From: Sam Moore Date: Sun, 20 Oct 2013 05:02:54 +0000 (+0800) Subject: Add UserCake X-Git-Url: https://git.ucc.asn.au/?a=commitdiff_plain;h=bd5fabfeabdd16cf38642c8cfb2232aab495de31;p=matches%2FMCTX3420.git Add UserCake We might be able to build on this to make a user management system. UserCake Version: 2.0.2 http://usercake.com This commit includes the original UserCake source. Many files will need to be removed and/or rewritten. UserCake uses MySQL for storing user information. There is a C API for interfacing with MySQL. Hopefully that will work. --- diff --git a/testing/MCTXWeb/public_html/users/README.txt b/testing/MCTXWeb/public_html/users/README.txt new file mode 100644 index 0000000..153dde1 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/README.txt @@ -0,0 +1,35 @@ +The MCTX3420 Exploding Cans User Management System has been based upon UserCake. +The original copyright notice is reproduced below. + +//--UserCake Copyright + +Copyright (c) 2009-2012 + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +//--Credits + +UserCake created by: Adam Davis +UserCake V2.0 designed by: Jonathan Cassels + +--------------------------------------------------------------- + +Vers: 2.0.2 +http://usercake.com +http://usercake.com/LICENCE.txt diff --git a/testing/MCTXWeb/public_html/users/account.php b/testing/MCTXWeb/public_html/users/account.php new file mode 100644 index 0000000..3f93126 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/account.php @@ -0,0 +1,32 @@ + +
+
+
+

UserCake

+

Account

+
"; + +include("left-nav.php"); + +echo " +
+
+Hey, $loggedInUser->displayname. This is an example secure page designed to demonstrate some of the basic features of UserCake. Just so you know, your title at the moment is $loggedInUser->title, and that can be changed in the admin panel. You registered this account on " . date("M d, Y", $loggedInUser->signupTimeStamp()) . ". +
+
+
+ +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/activate-account.php b/testing/MCTXWeb/public_html/users/activate-account.php new file mode 100644 index 0000000..33bbd15 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/activate-account.php @@ -0,0 +1,66 @@ + +
+
+
+

UserCake

+

Activate Account

+ +
"; + +include("left-nav.php"); + +echo " +
+
"; + +echo resultBlock($errors,$successes); + +echo " +
+
+
+ +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/admin_configuration.php b/testing/MCTXWeb/public_html/users/admin_configuration.php new file mode 100644 index 0000000..01fa76a --- /dev/null +++ b/testing/MCTXWeb/public_html/users/admin_configuration.php @@ -0,0 +1,237 @@ + 72 OR $newResend_activation_threshold < 0) + { + $errors[] = lang("CONFIG_ACTIVATION_RESEND_RANGE",array(0,72)); + } + else if (count($errors) == 0) { + $cfgId[] = 5; + $cfgValue[5] = $newResend_activation_threshold; + $resend_activation_threshold = $newResend_activation_threshold; + } + } + + //Validate new language selection + if ($newSettings[6] != $language) { + $newLanguage = $newSettings[6]; + if(minMaxRange(1,150,$language)) + { + $errors[] = lang("CONFIG_LANGUAGE_CHAR_LIMIT",array(1,150)); + } + elseif (!file_exists($newLanguage)) { + $errors[] = lang("CONFIG_LANGUAGE_INVALID",array($newLanguage)); + } + else if (count($errors) == 0) { + $cfgId[] = 6; + $cfgValue[6] = $newLanguage; + $language = $newLanguage; + } + } + + //Validate new template selection + if ($newSettings[7] != $template) { + $newTemplate = $newSettings[7]; + if(minMaxRange(1,150,$template)) + { + $errors[] = lang("CONFIG_TEMPLATE_CHAR_LIMIT",array(1,150)); + } + elseif (!file_exists($newTemplate)) { + $errors[] = lang("CONFIG_TEMPLATE_INVALID",array($newTemplate)); + } + else if (count($errors) == 0) { + $cfgId[] = 7; + $cfgValue[7] = $newTemplate; + $template = $newTemplate; + } + } + + //Update configuration table with new settings + if (count($errors) == 0 AND count($cfgId) > 0) { + updateConfig($cfgId, $cfgValue); + $successes[] = lang("CONFIG_UPDATE_SUCCESSFUL"); + } +} + +$languages = getLanguageFiles(); //Retrieve list of language files +$templates = getTemplateFiles(); //Retrieve list of template files +$permissionData = fetchAllPermissions(); //Retrieve list of all permission levels +require_once("models/header.php"); + +echo " + +
+
+
+

UserCake

+

Admin Configuration

+
"; + +include("left-nav.php"); + +echo " +
+
"; + +echo resultBlock($errors,$successes); + +echo " +
+
+

+ + +

+

+ + +

+

+ + +

+

+ + +

+

+ + +

+

+ +"; +} +else { + echo " + + + "; +} + +echo "

+

+ + +

+ +
+
+
+
+
+ +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/admin_page.php b/testing/MCTXWeb/public_html/users/admin_page.php new file mode 100644 index 0000000..7d1815d --- /dev/null +++ b/testing/MCTXWeb/public_html/users/admin_page.php @@ -0,0 +1,160 @@ + +
+
+
+

UserCake

+

Admin Page

+
"; + +include("left-nav.php"); + +echo " +
+
"; + +echo resultBlock($errors,$successes); + +echo " +
+ + + + +
+

Page Information

+
+

+ +".$pageDetails['id']." +

+

+ +".$pageDetails['page']." +

+

+"; + +//Display private checkbox +if ($pageDetails['private'] == 1){ + echo ""; +} +else { + echo ""; +} + +echo " +

+
+

Page Access

+
+

+Remove Access:"; + +//Display list of permission levels with access +foreach ($permissionData as $v1) { + if(isset($pagePermissions[$v1['id']])){ + echo "
".$v1['name']; + } +} + +echo" +

Add Access:"; + +//Display list of permission levels without access +foreach ($permissionData as $v1) { + if(!isset($pagePermissions[$v1['id']])){ + echo "
".$v1['name']; + } +} + +echo" +

+
+
+

+ + +

+
+
+
+
+ +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/admin_pages.php b/testing/MCTXWeb/public_html/users/admin_pages.php new file mode 100644 index 0000000..6918367 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/admin_pages.php @@ -0,0 +1,96 @@ + 0) { + createPages($creations) ; +} + +if (count($dbpages) > 0){ + //Check if DB contains pages that don't exist + foreach ($dbpages as $page){ + if(!isset($pages[$page['page']])){ + $deletions[] = $page['id']; + } + } +} + +//Delete pages from DB if not found +if (count($deletions) > 0) { + deletePages($deletions); +} + +//Update DB pages +$dbpages = fetchAllPages(); + +require_once("models/header.php"); + +echo " + +
+
+
+

UserCake

+

Admin Pages

+
"; + +include("left-nav.php"); + +echo " +
+
+ +"; + +//Display list of pages +foreach ($dbpages as $page){ + echo " + + + + + "; +} + +echo " +
IdPageAccess
+ ".$page['id']." + + ".$page['page']." + "; + + //Show public/private setting of page + if($page['private'] == 0){ + echo "Public"; + } + else { + echo "Private"; + } + + echo " +
+
+
+
+ +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/admin_permission.php b/testing/MCTXWeb/public_html/users/admin_permission.php new file mode 100644 index 0000000..38ef238 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/admin_permission.php @@ -0,0 +1,220 @@ + +
+
+
+

UserCake

+

Admin Permissions

+
"; + +include("left-nav.php"); + +echo " +
+
"; + +echo resultBlock($errors,$successes); + +echo " +
+ + + + +
+

Permission Information

+
+

+ +".$permissionDetails['id']." +

+

+ + +

+ + +

+
+

Permission Membership

+
+

+Remove Members:"; + +//List users with permission level +foreach ($userData as $v1) { + if(isset($permissionUsers[$v1['id']])){ + echo "
".$v1['display_name']; + } +} + +echo" +

Add Members:"; + +//List users without permission level +foreach ($userData as $v1) { + if(!isset($permissionUsers[$v1['id']])){ + echo "
".$v1['display_name']; + } +} + +echo" +

