+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Account</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>\r
-Hey, $loggedInUser->displayname. This is an example secure page designed to demonstrate some of the basic features of UserCake. Just so you know, your title at the moment is $loggedInUser->title, and that can be changed in the admin panel. You registered this account on " . date("M d, Y", $loggedInUser->signupTimeStamp()) . ".\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php \r
-/*\r
-UserCake Version: 2.0.1\r
-http://usercake.com\r
-*/\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Get token param\r
-if(isset($_GET["token"]))\r
-{ \r
- $token = $_GET["token"]; \r
- if(!isset($token))\r
- {\r
- $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
- }\r
- else if(!validateActivationToken($token)) //Check for a valid token. Must exist and active must be = 0\r
- {\r
- $errors[] = lang("ACCOUNT_TOKEN_NOT_FOUND");\r
- }\r
- else\r
- {\r
- //Activate the users account\r
- if(!setUserActive($token))\r
- {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
-}\r
-else\r
-{\r
- $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
-}\r
-\r
-if(count($errors) == 0) {\r
- $successes[] = lang("ACCOUNT_ACTIVATION_COMPLETE");\r
-}\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Activate Account</h2>\r
-\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Forms posted\r
-if(!empty($_POST))\r
-{\r
- $cfgId = array();\r
- $newSettings = $_POST['settings'];\r
- \r
- //Validate new site name\r
- if ($newSettings[1] != $websiteName) {\r
- $newWebsiteName = $newSettings[1];\r
- if(minMaxRange(1,150,$newWebsiteName))\r
- {\r
- $errors[] = lang("CONFIG_NAME_CHAR_LIMIT",array(1,150));\r
- }\r
- else if (count($errors) == 0) {\r
- $cfgId[] = 1;\r
- $cfgValue[1] = $newWebsiteName;\r
- $websiteName = $newWebsiteName;\r
- }\r
- }\r
- \r
- //Validate new URL\r
- if ($newSettings[2] != $websiteUrl) {\r
- $newWebsiteUrl = $newSettings[2];\r
- if(minMaxRange(1,150,$newWebsiteUrl))\r
- {\r
- $errors[] = lang("CONFIG_URL_CHAR_LIMIT",array(1,150));\r
- }\r
- else if (substr($newWebsiteUrl, -1) != "/"){\r
- $errors[] = lang("CONFIG_INVALID_URL_END");\r
- }\r
- else if (count($errors) == 0) {\r
- $cfgId[] = 2;\r
- $cfgValue[2] = $newWebsiteUrl;\r
- $websiteUrl = $newWebsiteUrl;\r
- }\r
- }\r
- \r
- //Validate new site email address\r
- if ($newSettings[3] != $emailAddress) {\r
- $newEmail = $newSettings[3];\r
- if(minMaxRange(1,150,$newEmail))\r
- {\r
- $errors[] = lang("CONFIG_EMAIL_CHAR_LIMIT",array(1,150));\r
- }\r
- elseif(!isValidEmail($newEmail))\r
- {\r
- $errors[] = lang("CONFIG_EMAIL_INVALID");\r
- }\r
- else if (count($errors) == 0) {\r
- $cfgId[] = 3;\r
- $cfgValue[3] = $newEmail;\r
- $emailAddress = $newEmail;\r
- }\r
- }\r
- \r
- //Validate email activation selection\r
- if ($newSettings[4] != $emailActivation) {\r
- $newActivation = $newSettings[4];\r
- if($newActivation != "true" AND $newActivation != "false")\r
- {\r
- $errors[] = lang("CONFIG_ACTIVATION_TRUE_FALSE");\r
- }\r
- else if (count($errors) == 0) {\r
- $cfgId[] = 4;\r
- $cfgValue[4] = $newActivation;\r
- $emailActivation = $newActivation;\r
- }\r
- }\r
- \r
- //Validate new email activation resend threshold\r
- if ($newSettings[5] != $resend_activation_threshold) {\r
- $newResend_activation_threshold = $newSettings[5];\r
- if($newResend_activation_threshold > 72 OR $newResend_activation_threshold < 0)\r
- {\r
- $errors[] = lang("CONFIG_ACTIVATION_RESEND_RANGE",array(0,72));\r
- }\r
- else if (count($errors) == 0) {\r
- $cfgId[] = 5;\r
- $cfgValue[5] = $newResend_activation_threshold;\r
- $resend_activation_threshold = $newResend_activation_threshold;\r
- }\r
- }\r
- \r
- //Validate new language selection\r
- if ($newSettings[6] != $language) {\r
- $newLanguage = $newSettings[6];\r
- if(minMaxRange(1,150,$language))\r
- {\r
- $errors[] = lang("CONFIG_LANGUAGE_CHAR_LIMIT",array(1,150));\r
- }\r
- elseif (!file_exists($newLanguage)) {\r
- $errors[] = lang("CONFIG_LANGUAGE_INVALID",array($newLanguage)); \r
- }\r
- else if (count($errors) == 0) {\r
- $cfgId[] = 6;\r
- $cfgValue[6] = $newLanguage;\r
- $language = $newLanguage;\r
- }\r
- }\r
- \r
- //Validate new template selection\r
- if ($newSettings[7] != $template) {\r
- $newTemplate = $newSettings[7];\r
- if(minMaxRange(1,150,$template))\r
- {\r
- $errors[] = lang("CONFIG_TEMPLATE_CHAR_LIMIT",array(1,150));\r
- }\r
- elseif (!file_exists($newTemplate)) {\r
- $errors[] = lang("CONFIG_TEMPLATE_INVALID",array($newTemplate)); \r
- }\r
- else if (count($errors) == 0) {\r
- $cfgId[] = 7;\r
- $cfgValue[7] = $newTemplate;\r
- $template = $newTemplate;\r
- }\r
- }\r
- \r
- //Update configuration table with new settings\r
- if (count($errors) == 0 AND count($cfgId) > 0) {\r
- updateConfig($cfgId, $cfgValue);\r
- $successes[] = lang("CONFIG_UPDATE_SUCCESSFUL");\r
- }\r
-}\r
-\r
-$languages = getLanguageFiles(); //Retrieve list of language files\r
-$templates = getTemplateFiles(); //Retrieve list of template files\r
-$permissionData = fetchAllPermissions(); //Retrieve list of all permission levels\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Configuration</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<div id='regbox'>\r
-<form name='adminConfiguration' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<p>\r
-<label>Website Name:</label>\r
-<input type='text' name='settings[".$settings['website_name']['id']."]' value='".$websiteName."' />\r
-</p>\r
-<p>\r
-<label>Website URL:</label>\r
-<input type='text' name='settings[".$settings['website_url']['id']."]' value='".$websiteUrl."' />\r
-</p>\r
-<p>\r
-<label>Email:</label>\r
