login = false; $missing_confirmation = false; $email_sent = false; $user_page = false; $internal_error = false; $contact_page = false; switch ($action) { case 'remindme': if (!isset($_SESSION['remindme_token']) or $token != $_SESSION['remindme_token']) { $bad_token = true; } if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['remindme']) ? $_SESSION['captcha']['remindme'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } if (!$login) { $missing_login = true; } else { if ((!validate_user_name($login) or !is_user_name_allowed($login)) and (!validate_mail($login) or !is_mail_allowed($login))) { $bad_login = true; } } if (!$confirmed) { $missing_confirmation = true; } break; default: break; } switch ($action) { case 'remindme': if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_confirmation) { break; } require_once 'models/user.inc'; $user_id = user_find($login); if (!$user_id) { $bad_login = true; require_once 'log.php'; write_log('password.err', substr($login, 0, 40)); break; } $user = user_get($user_id); if (!$user) { $internal_error = true; break; } if (!$user['user_active'] or $user['user_banned']) { $bad_login = true; break; } require_once 'newpassword.php'; $newpassword = newpassword(); if (!user_set_newpassword($user_id, $newpassword)) { $internal_error = true; break; } require_once 'emailcrypto.php'; global $sitename, $webmaster; $to = $user['user_mail']; $subject = translate('email:new_password_subject', $lang); $msg = translate('email:new_password_text', $lang) . "\n\n" . translate('email:salutations', $lang); if (!emailcrypto($msg, $newpassword, $to, $subject, $webmaster)) { $internal_error = true; } else { $email_sent = $to; } $confirmed = false; break; default: break; } if ($internal_error) { $contact_page = url('contact', $lang); } else { if ($email_sent) { $user_page = url('user', $lang); } } $_SESSION['remindme_token'] = $token = token_id(); $errors = compact('missing_login', 'bad_login', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page'); $infos = compact('email_sent', 'user_page'); $output = view('remindme', $lang, compact('token', 'with_captcha', 'with_name', 'login', 'confirmed', 'errors', 'infos')); return $output; }
function Validate_Request() { global $persistent; unset($errors); foreach ($_REQUEST as $key => $val) { switch ($key) { case "first_name": if (validate_first_name($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "last_name": if (validate_last_name($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "ID": if (validate_ID($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "user_name": if (validate_user_name($val)) { if (!checkIfUserNameExsists($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } } else { $persistent[$key] = ""; } break; case "pass1": if (validate_pass1($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "pass2": if (validate_pass2($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "email": if (validate_email($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "year_of_birth": if (validate_YearOfBirth($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "phone": if (validate_Phone($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "cell_phone": if (validate_CellPhone($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "city": if (validate_city($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "street": if (validate_street($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "house_number": if (validate_houseNumber($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "father_name": if (validate_father_name($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "mother_name": if (validate_mother_name($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "father_phone": if (validate_father_CellPhone($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "mother_phone": if (validate_mother_CellPhone($val)) { $persistent[$key] = $val; } else { $persistent[$key] = ""; } break; case "memberOfGroup": $persistent[$key] = $val; break; case "year_of_birth": $persistent[$key] = $val; break; case "month_of_birth": $persistent[$key] = $val; break; case "day_of_birth": $persistent[$key] = $val; break; } } }