+
+
+

Permission Access

+
+

+Public Access:"; + +//List public pages +foreach ($pageData as $v1) { + if($v1['private'] != 1){ + echo "
".$v1['page']; + } +} + +echo" +

+

+Remove Access:"; + +//List pages accessible to permission level +foreach ($pageData as $v1) { + if(isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){ + echo "
".$v1['page']; + } +} + +echo" +

Add Access:"; + +//List pages inaccessible to permission level +foreach ($pageData as $v1) { + if(!isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){ + echo "
".$v1['page']; + } +} + +echo" +

+
+
+

+ + +

+
+
+
+
+ +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/admin_permissions.php b/testing/MCTXWeb/public_html/users/admin_permissions.php new file mode 100644 index 0000000..9a58249 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/admin_permissions.php @@ -0,0 +1,94 @@ + +
+
+
+

UserCake

+

Admin Permissions

+
"; + +include("left-nav.php"); + +echo " +
+
"; + +echo resultBlock($errors,$successes); + +echo " +
+ + + +"; + +//List each permission level +foreach ($permissionData as $v1) { + echo " + + + + "; +} + +echo " +
DeletePermission Name
".$v1['name']."
+

+ + +

+ +
+
+
+
+ +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/admin_upload_users.php b/testing/MCTXWeb/public_html/users/admin_upload_users.php new file mode 100644 index 0000000..dd4f28c --- /dev/null +++ b/testing/MCTXWeb/public_html/users/admin_upload_users.php @@ -0,0 +1,24 @@ + Uploaded!

"; +} +else +{ + echo "

Please provide a CSV file of usernames and email addresses.

+
Upload
+
+ + +
"; +} + +?> + diff --git a/testing/MCTXWeb/public_html/users/admin_user.php b/testing/MCTXWeb/public_html/users/admin_user.php new file mode 100644 index 0000000..2d0e656 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/admin_user.php @@ -0,0 +1,265 @@ + +
+
+
+

UserCake

+

Admin User

+
"; + +include("left-nav.php"); + +echo " +
+
"; + +echo resultBlock($errors,$successes); + +echo " +
+ + + +
+

User Information

+
+

+ +".$userdetails['id']." +

+

+ +".$userdetails['user_name']." +

+

+ + +

+

+ + +

+

+"; + +//Display activation link, if account inactive +if ($userdetails['active'] == '1'){ + echo "Yes"; +} +else{ + echo "No +

+

+ + + "; +} + +echo " +

+

+ + +

+

+ +".date("j M, Y", $userdetails['sign_up_stamp'])." +

+

+"; + +//Last sign in, interpretation +if ($userdetails['last_sign_in_stamp'] == '0'){ + echo "Never"; +} +else { + echo date("j M, Y", $userdetails['last_sign_in_stamp']); +} + +echo " +

+

+ + +

+

+ + +

+
+
+

Permission Membership

+
+

Remove Permission:"; + +//List of permission levels user is apart of +foreach ($permissionData as $v1) { + if(isset($userPermission[$v1['id']])){ + echo "
".$v1['name']; + } +} + +//List of permission levels user is not apart of +echo "

Add Permission:"; +foreach ($permissionData as $v1) { + if(!isset($userPermission[$v1['id']])){ + echo "
".$v1['name']; + } +} + +echo" +

+
+
+
+
+
+
+ +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/admin_users.php b/testing/MCTXWeb/public_html/users/admin_users.php new file mode 100644 index 0000000..e0ec8e0 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/admin_users.php @@ -0,0 +1,82 @@ + +
+
+
+

UserCake

+

Admin Users

+
"; + +include("left-nav.php"); + +echo " +
+
"; + +echo resultBlock($errors,$successes); + +echo " +
+ + + +"; + +//Cycle through users +foreach ($userData as $v1) { + echo " + + + + + + + "; +} + +echo " +
DeleteUsernameDisplay NameTitleLast Sign In
".$v1['user_name']."".$v1['display_name']."".$v1['title']." + "; + + //Interprety last login + if ($v1['last_sign_in_stamp'] == '0'){ + echo "Never"; + } + else { + echo date("j M, Y", $v1['last_sign_in_stamp']); + } + echo " +
+ +
+
+
+
+ +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/forgot-password.php b/testing/MCTXWeb/public_html/users/forgot-password.php new file mode 100644 index 0000000..fa68835 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/forgot-password.php @@ -0,0 +1,217 @@ + array("#GENERATED-PASS#","#USERNAME#"), + "subjectStrs" => array($rand_pass,$userdetails["display_name"]) + ); + + if(!$mail->newTemplateMsg("your-lost-password.txt",$hooks)) + { + $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); + } + else + { + if(!$mail->sendMail($userdetails["email"],"Your new password")) + { + $errors[] = lang("MAIL_ERROR"); + } + else + { + if(!updatePasswordFromToken($secure_pass,$token)) + { + $errors[] = lang("SQL_ERROR"); + } + else + { + if(!flagLostPasswordRequest($userdetails["user_name"],0)) + { + $errors[] = lang("SQL_ERROR"); + } + else { + $successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL"); + } + } + } + } + } +} + +//User has denied this request +if(!empty($_GET["deny"])) +{ + $token = trim($_GET["deny"]); + + if($token == "" || !validateActivationToken($token,TRUE)) + { + $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); + } + else + { + + $userdetails = fetchUserDetails(NULL,$token); + + if(!flagLostPasswordRequest($userdetails["user_name"],0)) + { + $errors[] = lang("SQL_ERROR"); + } + else { + $successes[] = lang("FORGOTPASS_REQUEST_CANNED"); + } + } +} + +//Forms posted +if(!empty($_POST)) +{ + $email = $_POST["email"]; + $username = sanitize($_POST["username"]); + + //Perform some validation + //Feel free to edit / change as required + + if(trim($email) == "") + { + $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); + } + //Check to ensure email is in the correct format / in the db + else if(!isValidEmail($email) || !emailExists($email)) + { + $errors[] = lang("ACCOUNT_INVALID_EMAIL"); + } + + if(trim($username) == "") + { + $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); + } + else if(!usernameExists($username)) + { + $errors[] = lang("ACCOUNT_INVALID_USERNAME"); + } + + if(count($errors) == 0) + { + + //Check that the username / email are associated to the same account + if(!emailUsernameLinked($email,$username)) + { + $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); + } + else + { + //Check if the user has any outstanding lost password requests + $userdetails = fetchUserDetails($username); + if($userdetails["lost_password_request"] == 1) + { + $errors[] = lang("FORGOTPASS_REQUEST_EXISTS"); + } + else + { + //Email the user asking to confirm this change password request + //We can use the template builder here + + //We use the activation token again for the url key it gets regenerated everytime it's used. + + $mail = new userCakeMail(); + $confirm_url = lang("CONFIRM")."\n".$websiteUrl."forgot-password.php?confirm=".$userdetails["activation_token"]; + $deny_url = lang("DENY")."\n".$websiteUrl."forgot-password.php?deny=".$userdetails["activation_token"]; + + //Setup our custom hooks + $hooks = array( + "searchStrs" => array("#CONFIRM-URL#","#DENY-URL#","#USERNAME#"), + "subjectStrs" => array($confirm_url,$deny_url,$userdetails["user_name"]) + ); + + if(!$mail->newTemplateMsg("lost-password-request.txt",$hooks)) + { + $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); + } + else + { + if(!$mail->sendMail($userdetails["email"],"Lost password request")) + { + $errors[] = lang("MAIL_ERROR"); + } + else + { + //Update the DB to show this account has an outstanding request + if(!flagLostPasswordRequest($userdetails["user_name"],1)) + { + $errors[] = lang("SQL_ERROR"); + } + else { + + $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS"); + } + } + } + } + } + } +} + +require_once("models/header.php"); +echo " + +
+
+
+

UserCake

+

Forgot Password

+
"; + +include("left-nav.php"); + +echo " +
+
"; + +echo resultBlock($errors,$successes); + +echo " +
+
+

+ + +

+

+ + +

+

+ + +

+
+
+
+
+
+ +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/index.php b/testing/MCTXWeb/public_html/users/index.php new file mode 100644 index 0000000..63d11fb --- /dev/null +++ b/testing/MCTXWeb/public_html/users/index.php @@ -0,0 +1,47 @@ + +
+
+
+

UserCake

+

2.00

+
"; +include("left-nav.php"); + +echo " +
+
+

Thank you for downloading UserCake. 100% Free and Opensource.