-<input type='text' name='settings[".$settings['email']['id']."]' value='".$emailAddress."' />\r
-</p>\r
-<p>\r
-<label>Activation Threshold:</label>\r
-<input type='text' name='settings[".$settings['resend_activation_threshold']['id']."]' value='".$resend_activation_threshold."' />\r
-</p>\r
-<p>\r
-<label>Language:</label>\r
-<select name='settings[".$settings['language']['id']."]'>";\r
-\r
-//Display language options\r
-foreach ($languages as $optLang){\r
- if ($optLang == $language){\r
- echo "<option value='".$optLang."' selected>$optLang</option>";\r
- }\r
- else {\r
- echo "<option value='".$optLang."'>$optLang</option>";\r
- }\r
-}\r
-\r
-echo "\r
-</select>\r
-</p>\r
-<p>\r
-<label>Email Activation:</label>\r
-<select name='settings[".$settings['activation']['id']."]'>";\r
-\r
-//Display email activation options\r
-if ($emailActivation == "true"){\r
- echo "\r
- <option value='true' selected>True</option>\r
- <option value='false'>False</option>\r
- </select>";\r
-}\r
-else {\r
- echo "\r
- <option value='true'>True</option>\r
- <option value='false' selected>False</option>\r
- </select>";\r
-}\r
-\r
-echo "</p>\r
-<p>\r
-<label>Template:</label>\r
-<select name='settings[".$settings['template']['id']."]'>";\r
-\r
-//Display template options\r
-foreach ($templates as $temp){\r
- if ($temp == $template){\r
- echo "<option value='".$temp."' selected>$temp</option>";\r
- }\r
- else {\r
- echo "<option value='".$temp."'>$temp</option>";\r
- }\r
-}\r
-\r
-echo "\r
-</select>\r
-</p>\r
-<input type='submit' name='Submit' value='Submit' />\r
-</form>\r
-</div>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-$pageId = $_GET['id'];\r
-\r
-//Check if selected pages exist\r
-if(!pageIdExists($pageId)){\r
- header("Location: admin_pages.php"); die(); \r
-}\r
-\r
-$pageDetails = fetchPageDetails($pageId); //Fetch information specific to page\r
-\r
-//Forms posted\r
-if(!empty($_POST)){\r
- $update = 0;\r
- \r
- if(!empty($_POST['private'])){ $private = $_POST['private']; }\r
- \r
- //Toggle private page setting\r
- if (isset($private) AND $private == 'Yes'){\r
- if ($pageDetails['private'] == 0){\r
- if (updatePrivate($pageId, 1)){\r
- $successes[] = lang("PAGE_PRIVATE_TOGGLED", array("private"));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- }\r
- elseif ($pageDetails['private'] == 1){\r
- if (updatePrivate($pageId, 0)){\r
- $successes[] = lang("PAGE_PRIVATE_TOGGLED", array("public"));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR"); \r
- }\r
- }\r
- \r
- //Remove permission level(s) access to page\r
- if(!empty($_POST['removePermission'])){\r
- $remove = $_POST['removePermission'];\r
- if ($deletion_count = removePage($pageId, $remove)){\r
- $successes[] = lang("PAGE_ACCESS_REMOVED", array($deletion_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR"); \r
- }\r
- \r
- }\r
- \r
- //Add permission level(s) access to page\r
- if(!empty($_POST['addPermission'])){\r
- $add = $_POST['addPermission'];\r
- if ($addition_count = addPage($pageId, $add)){\r
- $successes[] = lang("PAGE_ACCESS_ADDED", array($addition_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR"); \r
- }\r
- }\r
- \r
- $pageDetails = fetchPageDetails($pageId);\r
-}\r
-\r
-$pagePermissions = fetchPagePermissions($pageId);\r
-$permissionData = fetchAllPermissions();\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Page</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<form name='adminPage' action='".$_SERVER['PHP_SELF']."?id=".$pageId."' method='post'>\r
-<input type='hidden' name='process' value='1'>\r
-<table class='admin'>\r
-<tr><td>\r
-<h3>Page Information</h3>\r
-<div id='regbox'>\r
-<p>\r
-<label>ID:</label>\r
-".$pageDetails['id']."\r
-</p>\r
-<p>\r
-<label>Name:</label>\r
-".$pageDetails['page']."\r
-</p>\r
-<p>\r
-<label>Private:</label>";\r
-\r
-//Display private checkbox\r
-if ($pageDetails['private'] == 1){\r
- echo "<input type='checkbox' name='private' id='private' value='Yes' checked>";\r
-}\r
-else {\r
- echo "<input type='checkbox' name='private' id='private' value='Yes'>"; \r
-}\r
-\r
-echo "\r
-</p>\r
-</div></td><td>\r
-<h3>Page Access</h3>\r
-<div id='regbox'>\r
-<p>\r
-Remove Access:";\r
-\r
-//Display list of permission levels with access\r
-foreach ($permissionData as $v1) {\r
- if(isset($pagePermissions[$v1['id']])){\r
- echo "<br><input type='checkbox' name='removePermission[".$v1['id']."]' id='removePermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
- }\r
-}\r
-\r
-echo"\r
-</p><p>Add Access:";\r
-\r
-//Display list of permission levels without access\r
-foreach ($permissionData as $v1) {\r
- if(!isset($pagePermissions[$v1['id']])){\r
- echo "<br><input type='checkbox' name='addPermission[".$v1['id']."]' id='addPermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
- }\r
-}\r
-\r
-echo"\r
-</p>\r
-</div>\r
-</td>\r
-</tr>\r
-</table>\r
-<p>\r
-<label> </label>\r
-<input type='submit' value='Update' class='submit' />\r
-</p>\r
-</form>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-$pages = getPageFiles(); //Retrieve list of pages in root usercake folder\r
-$dbpages = fetchAllPages(); //Retrieve list of pages in pages table\r
-$creations = array();\r
-$deletions = array();\r
-\r
-//Check if any pages exist which are not in DB\r
-foreach ($pages as $page){\r
- if(!isset($dbpages[$page])){\r
- $creations[] = $page; \r
- }\r
-}\r
-\r
-//Enter new pages in DB if found\r
-if (count($creations) > 0) {\r
- createPages($creations) ;\r
-}\r
-\r
-if (count($dbpages) > 0){\r
- //Check if DB contains pages that don't exist\r
- foreach ($dbpages as $page){\r
- if(!isset($pages[$page['page']])){\r
- $deletions[] = $page['id']; \r
- }\r
- }\r
-}\r
-\r