function login($lang) { $with_name = true; $with_captcha = true; $with_facebook = false; $with_newuser = true; $with_newpassword = true; if ($with_facebook) { require_once 'facebook.php'; $facebook = facebook(); } $login = $password = $code = $token = false; if (isset($_SESSION['login'])) { $login = $_SESSION['login']; } $action = 'init'; if (isset($_POST['login_enter'])) { $action = 'enter'; } switch ($action) { case 'init': if ($with_facebook) { $facebook_user = $facebook->getUser(); if ($facebook_user) { try { $facebook_user_profile = $facebook->api('/me', 'GET'); if (!empty($facebook_user_profile['email'])) { $login = $facebook_user_profile['email']; } $action = 'facebook'; } catch (FacebookApiException $e) { } $facebook->destroySession(); } } break; case 'enter': if (isset($_POST['login_login'])) { $login = strtolower(strflat(readarg($_POST['login_login']))); } if (isset($_POST['login_password'])) { $password = readarg($_POST['login_password']); } if (isset($_POST['login_code'])) { $code = readarg($_POST['login_code']); } if (isset($_POST['login_token'])) { $token = readarg($_POST['login_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_login = false; $bad_login = false; $missing_password = false; $access_denied = false; switch ($action) { case 'enter': if (!isset($_SESSION['login_token']) or $token != $_SESSION['login_token']) { $bad_token = true; break; } if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['login']) ? $_SESSION['captcha']['login'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } if (!$password) { $missing_password = true; } /* fall thru */ /* fall thru */ case 'facebook': if (!$login) { $missing_login = true; } else { if (!(validate_user_name($login) or validate_mail($login))) { $bad_login = true; } } break; default: break; } switch ($action) { case 'enter': case 'facebook': if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_password) { break; } require_once 'models/user.inc'; $user = user_login($login, $password); if (!$user) { $access_denied = true; require_once 'log.php'; write_log('enter.err', substr($login, 0, 100)); $_SESSION['login'] = $login; break; } $user['ip'] = client_ip_address(); if (in_array('administrator', $user['role'])) { require_once 'serveripaddress.php'; require_once 'emailme.php'; global $sitename; $ip = server_ip_address(); $timestamp = strftime('%Y-%m-%d %H:%M:%S', time()); $subject = 'login' . '@' . $sitename; $msg = $ip . ' ' . $timestamp . ' ' . $user['id'] . ' ' . $lang . ' ' . $user['ip']; @emailme($subject, $msg); if ($action == 'facebook') { $access_denied = true; break; } } session_regenerate(); $_SESSION['user'] = $user; unset($_SESSION['login']); unset($_SESSION['login_token']); return true; default: break; } $connectbar = false; if ($with_facebook) { $scope = 'email'; $facebook_login_url = $facebook->getLoginUrl(compact('scope')); $connectbar = view('connect', $lang, compact('facebook_login_url')); } $password_page = $with_newpassword ? url('password', $lang) : false; $newuser_page = $with_newuser ? url('newuser', $lang) : false; $_SESSION['login_token'] = $token = token_id(); $errors = compact('missing_code', 'bad_code', 'missing_login', 'bad_login', 'missing_password', 'access_denied'); $output = view('login', $lang, compact('token', 'connectbar', 'with_captcha', 'with_name', 'password_page', 'newuser_page', 'login', 'errors')); return $output; }
function useredit($lang, $user_id) { global $system_languages, $supported_roles; $is_admin = user_has_role('administrator'); $is_owner = $user_id == user_profile('id'); $with_name = true; $with_status = ($user_id != 1 and $is_admin); $with_delete = ($user_id != 1 and $is_admin and !$is_owner); $with_newpassword = false; // ($user_id != 1 and $is_owner); $with_locale = count($system_languages) > 1 ? true : false; $with_role = ($user_id != 1 and $is_admin); $with_timezone = ($user_id != 1 and $is_admin); $with_website = true; $with_info = false; $confirmed = false; $action = 'init'; if (isset($_POST['useredit_modify'])) { $action = 'modify'; } if ($with_newpassword) { if (isset($_POST['useredit_change'])) { $action = 'change'; } } if ($with_delete) { if (isset($_POST['useredit_delete'])) { $action = 'delete'; } else { if (isset($_POST['useredit_confirmdelete'])) { $action = 'delete'; $confirmed = true; } else { if (isset($_POST['useredit_cancel'])) { $action = 'cancel'; } } } } $user_name = $user_mail = $user_locale = $user_timezone = false; $user_website = false; $user_active = $user_banned = false; $user_accessed = false; $user_role = false; $user_newpassword = false; $user_lastname = $user_firstname = false; $token = false; switch ($action) { case 'init': case 'reset': $r = user_get($user_id); if ($r) { extract($r); /* user_name user_password