+

Copyright (c) 2009-2012

+

Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the 'Software'), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions:

+

The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software.

+

THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE.

+
+
+
+ +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/left-nav.php b/testing/MCTXWeb/public_html/users/left-nav.php new file mode 100644 index 0000000..b6f053e --- /dev/null +++ b/testing/MCTXWeb/public_html/users/left-nav.php @@ -0,0 +1,44 @@ + +
  • Account Home
  • +
  • User Settings
  • +
  • Logout
  • + "; + + //Links for permission level 2 (default admin) + if ($loggedInUser->checkPermission(array(2))){ + echo " + "; + } +} +//Links for users not logged in +else { + echo " + "; +} + +?> diff --git a/testing/MCTXWeb/public_html/users/login.php b/testing/MCTXWeb/public_html/users/login.php new file mode 100644 index 0000000..f0168da --- /dev/null +++ b/testing/MCTXWeb/public_html/users/login.php @@ -0,0 +1,125 @@ +email = $userdetails["email"]; + $loggedInUser->user_id = $userdetails["id"]; + $loggedInUser->hash_pw = $userdetails["password"]; + $loggedInUser->title = $userdetails["title"]; + $loggedInUser->displayname = $userdetails["display_name"]; + $loggedInUser->username = $userdetails["user_name"]; + + //Update last sign in + $loggedInUser->updateLastSignIn(); + $_SESSION["userCakeUser"] = $loggedInUser; + + //Redirect to user account page + header("Location: account.php"); + die(); + } + } + } + } +} + +require_once("models/header.php"); + +echo " + +
    +
    +
    +

    UserCake

    +

    Login

    +
    "; + +include("left-nav.php"); + +echo " +
    +
    "; + +echo resultBlock($errors,$successes); + +echo " +
    +
    +