-//Delete pages from DB if not found\r
-if (count($deletions) > 0) {\r
- deletePages($deletions);\r
-}\r
-\r
-//Update DB pages\r
-$dbpages = fetchAllPages();\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Pages</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>\r
-<table class='admin'>\r
-<tr><th>Id</th><th>Page</th><th>Access</th></tr>";\r
-\r
-//Display list of pages\r
-foreach ($dbpages as $page){\r
- echo "\r
- <tr>\r
- <td>\r
- ".$page['id']."\r
- </td>\r
- <td>\r
- <a href ='admin_page.php?id=".$page['id']."'>".$page['page']."</a>\r
- </td>\r
- <td>";\r
- \r
- //Show public/private setting of page\r
- if($page['private'] == 0){\r
- echo "Public";\r
- }\r
- else {\r
- echo "Private"; \r
- }\r
- \r
- echo "\r
- </td>\r
- </tr>";\r
-}\r
-\r
-echo "\r
-</table>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-$permissionId = $_GET['id'];\r
-\r
-//Check if selected permission level exists\r
-if(!permissionIdExists($permissionId)){\r
- header("Location: admin_permissions.php"); die(); \r
-}\r
-\r
-$permissionDetails = fetchPermissionDetails($permissionId); //Fetch information specific to permission level\r
-\r
-//Forms posted\r
-if(!empty($_POST)){\r
- \r
- //Delete selected permission level\r
- if(!empty($_POST['delete'])){\r
- $deletions = $_POST['delete'];\r
- if ($deletion_count = deletePermission($deletions)){\r
- $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR"); \r
- }\r
- }\r
- else\r
- {\r
- //Update permission level name\r
- if($permissionDetails['name'] != $_POST['name']) {\r
- $permission = trim($_POST['name']);\r
- \r
- //Validate new name\r
- if (permissionNameExists($permission)){\r
- $errors[] = lang("ACCOUNT_PERMISSIONNAME_IN_USE", array($permission));\r
- }\r
- elseif (minMaxRange(1, 50, $permission)){\r
- $errors[] = lang("ACCOUNT_PERMISSION_CHAR_LIMIT", array(1, 50)); \r
- }\r
- else {\r
- if (updatePermissionName($permissionId, $permission)){\r
- $successes[] = lang("PERMISSION_NAME_UPDATE", array($permission));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- }\r
- \r
- //Remove access to pages\r
- if(!empty($_POST['removePermission'])){\r
- $remove = $_POST['removePermission'];\r
- if ($deletion_count = removePermission($permissionId, $remove)) {\r
- $successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- \r
- //Add access to pages\r
- if(!empty($_POST['addPermission'])){\r
- $add = $_POST['addPermission'];\r
- if ($addition_count = addPermission($permissionId, $add)) {\r
- $successes[] = lang("PERMISSION_ADD_USERS", array($addition_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- \r
- //Remove access to pages\r
- if(!empty($_POST['removePage'])){\r
- $remove = $_POST['removePage'];\r
- if ($deletion_count = removePage($remove, $permissionId)) {\r
- $successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- \r
- //Add access to pages\r
- if(!empty($_POST['addPage'])){\r
- $add = $_POST['addPage'];\r
- if ($addition_count = addPage($add, $permissionId)) {\r
- $successes[] = lang("PERMISSION_ADD_PAGES", array($addition_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- $permissionDetails = fetchPermissionDetails($permissionId);\r
- }\r
-}\r
-\r
-$pagePermissions = fetchPermissionPages($permissionId); //Retrieve list of accessible pages\r
-$permissionUsers = fetchPermissionUsers($permissionId); //Retrieve list of users with membership\r
-$userData = fetchAllUsers(); //Fetch all users\r
-$pageData = fetchAllPages(); //Fetch all pages\r
-\r
-require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Permissions</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<form name='adminPermission' action='".$_SERVER['PHP_SELF']."?id=".$permissionId."' method='post'>\r
-<table class='admin'>\r
-<tr><td>\r
-<h3>Permission Information</h3>\r
-<div id='regbox'>\r
-<p>\r
-<label>ID:</label>\r
-".$permissionDetails['id']."\r
-</p>\r
-<p>\r
-<label>Name:</label>\r
-<input type='text' name='name' value='".$permissionDetails['name']."' />\r
-</p>\r
-<label>Delete:</label>\r
-<input type='checkbox' name='delete[".$permissionDetails['id']."]' id='delete[".$permissionDetails['id']."]' value='".$permissionDetails['id']."'>\r
-</p>\r
-</div></td><td>\r
-<h3>Permission Membership</h3>\r
-<div id='regbox'>\r
-<p>\r
-Remove Members:";\r
-\r
-//List users with permission level\r
-foreach ($userData as $v1) {\r
- if(isset($permissionUsers[$v1['id']])){\r
- echo "<br><input type='checkbox' name='removePermission[".$v1['id']."]' id='removePermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['display_name'];\r
- }\r
-}\r
-\r
-echo"\r
-</p><p>Add Members:";\r
-\r
-//List users without permission level\r
-foreach ($userData as $v1) {\r
- if(!isset($permissionUsers[$v1['id']])){\r
- echo "<br><input type='checkbox' name='addPermission[".$v1['id']."]' id='addPermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['display_name'];\r
- }\r
-}\r
-\r
-echo"\r
-</p>\r
-</div>\r
-</td>\r
-<td>\r
-<h3>Permission Access</h3>\r
-<div id='regbox'>\r
-<p>\r
-Public Access:";\r
-\r
-//List public pages\r
-foreach ($pageData as $v1) {\r
- if($v1['private'] != 1){\r
- echo "<br>".$v1['page'];\r
- }\r
-}\r
-\r
-echo"\r
-</p>\r
-<p>\r
-Remove Access:";\r
-\r
-//List pages accessible to permission level\r
-foreach ($pageData as $v1) {\r
- if(isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){\r
- echo "<br><input type='checkbox' name='removePage[".$v1['id']."]' id='removePage[".$v1['id']."]' value='".$v1['id']."'> ".$v1['page'];\r
- }\r
-}\r
-\r
-echo"\r
-</p><p>Add Access:";\r
-\r
-//List pages inaccessible to permission level\r
-foreach ($pageData as $v1) {\r
- if(!isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){\r