user_newpassword user_seed user_mail user_timezone user_website user_created user_modified user_accessed user_locale user_active user_banned */ } $user_newpassword = false; if ($with_info) { $r = user_get_info($user_id); if ($r) { extract($r); /* user_lastname, user_firstname */ } } if ($with_role) { $user_role = user_get_role($user_id); } break; case 'modify': case 'change': case 'delete': case 'cancel': if ($with_info) { if (isset($_POST['useredit_lastname'])) { $user_lastname = readarg($_POST['useredit_lastname']); } if (isset($_POST['useredit_firstname'])) { $user_firstname = readarg($_POST['useredit_firstname']); } } if (isset($_POST['useredit_name'])) { $user_name = strtolower(strflat(readarg($_POST['useredit_name']))); } if (isset($_POST['useredit_mail'])) { $user_mail = strtolower(strflat(readarg($_POST['useredit_mail']))); } if (isset($_POST['useredit_website'])) { $user_website = strtolower(strflat(readarg($_POST['useredit_website']))); } if (isset($_POST['useredit_timezone'])) { $user_timezone = readarg($_POST['useredit_timezone']); } if (isset($_POST['useredit_locale'])) { $user_locale = readarg($_POST['useredit_locale']); } if ($with_role) { if (isset($_POST['useredit_role'])) { $user_role = readarg($_POST['useredit_role']); } } if ($with_status) { if (isset($_POST['useredit_active'])) { $user_active = readarg($_POST['useredit_active']) == 'on'; } if (isset($_POST['useredit_banned'])) { $user_banned = readarg($_POST['useredit_banned']) == 'on'; } if (isset($_POST['useredit_accessed'])) { $user_accessed = (int) readarg($_POST['useredit_accessed']); } } if ($with_newpassword) { if (isset($_POST['useredit_newpassword'])) { $user_newpassword = readarg($_POST['useredit_newpassword']); } } if (isset($_POST['useredit_token'])) { $token = readarg($_POST['useredit_token']); } break; default: break; } $bad_token = false; $missing_lastname = false; $missing_firstname = false; $missing_name = false; $bad_name = false; $duplicated_name = false; $missing_mail = false; $bad_mail = false; $duplicated_mail = false; $bad_role = false; $bad_website = false; $missing_locale = false; $bad_locale = false; $bad_timezone = false; $missing_newpassword = false; $bad_newpassword = false; $account_modified = false; $password_changed = false; $internal_error = false; $contact_page = false; switch ($action) { case 'modify': if (!isset($_SESSION['useredit_token']) or $token != $_SESSION['useredit_token']) { $bad_token = true; } if ($with_info) { if (!$user_lastname) { $missing_lastname = true; } if (!$user_firstname) { $missing_firstname = true; } } if ($with_name and !$user_name) { $missing_name = true; } if ($user_name) { if (!validate_user_name($user_name)) { $bad_name = true; } else { if (!user_check_name($user_name, $user_id)) { $duplicated_name = true; } } } if (!$user_mail) { $missing_mail = true; } else { if (!validate_mail($user_mail)) { $bad_mail = true; } else { if (!user_check_mail($user_mail, $user_id)) { $duplicated_mail = true; } } } if ($user_role) { foreach ($user_role as $role) { if (!validate_role($role)) { $bad_role = true; break; } } } if ($user_website) { if (!validate_website($user_website)) { $bad_website = true; } else { $user_website = normalize_website($user_website); } } if ($user_timezone) { if (!validate_timezone($user_timezone)) { $bad_timezone = true; } } if ($with_locale and !$user_locale) { $missing_locale = true; } if ($user_locale) { if (!validate_locale($user_locale)) { $bad_locale = true; } } break; case 'change': if (!$user_newpassword) { $missing_newpassword = true; } else { if (!validate_password($user_newpassword)) { $bad_newpassword = true; } } break; default: break; } $confirm_delete = false; switch ($action) { case 'modify': if ($bad_token or $missing_name or $bad_name or $duplicated_name or $missing_mail or $bad_mail or $duplicated_mail or $bad_role or $bad_website or $bad_timezone or $missing_locale or $bad_locale or $missing_lastname or $missing_firstname) { break; } $r = user_set($user_id, $user_name, $user_mail, $user_website, $user_locale, $user_timezone); if (!$r) { $internal_error = true; break; } if ($is_owner) { $_SESSION['user']['name'] = $user_name; $_SESSION['user']['mail'] = $user_mail; $_SESSION['user']['website'] = $user_website; $_SESSION['user']['locale'] = $user_locale; $_SESSION['user']['timezone'] = $user_timezone; } if ($with_info) { $r = user_set_info($user_id, $user_lastname, $user_firstname); if (!