    + + +

    +

    + + +

    +

    + + +

    +
    +
    +
    +
    +
    + +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/logout.php b/testing/MCTXWeb/public_html/users/logout.php new file mode 100644 index 0000000..728a294 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/logout.php @@ -0,0 +1,35 @@ +userLogOut(); +} + +if(!empty($websiteUrl)) +{ + $add_http = ""; + + if(strpos($websiteUrl,"http://") === false) + { + $add_http = "http://"; + } + + header("Location: ".$add_http.$websiteUrl); + die(); +} +else +{ + header("Location: http://".$_SERVER['HTTP_HOST']); + die(); +} + +?> + diff --git a/testing/MCTXWeb/public_html/users/models/captcha.php b/testing/MCTXWeb/public_html/users/models/captcha.php new file mode 100644 index 0000000..a62adcb --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/captcha.php @@ -0,0 +1,27 @@ + diff --git a/testing/MCTXWeb/public_html/users/models/class.mail.php b/testing/MCTXWeb/public_html/users/models/class.mail.php new file mode 100644 index 0000000..55fdac8 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/class.mail.php @@ -0,0 +1,55 @@ +contents = file_get_contents($mail_templates_dir.$template); + + //Check to see we can access the file / it has some contents + if(!$this->contents || empty($this->contents)) + { + return false; + } + else + { + //Replace default hooks + $this->contents = replaceDefaultHook($this->contents); + + //Replace defined / custom hooks + $this->contents = str_replace($additionalHooks["searchStrs"],$additionalHooks["subjectStrs"],$this->contents); + + return true; + } + } + + public function sendMail($email,$subject,$msg = NULL) + { + global $websiteName,$emailAddress; + + $header = "MIME-Version: 1.0\r\n"; + $header .= "Content-type: text/plain; charset=iso-8859-1\r\n"; + $header .= "From: ". $websiteName . " <" . $emailAddress . ">\r\n"; + + //Check to see if we sending a template email. + if($msg == NULL) + $msg = $this->contents; + + $message = $msg; + + $message = wordwrap($message, 70); + + return mail($email,$subject,$message,$header); + } +} + +?> \ No newline at end of file diff --git a/testing/MCTXWeb/public_html/users/models/class.newuser.php b/testing/MCTXWeb/public_html/users/models/class.newuser.php new file mode 100644 index 0000000..83befea --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/class.newuser.php @@ -0,0 +1,162 @@ +displayname = $display; + + //Sanitize + $this->clean_email = sanitize($email); + $this->clean_password = trim($pass); + $this->username = sanitize($user); + + if(usernameExists($this->username)) + { + $this->username_taken = true; + } + else if(displayNameExists($this->displayname)) + { + $this->displayname_taken = true; + } + else if(emailExists($this->clean_email)) + { + $this->email_taken = true; + } + else + { + //No problems have been found. + $this->status = true; + } + } + + public function userCakeAddUser() + { + global $mysqli,$emailActivation,$websiteUrl,$db_table_prefix; + + //Prevent this function being called if there were construction errors + if($this->status) + { + //Construct a secure hash for the plain text password + $secure_pass = generateHash($this->clean_password); + + //Construct a unique activation token + $this->activation_token = generateActivationToken(); + + //Do we need to send out an activation email? + if($emailActivation == "true") + { + //User must activate their account first + $this->user_active = 0; + + $mail = new userCakeMail(); + + //Build the activation message + $activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE",array($websiteUrl,$this->activation_token)); + + //Define more if you want to build larger structures + $hooks = array( + "searchStrs" => array("#ACTIVATION-MESSAGE","#ACTIVATION-KEY","#USERNAME#"), + "subjectStrs" => array($activation_message,$this->activation_token,$this->displayname) + ); + + /* Build the template - Optional, you can just use the sendMail function + Instead to pass a message. */ + + if(!$mail->newTemplateMsg("new-registration.txt",$hooks)) + { + $this->mail_failure = true; + } + else + { + //Send the mail. Specify users email here and subject. + //SendMail can have a third parementer for message if you do not wish to build a template. + + if(!$mail->sendMail($this->clean_email,"New User")) + { + $this->mail_failure = true; + } + } + $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE2"); + } + else + { + //Instant account activation + $this->user_active = 1; + $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE1"); + } + + + if(!$this->mail_failure) + { + //Insert the user into the database providing no errors have been found. + $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."users ( + user_name, + display_name, + password, + email, + activation_token, + last_activation_request, + lost_password_request, + active, + title, + sign_up_stamp, + last_sign_in_stamp + ) + VALUES ( + ?, + ?, + ?, + ?, + ?, + '".time()."', + '0', + ?, + 'New Member', + '".time()."', + '0' + )"); + + $stmt->bind_param("sssssi", $this->username, $this->displayname, $secure_pass, $this->clean_email, $this->activation_token, $this->user_active); + $stmt->execute(); + $inserted_id = $mysqli->insert_id; + $stmt->close(); + + //Insert default permission into matches table + $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches ( + user_id, + permission_id + ) + VALUES ( + ?, + '1' + )"); + $stmt->bind_param("s", $inserted_id); + $stmt->execute(); + $stmt->close(); + } + } + } +} + +?> \ No newline at end of file diff --git a/testing/MCTXWeb/public_html/users/models/class.user.php b/testing/MCTXWeb/public_html/users/models/class.user.php new file mode 100644 index 0000000..6158b22 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/class.user.php @@ -0,0 +1,119 @@ +prepare("UPDATE ".$db_table_prefix."users + SET + last_sign_in_stamp = ? + WHERE + id = ?"); + $stmt->bind_param("ii", $time, $this->user_id); + $stmt->execute(); + $stmt->close(); + } + + //Return the timestamp when the user registered + public function signupTimeStamp() + { + global $mysqli,$db_table_prefix; + + $stmt = $mysqli->prepare("SELECT sign_up_stamp + FROM ".$db_table_prefix."users + WHERE id = ?"); + $stmt->bind_param("i", $this->user_id); + $stmt->execute(); + $stmt->bind_result($timestamp); + $stmt->fetch(); + $stmt->close(); + return ($timestamp); + } + + //Update a users password + public function updatePassword($pass) + { + global $mysqli,$db_table_prefix; + $secure_pass = generateHash($pass); + $this->hash_pw = $secure_pass; + $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users + SET + password = ? + WHERE + id = ?"); + $stmt->bind_param("si", $secure_pass, $this->user_id); + $stmt->execute(); + $stmt->close(); + } + + //Update a users email + public function updateEmail($email) + { + global $mysqli,$db_table_prefix; + $this->email = $email; + $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users + SET + email = ? + WHERE + id = ?"); + $stmt->bind_param("si", $email, $this->user_id); + $stmt->execute(); + $stmt->close(); + } + + //Is a user has a permission + public function checkPermission($permission) + { + global $mysqli,$db_table_prefix,$master_account; + + //Grant access if master user + + $stmt = $mysqli->prepare("SELECT id + FROM ".$db_table_prefix."user_permission_matches + WHERE user_id = ? + AND permission_id = ? + LIMIT 1 + "); + $access = 0; + foreach($permission as $check){ + if ($access == 0){ + $stmt->bind_param("ii", $this->user_id, $check); + $stmt->execute(); + $stmt->store_result(); + if ($stmt->num_rows > 0){ + $access = 1; + } + } + } + if ($access == 1) + { + return true; + } + if ($this->user_id == $master_account){ + return true; + } + else + { + return false; + } + $stmt->close(); + } + + //Logout + public function userLogOut() + { + destroySession("userCakeUser"); + } +} + +?> \ No newline at end of file diff --git a/testing/MCTXWeb/public_html/users/models/config.php b/testing/MCTXWeb/public_html/users/models/config.php new file mode 100644 index 0000000..6f2f3f2 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/config.php @@ -0,0 +1,57 @@ +prepare("SELECT id, name, value + FROM ".$db_table_prefix."configuration"); +$stmt->execute(); +$stmt->bind_result($id, $name, $value); + +while ($stmt->fetch()){ + $settings[$name] = array('id' => $id, 'name' => $name, 'value' => $value); +} +$stmt->close(); + +//Set Settings +$emailActivation = $settings['activation']['value']; +$mail_templates_dir = "models/mail-templates/"; +$websiteName = $settings['website_name']['value']; +$websiteUrl = $settings['website_url']['value']; +$emailAddress = $settings['email']['value']; +$resend_activation_threshold = $settings['resend_activation_threshold']['value']; +$emailDate = date('dmy'); +$language = $settings['language']['value']; +$template = $settings['template']['value']; + +$master_account = -1; + +$default_hooks = array("#WEBSITENAME#","#WEBSITEURL#","#DATE#"); +$default_replace = array($websiteName,$websiteUrl,$emailDate); + +if (!file_exists($language)) { + $language = "models/languages/en.php"; +} + +if(!isset($language)) $language = "models/languages/en.php"; + +//Pages to require +require_once($language); +require_once("class.mail.php"); +require_once("class.user.php"); +require_once("class.newuser.php"); +require_once("funcs.php"); + +session_start(); + +//Global User Object Var +//loggedInUser can be used globally if constructed +if(isset($_SESSION["userCakeUser"]) && is_object($_SESSION["userCakeUser"])) +{ + $loggedInUser = $_SESSION["userCakeUser"]; +} + +?> diff --git a/testing/MCTXWeb/public_html/users/models/db-settings.php b/testing/MCTXWeb/public_html/users/models/db-settings.php new file mode 100644 index 0000000..6027314 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/db-settings.php @@ -0,0 +1,37 @@ + diff --git a/testing/MCTXWeb/public_html/users/models/funcs.js b/testing/MCTXWeb/public_html/users/models/funcs.js new file mode 100644 index 0000000..cd038cc --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/funcs.js @@ -0,0 +1,11 @@ +/* +UserCake Version: 2.0.2 +http://usercake.com +*/ +function showHide(div){ + if(document.getElementById(div).style.display = 'block'){ + document.getElementById(div).style.display = 'none'; + }else{ + document.getElementById(div).style.display = 'block'; + } +} diff --git a/testing/MCTXWeb/public_html/users/models/funcs.php b/testing/MCTXWeb/public_html/users/models/funcs.php new file mode 100644 index 0000000..021f3a0 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/funcs.php @@ -0,0 +1,1185 @@ + $max) + return true; + else + return false; +} + +//Replaces hooks with specified text +function replaceDefaultHook($str) +{ + global $default_hooks,$default_replace; + return (str_replace($default_hooks,$default_replace,$str)); +} + +//Displays error and success messages +function resultBlock($errors,$successes){ + //Error block + if(count($errors) > 0) + { + echo "
    + [X] +
      "; + foreach($errors as $error) + { + echo "
    • ".$error."
    • "; + } + echo "
    "; + echo "
    "; + } + //Success block + if(count($successes) > 0) + { + echo "
    + [X] +
      "; + foreach($successes as $success) + { + echo "
    • ".$success."
    • "; + } + echo "
    "; + echo "