- echo "<br><input type='checkbox' name='addPage[".$v1['id']."]' id='addPage[".$v1['id']."]' value='".$v1['id']."'> ".$v1['page'];\r
- }\r
-}\r
-\r
-echo"\r
-</p>\r
-</div>\r
-</td>\r
-</tr>\r
-</table>\r
-<p>\r
-<label> </label>\r
-<input type='submit' value='Update' class='submit' />\r
-</p>\r
-</form>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Forms posted\r
-if(!empty($_POST))\r
-{\r
- //Delete permission levels\r
- if(!empty($_POST['delete'])){\r
- $deletions = $_POST['delete'];\r
- if ($deletion_count = deletePermission($deletions)){\r
- $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));\r
- }\r
- }\r
- \r
- //Create new permission level\r
- if(!empty($_POST['newPermission'])) {\r
- $permission = trim($_POST['newPermission']);\r
- \r
- //Validate request\r
- if (permissionNameExists($permission)){\r
- $errors[] = lang("PERMISSION_NAME_IN_USE", array($permission));\r
- }\r
- elseif (minMaxRange(1, 50, $permission)){\r
- $errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50)); \r
- }\r
- else{\r
- if (createPermission($permission)) {\r
- $successes[] = lang("PERMISSION_CREATION_SUCCESSFUL", array($permission));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- }\r
-}\r
-\r
-$permissionData = fetchAllPermissions(); //Retrieve list of all permission levels\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Permissions</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<form name='adminPermissions' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<table class='admin'>\r
-<tr>\r
-<th>Delete</th><th>Permission Name</th>\r
-</tr>";\r
-\r
-//List each permission level\r
-foreach ($permissionData as $v1) {\r
- echo "\r
- <tr>\r
- <td><input type='checkbox' name='delete[".$v1['id']."]' id='delete[".$v1['id']."]' value='".$v1['id']."'></td>\r
- <td><a href='admin_permission.php?id=".$v1['id']."'>".$v1['name']."</a></td>\r
- </tr>";\r
-}\r
-\r
-echo "\r
-</table>\r
-<p>\r
-<label>Permission Name:</label>\r
-<input type='text' name='newPermission' />\r
-</p> \r
-<input type='submit' name='Submit' value='Submit' />\r
-</form>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php
-
-/**
- * This file is not part of the original UserCake system, but uses it.
- */
-
-require_once("models/config.php");
-if (!securePage($_SERVER['PHP_SELF'])){die();}
-
-require_once("models/header.php");
-
-$text_area="# Rows starting with '#' are ignored. Rows are of the form:\n# username, Full Name, email";
-
-
-$show_form = true;
-if (!empty($_POST))
-{
-
- $current_users = fetchAllUsers();
-
- // Check form action
- if ($_POST['action'] === "Download") // Download list of users and populate the text area
- {
-
- foreach ($current_users as $u)
- {
- if ($u['user_name'] !== "admin")
- $text_area=$text_area."\n".$u['user_name'].",".$u['display_name'].",".$u['email'];
- }
- }
- else if ($_POST['action'] === "Upload") // Upload users in the text area
- {
-
- $text_area = $_POST['userUpload'];
-
-
- // Iterate through each row
- $all_rows=preg_split("/((\r?\n)|(\r\n?))/", $_POST['userUpload']);
-
-
-
-
- foreach ($all_rows as $row)
- {
- if (empty($row) or $row[0] === '#')
- continue;
-
- $errors = array();
-
- $fields = preg_split("/,/", $row);
-
- $user_name = trim($fields[0]);
- $display_name = trim($fields[1]);
- $email = trim($fields[2]);
- // generate the temporary password
- $password = generatePassword();
-
-
- if(count($errors) == 0)
- {
- //Construct a user object
- $user = new User($username,$displayname,$password,$email);
-
- //Checking this flag tells us whether there were any errors such as possible data duplication occured
- if(!$user->status)
- {
- if($user->username_taken) $errors[] = lang("ACCOUNT_USERNAME_IN_USE",array($username));
- if($user->displayname_taken) $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname));
- if($user->email_taken) $errors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email));
- }
- else
- {
- //Attempt to add the user to the database, carry out finishing tasks like emailing the user (if required)
- if(!$user->userCakeAddUser())
- {
- if($user->mail_failure) $errors[] = lang("MAIL_ERROR");
- if($user->sql_failure) $errors[] = lang("SQL_ERROR");
- }
- }
- }
- if(count($errors) == 0)
- {
- $successes[] = $user->success;
- }
-
- echo resultBlock($errors,$successes);
- }
-
-
-
-
-
- }
-
-
-}
-
-if ($show_form)
-{
- /* I can't get fucking file uploads to fucking work with fucking nginx
- echo "<p> Please provide a CSV file of usernames and email addresses. </p>
- <p> Click <a href=\"upload_users_example.csv\">here</a> for an example file. </p>
- <div class=\"title\">Upload</div>
- <form action=\"".$_SERVER['PHP_SELF']."\" enctype=\"multipart/form-data\" method=\"post\">
- <input type=\"file\" name=\"userUpload\"/>
- <input type=\"submit\" value=\"Upload\"/>
- </form>";
- */
- echo "
-
- <form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">
- <p> Action to take on adding users: </p>
- <p> <input type=\"radio\" name=\"upload_mode\" value=\"keep\" checked/>Keep existing users and add these users</p>
- <p> <input type=\"radio\" name=\"upload_mode\" value=\"purge\"/>Purge existing users and add these users</p>
- <input type=\"submit\" name=\"action\" value=\"Upload\"/>
- <input type=\"submit\" name=\"action\" value=\"Download\"/>
- <input type=\"submit\" name=\"action\" value=\"Reset\"/>
- <p> Enter or copy/paste user information below (resize the text area if necessary): </p>
- <p>
- <textarea name=\"userUpload\" rows=\"50\" cols=\"100\">".$text_area."</textarea> </p>
-
- </form>";
-}
-
-?>
-
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-$userId = $_GET['id'];\r
-\r
-//Check if selected user exists\r
-if(!userIdExists($userId)){\r
