public function changePwd($email, $ucode, $newPwd) { $query = "select count(1) from user_registration where emailaddress=\"" . Coder::cleanXSS($this->db, $email) . "\" and uniqCode=\"{$ucode}\""; if ($this->db->query($query) != 1) { throw new Exception("Invalid URL", -1); } else { $newPwd = Auth::encrypt($newPwd); $query = "update user_registration set pwd=\"{$newPwd}\" where \n\t\t\t\temailaddress=\"{$email}\" and uniqCode=\"{$ucode}\" limit 1"; $this->db->query($query); } }
public function login($emailaddress, $password) { $emailaddress = Coder::cleanXSS($this->db, $emailaddress); //$password = Coder::cleanXSS($this->db, $password); $password = Auth::encrypt($password); $query = "select userID, userStatus from user_registration where emailaddress=\"{$emailaddress}\" and pwd=\"{$password}\""; //and userStatus='active'"; $result = $this->db->query($query); if (!is_array($result) || count($result) < 1 || !isset($result[0]["userID"])) { throw new Exception("incorrect email address or password", -1); } if ($result[0]["userStatus"] != 'active') { throw new Exception("user's email address is not verified", -1); } $userID = $result[0]["userID"]; if ($userID <= 0) { throw new Exception("current user is not allowed to login", -1); } $this->setupSession($userID); return $this; }
private function createLocalUser($fields) { if (!isset($fields['emailaddress']) || !isset($fields['displayName']) || !isset($fields['pwd'])) { throw new Exception("incorrect parameters", -11); } $keys = $values = "("; foreach ($fields as $key => $value) { $key = Coder::cleanXSS($this->db, $key); if ($key == 'pwd') { $value = Auth::encrypt($value); } else { $value = Coder::cleanXSS($this->db, $value); } $fields[$key] = $value; $keys .= "{$key}, "; $values .= "\"{$value}\", "; } /* * Function: disable email verification * Date: 2016/03/01 $uniqCode = Coder::createRandomCode(); $mailer = new Mailer(); $result = $mailer->sendVerification($fields['emailaddress'], $fields['displayName'], $uniqCode); if ($result == false) throw new Exception("failed to send verification email", -1); $keys .= "uniqCode, userStatus, createdDateTime, updatedDateTime)"; $values .= "\"$uniqCode\", \"pending\", now(), now())"; */ $keys .= "uniqCode, userStatus, createdDateTime, updatedDateTime)"; $values .= "\"{$uniqCode}\", \"active\", now(), now())"; $query = "insert into user_registration {$keys} values {$values}"; return $this->db->query($query); }
private function view2model() { $model = $this->replyResult["reply"]; Coder::cleanXSS($this->db, $model["parentReplyID"], "int"); Coder::cleanXSS($this->db, $model["newsID"], "int"); Coder::cleanXSS($this->db, $model["userID"], "int"); Coder::cleanXSS($this->db, $model["replyStatement"]); Coder::cleanXSS($this->db, $model["replyContent"]); Coder::cleanXSS($this->db, $model["replyType"]); return $model; }