    "; + } +} + +//Completely sanitizes text +function sanitize($str) +{ + return strtolower(strip_tags(trim(($str)))); +} + +//Functions that interact mainly with .users table +//------------------------------------------------------------------------------ + +//Delete a defined array of users +function deleteUsers($users) { + global $mysqli,$db_table_prefix; + $i = 0; + $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."users + WHERE id = ?"); + $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches + WHERE user_id = ?"); + foreach($users as $id){ + $stmt->bind_param("i", $id); + $stmt->execute(); + $stmt2->bind_param("i", $id); + $stmt2->execute(); + $i++; + } + $stmt->close(); + $stmt2->close(); + return $i; +} + +//Check if a display name exists in the DB +function displayNameExists($displayname) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT active + FROM ".$db_table_prefix."users + WHERE + display_name = ? + LIMIT 1"); + $stmt->bind_param("s", $displayname); + $stmt->execute(); + $stmt->store_result(); + $num_returns = $stmt->num_rows; + $stmt->close(); + + if ($num_returns > 0) + { + return true; + } + else + { + return false; + } +} + +//Check if an email exists in the DB +function emailExists($email) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT active + FROM ".$db_table_prefix."users + WHERE + email = ? + LIMIT 1"); + $stmt->bind_param("s", $email); + $stmt->execute(); + $stmt->store_result(); + $num_returns = $stmt->num_rows; + $stmt->close(); + + if ($num_returns > 0) + { + return true; + } + else + { + return false; + } +} + +//Check if a user name and email belong to the same user +function emailUsernameLinked($email,$username) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT active + FROM ".$db_table_prefix."users + WHERE user_name = ? + AND + email = ? + LIMIT 1 + "); + $stmt->bind_param("ss", $username, $email); + $stmt->execute(); + $stmt->store_result(); + $num_returns = $stmt->num_rows; + $stmt->close(); + + if ($num_returns > 0) + { + return true; + } + else + { + return false; + } +} + +//Retrieve information for all users +function fetchAllUsers() +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT + id, + user_name, + display_name, + password, + email, + activation_token, + last_activation_request, + lost_password_request, + active, + title, + sign_up_stamp, + last_sign_in_stamp + FROM ".$db_table_prefix."users"); + $stmt->execute(); + $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn); + + while ($stmt->fetch()){ + $row[] = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn); + } + $stmt->close(); + return ($row); +} + +//Retrieve complete user information by username, token or ID +function fetchUserDetails($username=NULL,$token=NULL, $id=NULL) +{ + if($username!=NULL) { + $column = "user_name"; + $data = $username; + } + elseif($token!=NULL) { + $column = "activation_token"; + $data = $token; + } + elseif($id!=NULL) { + $column = "id"; + $data = $id; + } + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT + id, + user_name, + display_name, + password, + email, + activation_token, + last_activation_request, + lost_password_request, + active, + title, + sign_up_stamp, + last_sign_in_stamp + FROM ".$db_table_prefix."users + WHERE + $column = ? + LIMIT 1"); + $stmt->bind_param("s", $data); + + $stmt->execute(); + $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn); + while ($stmt->fetch()){ + $row = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn); + } + $stmt->close(); + return ($row); +} + +//Toggle if lost password request flag on or off +function flagLostPasswordRequest($username,$value) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users + SET lost_password_request = ? + WHERE + user_name = ? + LIMIT 1 + "); + $stmt->bind_param("ss", $value, $username); + $result = $stmt->execute(); + $stmt->close(); + return $result; +} + +//Check if a user is logged in +function isUserLoggedIn() +{ + global $loggedInUser,$mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT + id, + password + FROM ".$db_table_prefix."users + WHERE + id = ? + AND + password = ? + AND + active = 1 + LIMIT 1"); + $stmt->bind_param("is", $loggedInUser->user_id, $loggedInUser->hash_pw); + $stmt->execute(); + $stmt->store_result(); + $num_returns = $stmt->num_rows; + $stmt->close(); + + if($loggedInUser == NULL) + { + return false; + } + else + { + if ($num_returns > 0) + { + return true; + } + else + { + destroySession("userCakeUser"); + return false; + } + } +} + +//Change a user from inactive to active +function setUserActive($token) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users + SET active = 1 + WHERE + activation_token = ? + LIMIT 1"); + $stmt->bind_param("s", $token); + $result = $stmt->execute(); + $stmt->close(); + return $result; +} + +//Change a user's display name +function updateDisplayName($id, $display) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users + SET display_name = ? + WHERE + id = ? + LIMIT 1"); + $stmt->bind_param("si", $display, $id); + $result = $stmt->execute(); + $stmt->close(); + return $result; +} + +//Update a user's email +function updateEmail($id, $email) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users + SET + email = ? + WHERE + id = ?"); + $stmt->bind_param("si", $email, $id); + $result = $stmt->execute(); + $stmt->close(); + return $result; +} + +//Input new activation token, and update the time of the most recent activation request +function updateLastActivationRequest($new_activation_token,$username,$email) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users + SET activation_token = ?, + last_activation_request = ? + WHERE email = ? + AND + user_name = ?"); + $stmt->bind_param("ssss", $new_activation_token, time(), $email, $username); + $result = $stmt->execute(); + $stmt->close(); + return $result; +} + +//Generate a random password, and new token +function updatePasswordFromToken($pass,$token) +{ + global $mysqli,$db_table_prefix; + $new_activation_token = generateActivationToken(); + $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users + SET password = ?, + activation_token = ? + WHERE + activation_token = ?"); + $stmt->bind_param("sss", $pass, $new_activation_token, $token); + $result = $stmt->execute(); + $stmt->close(); + return $result; +} + +//Update a user's title +function updateTitle($id, $title) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users + SET + title = ? + WHERE + id = ?"); + $stmt->bind_param("si", $title, $id); + $result = $stmt->execute(); + $stmt->close(); + return $result; +} + +//Check if a user ID exists in the DB +function userIdExists($id) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT active + FROM ".$db_table_prefix."users + WHERE + id = ? + LIMIT 1"); + $stmt->bind_param("i", $id); + $stmt->execute(); + $stmt->store_result(); + $num_returns = $stmt->num_rows; + $stmt->close(); + + if ($num_returns > 0) + { + return true; + } + else + { + return false; + } +} + +//Checks if a username exists in the DB +function usernameExists($username) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT active + FROM ".$db_table_prefix."users + WHERE + user_name = ? + LIMIT 1"); + $stmt->bind_param("s", $username); + $stmt->execute(); + $stmt->store_result(); + $num_returns = $stmt->num_rows; + $stmt->close(); + + if ($num_returns > 0) + { + return true; + } + else + { + return false; + } +} + +//Check if activation token exists in DB +function validateActivationToken($token,$lostpass=NULL) +{ + global $mysqli,$db_table_prefix; + if($lostpass == NULL) + { + $stmt = $mysqli->prepare("SELECT active + FROM ".$db_table_prefix."users + WHERE active = 0 + AND + activation_token = ? + LIMIT 1"); + } + else + { + $stmt = $mysqli->prepare("SELECT active + FROM ".$db_table_prefix."users + WHERE active = 1 + AND + activation_token = ? + AND + lost_password_request = 1 + LIMIT 1"); + } + $stmt->bind_param("s", $token); + $stmt->execute(); + $stmt->store_result(); + $num_returns = $stmt->num_rows; + $stmt->close(); + + if ($num_returns > 0) + { + return true; + } + else + { + return false; + } +} + +//Functions that interact mainly with .permissions table +//------------------------------------------------------------------------------ + +//Create a permission level in DB +function createPermission($permission) { + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permissions ( + name + ) + VALUES ( + ? + )"); + $stmt->bind_param("s", $permission); + $result = $stmt->execute(); + $stmt->close(); + return $result; +} + +//Delete a permission level from the DB +function deletePermission($permission) { + global $mysqli,$db_table_prefix,$errors; + $i = 0; + $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permissions + WHERE id = ?"); + $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches + WHERE permission_id = ?"); + $stmt3 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches + WHERE permission_id = ?"); + foreach($permission as $id){ + if ($id == 1){ + $errors[] = lang("CANNOT_DELETE_NEWUSERS"); + } + elseif ($id == 2){ + $errors[] = lang("CANNOT_DELETE_ADMIN"); + } + else{ + $stmt->bind_param("i", $id); + $stmt->execute(); + $stmt2->bind_param("i", $id); + $stmt2->execute(); + $stmt3->bind_param("i", $id); + $stmt3->execute(); + $i++; + } + } + $stmt->close(); + $stmt2->close(); + $stmt3->close(); + return $i; +} + +//Retrieve information for all permission levels +function fetchAllPermissions() +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT + id, + name + FROM ".$db_table_prefix."permissions"); + $stmt->execute(); + $stmt->bind_result($id, $name); + while ($stmt->fetch()){ + $row[] = array('id' => $id, 'name' => $name); + } + $stmt->close(); + return ($row); +} + +//Retrieve information for a single permission level +function fetchPermissionDetails($id) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT + id, + name + FROM ".$db_table_prefix."permissions + WHERE + id = ? + LIMIT 1"); + $stmt->bind_param("i", $id); + $stmt->execute(); + $stmt->bind_result($id, $name); + while ($stmt->fetch()){ + $row = array('id' => $id, 'name' => $name); + } + $stmt->close(); + return ($row); +} + +//Check if a permission level ID exists in the DB +function permissionIdExists($id) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT id + FROM ".$db_table_prefix."permissions + WHERE + id = ? + LIMIT 1"); + $stmt->bind_param("i", $id); + $stmt->execute(); + $stmt->store_result(); + $num_returns = $stmt->num_rows; + $stmt->close(); + + if ($num_returns > 0) + { + return true; + } + else + { + return false; + } +} + +//Check if a permission level name exists in the DB +function permissionNameExists($permission) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT id + FROM ".