- header("Location: admin_users.php"); die();\r
-}\r
-\r
-$userdetails = fetchUserDetails(NULL, NULL, $userId); //Fetch user details\r
-\r
-//Forms posted\r
-if(!empty($_POST))\r
-{ \r
- //Delete selected account\r
- if(!empty($_POST['delete'])){\r
- $deletions = $_POST['delete'];\r
- if ($deletion_count = deleteUsers($deletions)) {\r
- $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- else\r
- {\r
- //Update display name\r
- if ($userdetails['display_name'] != $_POST['display']){\r
- $displayname = trim($_POST['display']);\r
- \r
- //Validate display name\r
- if(displayNameExists($displayname))\r
- {\r
- $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname));\r
- }\r
- elseif(minMaxRange(5,25,$displayname))\r
- {\r
- $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT",array(5,25));\r
- }\r
- elseif(!ctype_alnum($displayname)){\r
- $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");\r
- }\r
- else {\r
- if (updateDisplayName($userId, $displayname)){\r
- $successes[] = lang("ACCOUNT_DISPLAYNAME_UPDATED", array($displayname));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- \r
- }\r
- else {\r
- $displayname = $userdetails['display_name'];\r
- }\r
- \r
- //Activate account\r
- if(isset($_POST['activate']) && $_POST['activate'] == "activate"){\r
- if (setUserActive($userdetails['activation_token'])){\r
- $successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- \r
- //Update email\r
- if ($userdetails['email'] != $_POST['email']){\r
- $email = trim($_POST["email"]);\r
- \r
- //Validate email\r
- if(!isValidEmail($email))\r
- {\r
- $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
- }\r
- elseif(emailExists($email))\r
- {\r
- $errors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email));\r
- }\r
- else {\r
- if (updateEmail($userId, $email)){\r
- $successes[] = lang("ACCOUNT_EMAIL_UPDATED");\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- }\r
- \r
- //Update title\r
- if ($userdetails['title'] != $_POST['title']){\r
- $title = trim($_POST['title']);\r
- \r
- //Validate title\r
- if(minMaxRange(1,50,$title))\r
- {\r
- $errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT",array(1,50));\r
- }\r
- else {\r
- if (updateTitle($userId, $title)){\r
- $successes[] = lang("ACCOUNT_TITLE_UPDATED", array ($displayname, $title));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- }\r
- \r
- //Remove permission level\r
- if(!empty($_POST['removePermission'])){\r
- $remove = $_POST['removePermission'];\r
- if ($deletion_count = removePermission($remove, $userId)){\r
- $successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array ($deletion_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- \r
- if(!empty($_POST['addPermission'])){\r
- $add = $_POST['addPermission'];\r
- if ($addition_count = addPermission($add, $userId)){\r
- $successes[] = lang("ACCOUNT_PERMISSION_ADDED", array ($addition_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- \r
- $userdetails = fetchUserDetails(NULL, NULL, $userId);\r
- }\r
-}\r
-\r
-$userPermission = fetchUserPermissions($userId);\r
-$permissionData = fetchAllPermissions();\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin User</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<form name='adminUser' action='".$_SERVER['PHP_SELF']."?id=".$userId."' method='post'>\r
-<table class='admin'><tr><td>\r
-<h3>User Information</h3>\r
-<div id='regbox'>\r
-<p>\r
-<label>ID:</label>\r
-".$userdetails['id']."\r
-</p>\r
-<p>\r
-<label>Username:</label>\r
-".$userdetails['user_name']."\r
-</p>\r
-<p>\r
-<label>Display Name:</label>\r
-<input type='text' name='display' value='".$userdetails['display_name']."' />\r
-</p>\r
-<p>\r
-<label>Email:</label>\r
-<input type='text' name='email' value='".$userdetails['email']."' />\r
-</p>\r
-<p>\r
-<label>Active:</label>";\r
-\r
-//Display activation link, if account inactive\r
-if ($userdetails['active'] == '1'){\r
- echo "Yes"; \r
-}\r
-else{\r
- echo "No\r
- </p>\r
- <p>\r
- <label>Activate:</label>\r
- <input type='checkbox' name='activate' id='activate' value='activate'>\r
- ";\r
-}\r
-\r
-echo "\r
-</p>\r
-<p>\r
-<label>Title:</label>\r
-<input type='text' name='title' value='".$userdetails['title']."' />\r
-</p>\r
-<p>\r
-<label>Sign Up:</label>\r
-".date("j M, Y", $userdetails['sign_up_stamp'])."\r
-</p>\r
-<p>\r
-<label>Last Sign In:</label>";\r
-\r
-//Last sign in, interpretation\r
-if ($userdetails['last_sign_in_stamp'] == '0'){\r
- echo "Never"; \r
-}\r
-else {\r
- echo date("j M, Y", $userdetails['last_sign_in_stamp']);\r
-}\r
-\r
-echo "\r
-</p>\r
-<p>\r
-<label>Delete:</label>\r
-<input type='checkbox' name='delete[".$userdetails['id']."]' id='delete[".$userdetails['id']."]' value='".$userdetails['id']."'>\r
-</p>\r
-<p>\r
-<label> </label>\r
-<input type='submit' value='Update' class='submit' />\r
-</p>\r
-</div>\r
-</td>\r
-<td>\r
-<h3>Permission Membership</h3>\r
-<div id='regbox'>\r
-<p>Remove Permission:";\r
-\r
-//List of permission levels user is apart of\r
-foreach ($permissionData as $v1) {\r
- if(isset($userPermission[$v1['id']])){\r
- echo "<br><input type='checkbox' name='removePermission[".$v1['id']."]' id='removePermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
- }\r
-}\r
-\r
-//List of permission levels user is not apart of\r
-echo "</p><p>Add Permission:";\r
-foreach ($permissionData as $v1) {\r
- if(!isset($userPermission[$v1['id']])){\r
- echo "<br><input type='checkbox' name='addPermission[".$v1['id']."]' id='addPermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
- }\r
-}\r
-\r
-echo"\r
-</p>\r
-</div>\r
-</td>\r
-</tr>\r
-</table>\r
-</form>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Forms posted\r