$r) { $internal_error = true; break; } if ($is_owner) { $_SESSION['user']['lastname'] = $user_lastname; $_SESSION['user']['firstname'] = $user_firstname; } } if ($with_role) { $r = user_set_role($user_id, $user_role); if (!$r) { $internal_error = true; break; } } if ($with_status) { $r = user_set_status($user_id, $user_active, $user_banned); if (!$r) { $internal_error = true; break; } } $account_modified = true; break; case 'change': if ($missing_newpassword or $bad_newpassword) { break; } $r = user_set_newpassword($user_id, $user_newpassword); if (!$r) { $internal_error = true; break; } $password_changed = true; break; case 'delete': if (!$confirmed) { $confirm_delete = true; break; } $r = user_delete($user_id); if (!$r) { $internal_error = true; break; } return false; default: break; } $user_newpassword = false; if ($internal_error) { $contact_page = url('contact', $lang); } $_SESSION['useredit_token'] = $token = token_id(); $errors = compact('missing_name', 'bad_name', 'duplicated_name', 'missing_mail', 'bad_mail', 'duplicated_mail', 'bad_timezone', 'bad_website', 'missing_locale', 'bad_locale', 'missing_newpassword', 'bad_newpassword', 'missing_lastname', 'missing_firstname', 'internal_error', 'contact_page'); $infos = compact('account_modified', 'password_changed'); $output = view('useredit', $lang, compact('token', 'errors', 'infos', 'with_name', 'user_name', 'user_mail', 'with_timezone', 'user_timezone', 'with_website', 'user_website', 'with_role', 'user_role', 'supported_roles', 'with_locale', 'user_locale', 'with_status', 'user_banned', 'user_active', 'user_accessed', 'with_newpassword', 'user_newpassword', 'with_info', 'user_lastname', 'user_firstname', 'with_delete', 'confirm_delete')); return $output; }
function login() { if (validate_user_name($_POST["uname"])) { $uname = $_POST["uname"]; } else { return FALSE; } if (validate_pass1($_POST["passwd"])) { $hash_passwd = md5($_POST["passwd"]); } else { return FALSE; } $sql = "SELECT username, Password FROM USERS where username = '******' AND Password='******'"; $result = executeQuary($sql); if ($myRecord = mysql_fetch_array($result)) { if ($uname == $myRecord['username'] && $hash_passwd == $myRecord['Password']) { $this->setUname($uname); $tmpPassArr[1] = $_POST["passwd"]; $tmpPassArr[2] = $_POST["passwd"]; $this->setPasswd($tmpPassArr); $this->getUserDetails(); return true; } else { return false; } } else { return false; } }
function change_user_details($user_name, $user_email, $user_password) { $user_id = $_SESSION['user_id']; if (validate_user_name($user_name) != true) { // return('<span class="error_span">Name must be <u>letters only</u> and be <u>2 to 12 letters long</u>. If your name is longer, use a short version of your name</span>'); return '<span class="error_span">El "Número de Alumno"solo admite <u>números</u>. Entre 3 y 6 dígitos</span>'; } if (validate_user_email($user_email) != true) { return '<span class="error_span">El Email debe ser válido y no tener más de 50 caracteres.</span>'; } elseif (validate_user_password($user_password) != true && !empty($user_password)) { return '<span class="error_span">El Password debe tener un mínimo de 4 caracteres</span>'; } elseif (user_name_exists($user_name) == true && $user_name != $_SESSION['user_name']) { return '<span class="error_span">Ese número de alumno ya fue utilizado</span>'; } elseif (user_email_exists($user_email) == true && $user_email != $_SESSION['user_email']) { return '<span class="error_span">Email ya registrado</span>'; } else { if (empty($user_password)) { mysql_query("UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>'); } else { $user_password = encrypt_password($user_password); mysql_query("UPDATE " . global_mysql_users_table . " SET user_name='{$user_name}', user_email='{$user_email}', user_password='******' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>'); } mysql_query("UPDATE " . global_mysql_reservations_table . " SET reservation_user_name='{$user_name}', reservation_user_email='{$user_email}' WHERE reservation_user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysql_error()) . '</span>'); $_SESSION['user_name'] = $user_name; $_SESSION['user_email'] = $user_email; $user_password = strip_salt($user_password); setcookie(global_cookie_prefix . '_user_email', $user_email, time() + 3600 * 24 * intval(global_remember_login_days)); setcookie(global_cookie_prefix . '_user_password', $user_password, time() + 3600 * 24 * intval(global_remember_login_days)); return 1; } }