$db_table_prefix."permissions + WHERE + name = ? + LIMIT 1"); + $stmt->bind_param("s", $permission); + $stmt->execute(); + $stmt->store_result(); + $num_returns = $stmt->num_rows; + $stmt->close(); + + if ($num_returns > 0) + { + return true; + } + else + { + return false; + } +} + +//Change a permission level's name +function updatePermissionName($id, $name) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."permissions + SET name = ? + WHERE + id = ? + LIMIT 1"); + $stmt->bind_param("si", $name, $id); + $result = $stmt->execute(); + $stmt->close(); + return $result; +} + +//Functions that interact mainly with .user_permission_matches table +//------------------------------------------------------------------------------ + +//Match permission level(s) with user(s) +function addPermission($permission, $user) { + global $mysqli,$db_table_prefix; + $i = 0; + $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches ( + permission_id, + user_id + ) + VALUES ( + ?, + ? + )"); + if (is_array($permission)){ + foreach($permission as $id){ + $stmt->bind_param("ii", $id, $user); + $stmt->execute(); + $i++; + } + } + elseif (is_array($user)){ + foreach($user as $id){ + $stmt->bind_param("ii", $permission, $id); + $stmt->execute(); + $i++; + } + } + else { + $stmt->bind_param("ii", $permission, $user); + $stmt->execute(); + $i++; + } + $stmt->close(); + return $i; +} + +//Retrieve information for all user/permission level matches +function fetchAllMatches() +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT + id, + user_id, + permission_id + FROM ".$db_table_prefix."user_permission_matches"); + $stmt->execute(); + $stmt->bind_result($id, $user, $permission); + while ($stmt->fetch()){ + $row[] = array('id' => $id, 'user_id' => $user, 'permission_id' => $permission); + } + $stmt->close(); + return ($row); +} + +//Retrieve list of permission levels a user has +function fetchUserPermissions($user_id) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT + id, + permission_id + FROM ".$db_table_prefix."user_permission_matches + WHERE user_id = ? + "); + $stmt->bind_param("i", $user_id); + $stmt->execute(); + $stmt->bind_result($id, $permission); + while ($stmt->fetch()){ + $row[$permission] = array('id' => $id, 'permission_id' => $permission); + } + $stmt->close(); + if (isset($row)){ + return ($row); + } +} + +//Retrieve list of users who have a permission level +function fetchPermissionUsers($permission_id) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT id, user_id + FROM ".$db_table_prefix."user_permission_matches + WHERE permission_id = ? + "); + $stmt->bind_param("i", $permission_id); + $stmt->execute(); + $stmt->bind_result($id, $user); + while ($stmt->fetch()){ + $row[$user] = array('id' => $id, 'user_id' => $user); + } + $stmt->close(); + if (isset($row)){ + return ($row); + } +} + +//Unmatch permission level(s) from user(s) +function removePermission($permission, $user) { + global $mysqli,$db_table_prefix; + $i = 0; + $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches + WHERE permission_id = ? + AND user_id =?"); + if (is_array($permission)){ + foreach($permission as $id){ + $stmt->bind_param("ii", $id, $user); + $stmt->execute(); + $i++; + } + } + elseif (is_array($user)){ + foreach($user as $id){ + $stmt->bind_param("ii", $permission, $id); + $stmt->execute(); + $i++; + } + } + else { + $stmt->bind_param("ii", $permission, $user); + $stmt->execute(); + $i++; + } + $stmt->close(); + return $i; +} + +//Functions that interact mainly with .configuration table +//------------------------------------------------------------------------------ + +//Update configuration table +function updateConfig($id, $value) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."configuration + SET + value = ? + WHERE + id = ?"); + foreach ($id as $cfg){ + $stmt->bind_param("si", $value[$cfg], $cfg); + $stmt->execute(); + } + $stmt->close(); +} + +//Functions that interact mainly with .pages table +//------------------------------------------------------------------------------ + +//Add a page to the DB +function createPages($pages) { + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."pages ( + page + ) + VALUES ( + ? + )"); + foreach($pages as $page){ + $stmt->bind_param("s", $page); + $stmt->execute(); + } + $stmt->close(); +} + +//Delete a page from the DB +function deletePages($pages) { + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."pages + WHERE id = ?"); + $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches + WHERE page_id = ?"); + foreach($pages as $id){ + $stmt->bind_param("i", $id); + $stmt->execute(); + $stmt2->bind_param("i", $id); + $stmt2->execute(); + } + $stmt->close(); + $stmt2->close(); +} + +//Fetch information on all pages +function fetchAllPages() +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT + id, + page, + private + FROM ".$db_table_prefix."pages"); + $stmt->execute(); + $stmt->bind_result($id, $page, $private); + while ($stmt->fetch()){ + $row[$page] = array('id' => $id, 'page' => $page, 'private' => $private); + } + $stmt->close(); + if (isset($row)){ + return ($row); + } +} + +//Fetch information for a specific page +function fetchPageDetails($id) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT + id, + page, + private + FROM ".$db_table_prefix."pages + WHERE + id = ? + LIMIT 1"); + $stmt->bind_param("i", $id); + $stmt->execute(); + $stmt->bind_result($id, $page, $private); + while ($stmt->fetch()){ + $row = array('id' => $id, 'page' => $page, 'private' => $private); + } + $stmt->close(); + return ($row); +} + +//Check if a page ID exists +function pageIdExists($id) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT private + FROM ".$db_table_prefix."pages + WHERE + id = ? + LIMIT 1"); + $stmt->bind_param("i", $id); + $stmt->execute(); + $stmt->store_result(); + $num_returns = $stmt->num_rows; + $stmt->close(); + + if ($num_returns > 0) + { + return true; + } + else + { + return false; + } +} + +//Toggle private/public setting of a page +function updatePrivate($id, $private) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."pages + SET + private = ? + WHERE + id = ?"); + $stmt->bind_param("ii", $private, $id); + $result = $stmt->execute(); + $stmt->close(); + return $result; +} + +//Functions that interact mainly with .permission_page_matches table +//------------------------------------------------------------------------------ + +//Match permission level(s) with page(s) +function addPage($page, $permission) { + global $mysqli,$db_table_prefix; + $i = 0; + $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permission_page_matches ( + permission_id, + page_id + ) + VALUES ( + ?, + ? + )"); + if (is_array($permission)){ + foreach($permission as $id){ + $stmt->bind_param("ii", $id, $page); + $stmt->execute(); + $i++; + } + } + elseif (is_array($page)){ + foreach($page as $id){ + $stmt->bind_param("ii", $permission, $id); + $stmt->execute(); + $i++; + } + } + else { + $stmt->bind_param("ii", $permission, $page); + $stmt->execute(); + $i++; + } + $stmt->close(); + return $i; +} + +//Retrieve list of permission levels that can access a page +function fetchPagePermissions($page_id) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT + id, + permission_id + FROM ".$db_table_prefix."permission_page_matches + WHERE page_id = ? + "); + $stmt->bind_param("i", $page_id); + $stmt->execute(); + $stmt->bind_result($id, $permission); + while ($stmt->fetch()){ + $row[$permission] = array('id' => $id, 'permission_id' => $permission); + } + $stmt->close(); + if (isset($row)){ + return ($row); + } +} + +//Retrieve list of pages that a permission level can access +function fetchPermissionPages($permission_id) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT + id, + page_id + FROM ".$db_table_prefix."permission_page_matches + WHERE permission_id = ? + "); + $stmt->bind_param("i", $permission_id); + $stmt->execute(); + $stmt->bind_result($id, $page); + while ($stmt->fetch()){ + $row[$page] = array('id' => $id, 'permission_id' => $page); + } + $stmt->close(); + if (isset($row)){ + return ($row); + } +} + +//Unmatched permission and page +function removePage($page, $permission) { + global $mysqli,$db_table_prefix; + $i = 0; + $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches + WHERE page_id = ? + AND permission_id =?"); + if (is_array($page)){ + foreach($page as $id){ + $stmt->bind_param("ii", $id, $permission); + $stmt->execute(); + $i++; + } + } + elseif (is_array($permission)){ + foreach($permission as $id){ + $stmt->bind_param("ii", $page, $id); + $stmt->execute(); + $i++; + } + } + else { + $stmt->bind_param("ii", $permission, $user); + $stmt->execute(); + $i++; + } + $stmt->close(); + return $i; +} + +//Check if a user has access to a page +function securePage($uri){ + + //Separate document name from uri + $tokens = explode('/', $uri); + $page = $tokens[sizeof($tokens)-1]; + global $mysqli,$db_table_prefix,$loggedInUser; + //retrieve page details + $stmt = $mysqli->prepare("SELECT + id, + page, + private + FROM ".$db_table_prefix."pages + WHERE + page = ? + LIMIT 1"); + $stmt->bind_param("s", $page); + $stmt->execute(); + $stmt->bind_result($id, $page, $private); + while ($stmt->fetch()){ + $pageDetails = array('id' => $id, 'page' => $page, 'private' => $private); + } + $stmt->close(); + //If page does not exist in DB, allow access + if (empty($pageDetails)){ + return true; + } + //If page is public, allow access + elseif ($pageDetails['private'] == 0) { + return true; + } + //If user is not logged in, deny access + elseif(!isUserLoggedIn()) + { + header("Location: login.php"); + return false; + } + else { + //Retrieve list of permission levels with access to page + $stmt = $mysqli->prepare("SELECT + permission_id + FROM ".$db_table_prefix."permission_page_matches + WHERE page_id = ? + "); + $stmt->bind_param("i", $pageDetails['id']); + $stmt->execute(); + $stmt->bind_result($permission); + while ($stmt->fetch()){ + $pagePermissions[] = $permission; + } + $stmt->close(); + //Check if user's permission levels allow access to page + if ($loggedInUser->checkPermission($pagePermissions)){ + return true; + } + //Grant access if master user + elseif ($loggedInUser->user_id == $master_account){ + return true; + } + else { + header("Location: account.php"); + return false; + } + } +} + +?> diff --git a/testing/MCTXWeb/public_html/users/models/header.php b/testing/MCTXWeb/public_html/users/models/header.php new file mode 100644 index 0000000..ee78a54 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/header.php @@ -0,0 +1,17 @@ + + + + +".