-if(!empty($_POST))\r
-{\r
- $deletions = $_POST['delete'];\r
- if ($deletion_count = deleteUsers($deletions)){\r
- $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
-}\r
-\r
-$userData = fetchAllUsers(); //Fetch information for all users\r
-\r
-require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Users</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<form name='adminUsers' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<table class='admin'>\r
-<tr>\r
-<th>Delete</th><th>Username</th><th>Display Name</th><th>Title</th><th>Last Sign In</th>\r
-</tr>";\r
-\r
-//Cycle through users\r
-foreach ($userData as $v1) {\r
- echo "\r
- <tr>\r
- <td><input type='checkbox' name='delete[".$v1['id']."]' id='delete[".$v1['id']."]' value='".$v1['id']."'></td>\r
- <td><a href='admin_user.php?id=".$v1['id']."'>".$v1['user_name']."</a></td>\r
- <td>".$v1['display_name']."</td>\r
- <td>".$v1['title']."</td>\r
- <td>\r
- ";\r
- \r
- //Interprety last login\r
- if ($v1['last_sign_in_stamp'] == '0'){\r
- echo "Never"; \r
- }\r
- else {\r
- echo date("j M, Y", $v1['last_sign_in_stamp']);\r
- }\r
- echo "\r
- </td>\r
- </tr>";\r
-}\r
-\r
-echo "\r
-</table>\r
-<input type='submit' name='Submit' value='Delete' />\r
-</form>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>2.00</h2>\r
-<div id='left-nav'>";\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>\r
-<p>Thank you for downloading UserCake. 100% Free and Opensource.</p>\r
-<p>Copyright (c) 2009-2012</p>\r
-<p>Permission is hereby granted, free of charge, to any person obtaining a copy\r
-of this software and associated documentation files (the 'Software'), to deal\r
-in the Software without restriction, including without limitation the rights\r
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\r
-copies of the Software, and to permit persons to whom the Software is\r
-furnished to do so, subject to the following conditions:</p>\r
-<p>The above copyright notice and this permission notice shall be included in\r
-all copies or substantial portions of the Software.</p>\r
-<p>THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\r
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\r
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\r
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\r
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\r
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\r
-THE SOFTWARE.</p>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Links for logged in user\r
-if(isUserLoggedIn()) {\r
- echo "\r
- <ul>\r
- <li><a href='account.php'>Account Home</a></li>\r
- <li><a href='user_settings.php'>User Settings</a></li>\r
- <li><a href='logout.php'>Logout</a></li>\r
- </ul>";\r
- \r
- //Links for permission level 2 (default admin)\r
- if ($loggedInUser->checkPermission(array(2))){\r
- echo "\r
- <ul>\r
- <li><a href='admin_configuration.php'>Admin Configuration</a></li>\r
- <li><a href='admin_users.php'>Admin Users</a></li>\r
- <li><a href='admin_permissions.php'>Admin Permissions</a></li>\r
- <li><a href='admin_pages.php'>Admin Pages</a></li>\r
- </ul>";\r
- }\r
-} \r
-//Links for users not logged in\r
-else {\r
- echo "\r
- <ul>\r
- <li><a href='index.php'>Home</a></li>\r
- <li><a href='login.php'>Login</a></li>\r
- <li><a href='register.php'>Register</a></li>\r
- <li><a href='forgot-password.php'>Forgot Password</a></li>";\r
- if ($emailActivation)\r
- {\r
- echo "<li><a href='resend-activation.php'>Resend Activation Email</a></li>";\r
- }\r
- echo "</ul>";\r
-}\r
-\r
-?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Prevent the user visiting the logged in page if he/she is already logged in\r
-if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
-\r
-//Forms posted\r
-if(!empty($_POST))\r
-{\r
- $errors = array();\r
- $username = sanitize(trim($_POST["username"]));\r
- $password = trim($_POST["password"]);\r
- \r
- //Perform some validation\r
- //Feel free to edit / change as required\r
- if($username == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
- }\r
- if($password == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
- }\r
-\r
- if(count($errors) == 0)\r
- {\r
- //A security note here, never tell the user which credential was incorrect\r
- if(!usernameExists($username))\r
- {\r
- $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
- }\r
- else\r
- {\r
- $userdetails = fetchUserDetails($username);\r
- //See if the user's account is activated\r
- if($userdetails["active"]==0)\r
- {\r
- $errors[] = lang("ACCOUNT_INACTIVE");\r
- }\r
- else\r
- {\r
- //Hash the password and use the salt from the database to compare the password.\r
- $entered_pass = generateHash($password,$userdetails["password"]);\r
-\r
- echo "".$userdetails["password"];\r
- \r
- if($entered_pass != $userdetails["password"])\r
- {\r
- //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing\r
- $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
- }\r
- else\r
- {\r
- //Passwords match! we're good to go'\r
- \r
- //Construct a new logged in user object\r
- //Transfer some db data to the session object\r
- $loggedInUser = new loggedInUser();\r
- $loggedInUser->email = $userdetails["email"];\r
- $loggedInUser->user_id = $userdetails["id"];\r
- $loggedInUser->hash_pw = $userdetails["password"];\r
- $loggedInUser->title = $userdetails["title"];\r
- $loggedInUser->displayname = $userdetails["display_name"];\r
- $loggedInUser->username = $userdetails["user_name"];\r
- \r
- //Update last sign in\r
- $loggedInUser->updateLastSignIn();\r
- $_SESSION["userCakeUser"] = $loggedInUser;\r
- \r
- //Redirect to user account page\r
- header("Location: account.php");\r
- die();\r
- }\r
- }\r