$websiteName." + + +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/models/languages/en.php b/testing/MCTXWeb/public_html/users/models/languages/en.php new file mode 100644 index 0000000..0e0cdb7 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/languages/en.php @@ -0,0 +1,121 @@ + "Please enter your username", + "ACCOUNT_SPECIFY_PASSWORD" => "Please enter your password", + "ACCOUNT_SPECIFY_EMAIL" => "Please enter your email address", + "ACCOUNT_INVALID_EMAIL" => "Invalid email address", + "ACCOUNT_USER_OR_EMAIL_INVALID" => "Username or email address is invalid", + "ACCOUNT_USER_OR_PASS_INVALID" => "Username or password is invalid", + "ACCOUNT_ALREADY_ACTIVE" => "Your account is already activated", + "ACCOUNT_INACTIVE" => "Your account is in-active. Check your emails / spam folder for account activation instructions", + "ACCOUNT_USER_CHAR_LIMIT" => "Your username must be between %m1% and %m2% characters in length", + "ACCOUNT_DISPLAY_CHAR_LIMIT" => "Your display name must be between %m1% and %m2% characters in length", + "ACCOUNT_PASS_CHAR_LIMIT" => "Your password must be between %m1% and %m2% characters in length", + "ACCOUNT_TITLE_CHAR_LIMIT" => "Titles must be between %m1% and %m2% characters in length", + "ACCOUNT_PASS_MISMATCH" => "Your password and confirmation password must match", + "ACCOUNT_DISPLAY_INVALID_CHARACTERS" => "Display name can only include alpha-numeric characters", + "ACCOUNT_USERNAME_IN_USE" => "Username %m1% is already in use", + "ACCOUNT_DISPLAYNAME_IN_USE" => "Display name %m1% is already in use", + "ACCOUNT_EMAIL_IN_USE" => "Email %m1% is already in use", + "ACCOUNT_LINK_ALREADY_SENT" => "An activation email has already been sent to this email address in the last %m1% hour(s)", + "ACCOUNT_NEW_ACTIVATION_SENT" => "We have emailed you a new activation link, please check your email", + "ACCOUNT_SPECIFY_NEW_PASSWORD" => "Please enter your new password", + "ACCOUNT_SPECIFY_CONFIRM_PASSWORD" => "Please confirm your new password", + "ACCOUNT_NEW_PASSWORD_LENGTH" => "New password must be between %m1% and %m2% characters in length", + "ACCOUNT_PASSWORD_INVALID" => "Current password doesn't match the one we have on record", + "ACCOUNT_DETAILS_UPDATED" => "Account details updated", + "ACCOUNT_ACTIVATION_MESSAGE" => "You will need to activate your account before you can login. Please follow the link below to activate your account. \n\n + %m1%activate-account.php?token=%m2%", + "ACCOUNT_ACTIVATION_COMPLETE" => "You have successfully activated your account. You can now login here.", + "ACCOUNT_REGISTRATION_COMPLETE_TYPE1" => "You have successfully registered. You can now login here.", + "ACCOUNT_REGISTRATION_COMPLETE_TYPE2" => "You have successfully registered. You will soon receive an activation email. + You must activate your account before logging in.", + "ACCOUNT_PASSWORD_NOTHING_TO_UPDATE" => "You cannot update with the same password", + "ACCOUNT_PASSWORD_UPDATED" => "Account password updated", + "ACCOUNT_EMAIL_UPDATED" => "Account email updated", + "ACCOUNT_TOKEN_NOT_FOUND" => "Token does not exist / Account is already activated", + "ACCOUNT_USER_INVALID_CHARACTERS" => "Username can only include alpha-numeric characters", + "ACCOUNT_DELETIONS_SUCCESSFUL" => "You have successfully deleted %m1% users", + "ACCOUNT_MANUALLY_ACTIVATED" => "%m1%'s account has been manually activated", + "ACCOUNT_DISPLAYNAME_UPDATED" => "Displayname changed to %m1%", + "ACCOUNT_TITLE_UPDATED" => "%m1%'s title changed to %m2%", + "ACCOUNT_PERMISSION_ADDED" => "Added access to %m1% permission levels", + "ACCOUNT_PERMISSION_REMOVED" => "Removed access from %m1% permission levels", + "ACCOUNT_INVALID_USERNAME" => "Invalid username", + )); + +//Configuration +$lang = array_merge($lang,array( + "CONFIG_NAME_CHAR_LIMIT" => "Site name must be between %m1% and %m2% characters in length", + "CONFIG_URL_CHAR_LIMIT" => "Site name must be between %m1% and %m2% characters in length", + "CONFIG_EMAIL_CHAR_LIMIT" => "Site name must be between %m1% and %m2% characters in length", + "CONFIG_ACTIVATION_TRUE_FALSE" => "Email activation must be either `true` or `false`", + "CONFIG_ACTIVATION_RESEND_RANGE" => "Activation Threshold must be between %m1% and %m2% hours", + "CONFIG_LANGUAGE_CHAR_LIMIT" => "Language path must be between %m1% and %m2% characters in length", + "CONFIG_LANGUAGE_INVALID" => "There is no file for the language key `%m1%`", + "CONFIG_TEMPLATE_CHAR_LIMIT" => "Template path must be between %m1% and %m2% characters in length", + "CONFIG_TEMPLATE_INVALID" => "There is no file for the template key `%m1%`", + "CONFIG_EMAIL_INVALID" => "The email you have entered is not valid", + "CONFIG_INVALID_URL_END" => "Please include the ending / in your site's URL", + "CONFIG_UPDATE_SUCCESSFUL" => "Your site's configuration has been updated. You may need to load a new page for all the settings to take effect", + )); + +//Forgot Password +$lang = array_merge($lang,array( + "FORGOTPASS_INVALID_TOKEN" => "Your activation token is not valid", + "FORGOTPASS_NEW_PASS_EMAIL" => "We have emailed you a new password", + "FORGOTPASS_REQUEST_CANNED" => "Lost password request cancelled", + "FORGOTPASS_REQUEST_EXISTS" => "There is already a outstanding lost password request on this account", + "FORGOTPASS_REQUEST_SUCCESS" => "We have emailed you instructions on how to regain access to your account", + )); + +//Mail +$lang = array_merge($lang,array( + "MAIL_ERROR" => "Fatal error attempting mail, contact your server administrator", + "MAIL_TEMPLATE_BUILD_ERROR" => "Error building email template", + "MAIL_TEMPLATE_DIRECTORY_ERROR" => "Unable to open mail-templates directory. Perhaps try setting the mail directory to %m1%", + "MAIL_TEMPLATE_FILE_EMPTY" => "Template file is empty... nothing to send", + )); + +//Miscellaneous +$lang = array_merge($lang,array( + "CAPTCHA_FAIL" => "Failed security question", + "CONFIRM" => "Confirm", + "DENY" => "Deny", + "SUCCESS" => "Success", + "ERROR" => "Error", + "NOTHING_TO_UPDATE" => "Nothing to update", + "SQL_ERROR" => "Fatal SQL error", + "FEATURE_DISABLED" => "This feature is currently disabled", + "PAGE_PRIVATE_TOGGLED" => "This page is now %m1%", + "PAGE_ACCESS_REMOVED" => "Page access removed for %m1% permission level(s)", + "PAGE_ACCESS_ADDED" => "Page access added for %m1% permission level(s)", + )); + +//Permissions +$lang = array_merge($lang,array( + "PERMISSION_CHAR_LIMIT" => "Permission names must be between %m1% and %m2% characters in length", + "PERMISSION_NAME_IN_USE" => "Permission name %m1% is already in use", + "PERMISSION_DELETIONS_SUCCESSFUL" => "Successfully deleted %m1% permission level(s)", + "PERMISSION_CREATION_SUCCESSFUL" => "Successfully created the permission level `%m1%`", + "PERMISSION_NAME_UPDATE" => "Permission level name changed to `%m1%`", + "PERMISSION_REMOVE_PAGES" => "Successfully removed access to %m1% page(s)", + "PERMISSION_ADD_PAGES" => "Successfully added access to %m1% page(s)", + "PERMISSION_REMOVE_USERS" => "Successfully removed %m1% user(s)", + "PERMISSION_ADD_USERS" => "Successfully added %m1% user(s)", + "CANNOT_DELETE_NEWUSERS" => "You cannot delete the default 'new user' group", + "CANNOT_DELETE_ADMIN" => "You cannot delete the default 'admin' group", + )); +?> \ No newline at end of file diff --git a/testing/MCTXWeb/public_html/users/models/mail-templates/lost-password-request.txt b/testing/MCTXWeb/public_html/users/models/mail-templates/lost-password-request.txt new file mode 100644 index 0000000..9812aa1 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/mail-templates/lost-password-request.txt @@ -0,0 +1,9 @@ +Hello #USERNAME# + +A lost password request has been submitted for your account on #DATE#. + +To confirm / deny this request click one of the below links + +#CONFIRM-URL# + +#DENY-URL# diff --git a/testing/MCTXWeb/public_html/users/models/mail-templates/new-registration.txt b/testing/MCTXWeb/public_html/users/models/mail-templates/new-registration.txt new file mode 100644 index 0000000..48bb0f8 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/mail-templates/new-registration.txt @@ -0,0 +1,6 @@ +Hello #USERNAME# + +Thank you for joining our website #WEBSITENAME# +#ACTIVATION-MESSAGE + +-Regards \ No newline at end of file diff --git a/testing/MCTXWeb/public_html/users/models/mail-templates/resend-activation.txt b/testing/MCTXWeb/public_html/users/models/mail-templates/resend-activation.txt new file mode 100644 index 0000000..918261c --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/mail-templates/resend-activation.txt @@ -0,0 +1,9 @@ +Hello #USERNAME# + +We have received a new activation request for your account. Please follow the link below to activate. + +If you did not request this e-mail, please disregard this message. + +#ACTIVATION-URL + +-Regards \ No newline at end of file diff --git a/testing/MCTXWeb/public_html/users/models/mail-templates/your-lost-password.txt b/testing/MCTXWeb/public_html/users/models/mail-templates/your-lost-password.txt new file mode 100644 index 0000000..c129d5a --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/mail-templates/your-lost-password.txt @@ -0,0 +1,9 @@ +Hello #USERNAME# + +We have set up a temporary password for your account at #WEBSITENAME#. + +Please login at #WEBSITEURL#login.php as soon as possible and change this password to something you will remember. + +Your Password: #GENERATED-PASS# + +-Regards diff --git a/testing/MCTXWeb/public_html/users/models/site-templates/default.css b/testing/MCTXWeb/public_html/users/models/site-templates/default.css new file mode 100644 index 0000000..4e72be5 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/models/site-templates/default.css @@ -0,0 +1,112 @@ +html, body { + margin: 0px; + background: #fff; + font-family:Verdana, Arial, Helvetica, sans-serif; + font-size:0.95em; + color:#4d4948; +} + +h1 { + margin: 0; + text-align: center; + font-size: 150%; + padding: 0px; +} + +h2 { + margin: 0; + text-align: center; + font-size: 120%; + padding: 0px; +} + +h3 { + margin: 0; + font-size: 105%; + padding: 0px; +} + +a { + color:#4d4948; +} + +#top { + margin: 0 auto 0 auto; + background:url('images/top-bg.jpg') repeat-x; + width:100%; + height:115px; +} + +#logo { + margin: 0 auto 0 auto; + background:url('images/latest-build.gif'); + width: 155px; + height: 124px; +} + +#content { + margin: 0 auto 0 auto; + width: 95%; +} + +#content #left-nav { + width:15%; + float:left; + font-size:95%; +} + +#content #left-nav ul { + padding:0 0 50px 0; + margin:0; +} + +#content #left-nav ul li { + padding:0; + margin:0; + list-style:none; +} + +#content #left-nav ul li a { + text-decoration:none; +} + +#content #left-nav ul li a:hover { + color:#ff0505; + text-decoration:underline; +} + +#content #main { + float:left; + width:85%; + font-size:90%; +} + +#content #main #regbox { + padding: 0 0 0 0; +} + +#content #main #regbox label { + width:100px; + float:left; +} + +table.admin td { + vertical-align: top; +} + +#error { + display:block; + margin:5px; + color:#4d4948; + background-color:#fffebe; + border: 1px solid #cbcbcb; + font-size:90%; +} + +#success { + margin:5px; + color:#4d4948; + background-color:#bce9b5; + border: 1px solid #7ace6c; + font-size:90%; +} diff --git a/testing/MCTXWeb/public_html/users/models/site-templates/images/latest-build.gif b/testing/MCTXWeb/public_html/users/models/site-templates/images/latest-build.gif new file mode 100644 index 0000000..616c805 Binary files /dev/null and b/testing/MCTXWeb/public_html/users/models/site-templates/images/latest-build.gif differ diff --git a/testing/MCTXWeb/public_html/users/models/site-templates/images/top-bg.jpg b/testing/MCTXWeb/public_html/users/models/site-templates/images/top-bg.jpg new file mode 100644 index 0000000..1adf673 Binary files /dev/null and b/testing/MCTXWeb/public_html/users/models/site-templates/images/top-bg.jpg differ diff --git a/testing/MCTXWeb/public_html/users/register.php b/testing/MCTXWeb/public_html/users/register.php new file mode 100644 index 0000000..32f1ae1 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/register.php @@ -0,0 +1,144 @@ +status) + { + if($user->username_taken) $errors[] = lang("ACCOUNT_USERNAME_IN_USE",array($username)); + if($user->displayname_taken) $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname)); + if($user->email_taken) $errors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email)); + } + else + { + //Attempt to add the user to the database, carry out finishing tasks like emailing the user (if required) + if(!$user->userCakeAddUser()) + { + if($user->mail_failure) $errors[] = lang("MAIL_ERROR"); + if($user->sql_failure) $errors[] = lang("SQL_ERROR"); + } + } + } + if(count($errors) == 0) { + $successes[] = $user->success; + } +} + +require_once("models/header.php"); +echo " + +
    +
    +
    +