- }\r
- }\r
-}\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Login</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<div id='regbox'>\r
-<form name='login' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<p>\r
-<label>Username:</label>\r
-<input type='text' name='username' />\r
-</p>\r
-<p>\r
-<label>Password:</label>\r
-<input type='password' name='password' />\r
-</p>\r
-<p>\r
-<label> </label>\r
-<input type='submit' value='Login' class='submit' />\r
-</p>\r
-</form>\r
-</div>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Log the user out\r
-if(isUserLoggedIn())\r
-{\r
- $loggedInUser->userLogOut();\r
-}\r
-\r
-if(!empty($websiteUrl)) \r
-{\r
- $add_http = "";\r
- \r
- if(strpos($websiteUrl,"http://") === false)\r
- {\r
- $add_http = "http://";\r
- }\r
- \r
- header("Location: ".$add_http.$websiteUrl);\r
- die();\r
-}\r
-else\r
-{\r
- header("Location: http://".$_SERVER['HTTP_HOST']);\r
- die();\r
-} \r
-\r
-?>\r
-\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Prevent the user visiting the logged in page if he/she is already logged in\r
-if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
-\r
-//Forms posted\r
-if(!empty($_POST))\r
-{\r
- $errors = array();\r
- $email = trim($_POST["email"]);\r
- $username = trim($_POST["username"]);\r
- $displayname = trim($_POST["displayname"]);\r
- $password = trim($_POST["password"]);\r
- $confirm_pass = trim($_POST["passwordc"]);\r
- $captcha = md5($_POST["captcha"]);\r
- \r
- \r
- if ($captcha != $_SESSION['captcha'])\r
- {\r
- $errors[] = lang("CAPTCHA_FAIL");\r
- }\r
- if(minMaxRange(5,25,$username))\r
- {\r
- $errors[] = lang("ACCOUNT_USER_CHAR_LIMIT",array(5,25));\r
- }\r
- if(!ctype_alnum($username)){\r
- $errors[] = lang("ACCOUNT_USER_INVALID_CHARACTERS");\r
- }\r
- if(minMaxRange(5,25,$displayname))\r
- {\r
- $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT",array(5,25));\r
- }\r
- if(!ctype_alnum($displayname)){\r
- $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");\r
- }\r
- if(minMaxRange(8,50,$password) && minMaxRange(8,50,$confirm_pass))\r
- {\r
- $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT",array(8,50));\r
- }\r
- else if($password != $confirm_pass)\r
- {\r
- $errors[] = lang("ACCOUNT_PASS_MISMATCH");\r
- }\r
- if(!isValidEmail($email))\r
- {\r
- $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
- }\r
- //End data validation\r
- if(count($errors) == 0)\r
- { \r
- //Construct a user object\r
- $user = new User($username,$displayname,$password,$email);\r
- \r
- //Checking this flag tells us whether there were any errors such as possible data duplication occured\r
- if(!$user->status)\r
- {\r
- if($user->username_taken) $errors[] = lang("ACCOUNT_USERNAME_IN_USE",array($username));\r
- if($user->displayname_taken) $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname));\r
- if($user->email_taken) $errors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email)); \r
- }\r
- else\r
- {\r
- //Attempt to add the user to the database, carry out finishing tasks like emailing the user (if required)\r
- if(!$user->userCakeAddUser())\r
- {\r
- if($user->mail_failure) $errors[] = lang("MAIL_ERROR");\r
- if($user->sql_failure) $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- }\r
- if(count($errors) == 0) {\r
- $successes[] = $user->success;\r
- }\r
-}\r
-\r
-require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Register</h2>\r
-\r
-<div id='left-nav'>";\r
-include("left-nav.php");\r
-echo "\r
-</div>\r
-\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<div id='regbox'>\r
-<form name='newUser' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-\r
-<p>\r
-<label>User Name:</label>\r
-<input type='text' name='username' />\r
-</p>\r
-<p>\r
-<label>Display Name:</label>\r
-<input type='text' name='displayname' />\r
-</p>\r
-<p>\r
-<label>Password:</label>\r
-<input type='password' name='password' />\r
-</p>\r
-<p>\r
-<label>Confirm:</label>\r
-<input type='password' name='passwordc' />\r
-</p>\r
-<p>\r
-<label>Email:</label>\r
-<input type='text' name='email' />\r
-</p>\r
-<p>\r
-<label>Security Code:</label>\r
-<img src='models/captcha.php'>\r
-</p>\r
-<label>Enter Security Code:</label>\r
-<input name='captcha' type='text'>\r
-</p>\r
-<label> <br>\r
-<input type='submit' value='Register'/>\r
-</p>\r
-\r
-</form>\r
-</div>\r
-\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Forms posted\r
-if(!empty($_POST) && $emailActivation)\r
-{\r
- $email = $_POST["email"];\r
- $username = $_POST["username"];\r
- \r
- //Perform some validation\r
- //Feel free to edit / change as required\r
- if(trim($email) == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");\r
- }\r
- //Check to ensure email is in the correct format / in the db\r
- else if(!isValidEmail($email) || !emailExists($email))\r
- {\r
- $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
- }\r
- \r
- if(trim($username) == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
- }\r
- else if(!usernameExists($username))\r
- {\r
- $errors[] = lang("ACCOUNT_INVALID_USERNAME");\r
- }\r
- \r
- if(count($errors) == 0)\r
- {\r
- //Check that the username / email are associated to the same account\r
- if(!emailUsernameLinked($email,$username))\r
- {\r
- $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");\r
- }\r
- else\r
- {\r
- $userdetails = fetchUserDetails($username);\r
- \r
- //See if the user's account is activation\r
- if($userdetails["active"]==1)\r
- {\r
- $errors[] = lang("ACCOUNT_ALREADY_ACTIVE");\r
- }\r
- else\r
- {\r
- if ($resend_activation_threshold == 0) {\r
- $hours_diff = 0;\r
- }\r
- else {\r
- $last_request = $userdetails["last_activation_request"];\r
- $hours_diff = round((time()-$last_request) / (3600*$resend_activation_threshold),0);\r
- }\r
- \r
- if($resend_activation_threshold!=0 && $hours_diff <= $resend_activation_threshold)\r
- {\r
- $errors[] = lang("ACCOUNT_LINK_ALREADY_SENT",array($resend_activation_threshold));\r
- }\r
- else\r
- {\r
- //For security create a new activation url;\r
- $new_activation_token = generateActivationToken();\r
- \r
- if(!updateLastActivationRequest($new_activation_token,$username,$email))\r
- {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- else\r
- {\r
- $mail = new userCakeMail();\r
- \r
- $activation_url = $websiteUrl."activate-account.php?token=".$new_activation_token;\r
- \r
- //Setup our custom hooks\r
- $hooks = array(\r
- "searchStrs" => array("#ACTIVATION-URL","#USERNAME#"),\r
- "subjectStrs" => array($activation_url,$userdetails["display_name"])\r
- );\r
- \r
- if(!$mail->newTemplateMsg("resend-activation.txt",$hooks))\r
- {\r
- $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");\r
- }\r
- else\r
- {\r
- if(!$mail->sendMail($userdetails["email"],"Activate your ".$websiteName." Account"))\r
- {\r
- $errors[] = lang("MAIL_ERROR");\r
- }\r
- else\r
- {\r
- //Success, user details have been updated in the db now mail this information out.\r
- $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT");\r
- }\r
- }\r
- }\r
- }\r
- }\r
- }\r
- }\r
-}\r
-\r
-//Prevent the user visiting the logged in page if he/she is already logged in\r
-if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Resend Activation</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "<div id='regbox'>";\r
-\r
-//Show disabled if email activation not required\r
-if(!$emailActivation)\r
-{ \r
- echo lang("FEATURE_DISABLED");\r
-}\r
-else\r
-{\r
- echo "<form name='resendActivation' action='".$_SERVER['PHP_SELF']."' method='post'>\r
- <p>\r
- <label>Username:</label>\r
- <input type='text' name='username' />\r
- </p> \r
- <p>\r
- <label>Email:</label>\r
- <input type='text' name='email' />\r
- </p> \r
- <p>\r
- <label> </label>\r
- <input type='submit' value='Submit' class='submit' />\r
- </p>\r
- </form>";\r
-}\r
-\r
-echo "\r
-</div> \r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Prevent the user visiting the logged in page if he is not logged in\r
-if(!isUserLoggedIn()) { header("Location: login.php"); die(); }\r
-\r
-if(!empty($_POST))\r
-{\r
- $errors = array();\r
- $successes = array();\r
- $password = $_POST["password"];\r
- $password_new = $_POST["passwordc"];\r
- $password_confirm = $_POST["passwordcheck"];\r
- \r
- $errors = array();\r
- $email = $_POST["email"];\r
- \r
- //Perform some validation\r
- //Feel free to edit / change as required\r
- \r
- //Confirm the hashes match before updating a users password\r
- $entered_pass = generateHash($password,$loggedInUser->hash_pw);\r
- \r
- if (trim($password) == ""){\r
- $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
- }\r
- else if($entered_pass != $loggedInUser->hash_pw)\r
- {\r
- //No match\r
- $errors[] = lang("ACCOUNT_PASSWORD_INVALID");\r
- } \r
- if($email != $loggedInUser->email)\r
- {\r
- if(trim($email) == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");\r
- }\r
- else if(!isValidEmail($email))\r
- {\r
- $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
- }\r
- else if(emailExists($email))\r
- {\r
- $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); \r
- }\r
- \r
- //End data validation\r
- if(count($errors) == 0)\r
- {\r
- $loggedInUser->updateEmail($email);\r
- $successes[] = lang("ACCOUNT_EMAIL_UPDATED");\r
- }\r
- }\r
- \r
- if ($password_new != "" OR $password_confirm != "")\r
- {\r
- if(trim($password_new) == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");\r
- }\r
- else if(trim($password_confirm) == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");\r
- }\r
- else if(minMaxRange(8,50,$password_new))\r
- { \r
- $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(8,50));\r
- }\r
- else if($password_new != $password_confirm)\r
- {\r
- $errors[] = lang("ACCOUNT_PASS_MISMATCH");\r
- }\r
- \r
- //End data validation\r
- if(count($errors) == 0)\r
- {\r
- //Also prevent updating if someone attempts to update with the same password\r
- $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw);\r
- \r
- if($entered_pass_new == $loggedInUser->hash_pw)\r
- {\r
- //Don't update, this fool is trying to update with the same password ¬¬\r
- $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");\r
- }\r
- else\r
- {\r
- //This function will create the new hash and update the hash_pw property.\r
- $loggedInUser->updatePassword($password_new);\r
- $successes[] = lang("ACCOUNT_PASSWORD_UPDATED");\r
- }\r
- }\r
- }\r
- if(count($errors) == 0 AND count($successes) == 0){\r
- $errors[] = lang("NOTHING_TO_UPDATE");\r
- }\r
-}\r
-\r
-require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>User Settings</h2>\r
-<div id='left-nav'>";\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<div id='regbox'>\r
-<form name='updateAccount' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<p>\r
-<label>Password:</label>\r
-<input type='password' name='password' />\r
-</p>\r
-<p>\r
-<label>Email:</label>\r
-<input type='text' name='email' value='".$loggedInUser->email."' />\r
-</p>\r
-<p>\r
-<label>New Pass:</label>\r
-<input type='password' name='passwordc' />\r
-</p>\r
-<p>\r
-<label>Confirm Pass:</label>\r
-<input type='password' name='passwordcheck' />\r
-</p>\r
-<p>\r
-<label> </label>\r
-<input type='submit' value='Update' class='submit' />\r
-</p>\r
-</form>\r
-</div>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
git.ucc.asn.au / matches / MCTX3420.git / commitdiff
UCC git Repository :: git.ucc.asn.au