    UserCake

    +

    Register

    + +
    "; +include("left-nav.php"); +echo " +
    + +
    "; + +echo resultBlock($errors,$successes); + +echo " +
    +
    + +

    + + +

    +

    + + +

    +

    + + +

    +

    + + +

    +

    + + +

    +

    + + +

    + + +

    +
    + +
    +
    +
    + +"; +?> diff --git a/testing/MCTXWeb/public_html/users/resend-activation.php b/testing/MCTXWeb/public_html/users/resend-activation.php new file mode 100644 index 0000000..acbee1b --- /dev/null +++ b/testing/MCTXWeb/public_html/users/resend-activation.php @@ -0,0 +1,166 @@ + array("#ACTIVATION-URL","#USERNAME#"), + "subjectStrs" => array($activation_url,$userdetails["display_name"]) + ); + + if(!$mail->newTemplateMsg("resend-activation.txt",$hooks)) + { + $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); + } + else + { + if(!$mail->sendMail($userdetails["email"],"Activate your ".$websiteName." Account")) + { + $errors[] = lang("MAIL_ERROR"); + } + else + { + //Success, user details have been updated in the db now mail this information out. + $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT"); + } + } + } + } + } + } + } +} + +//Prevent the user visiting the logged in page if he/she is already logged in +if(isUserLoggedIn()) { header("Location: account.php"); die(); } + +require_once("models/header.php"); + +echo " + +
    +
    +
    +

    UserCake

    +

    Resend Activation

    +
    "; + +include("left-nav.php"); + +echo " +
    +
    "; + +echo resultBlock($errors,$successes); + +echo "
    "; + +//Show disabled if email activation not required +if(!$emailActivation) +{ + echo lang("FEATURE_DISABLED"); +} +else +{ + echo "
    +

    + + +

    +

    + + +

    +

    + + +

    +
    "; +} + +echo " +
    +
    +
    +
    + +"; + +?> diff --git a/testing/MCTXWeb/public_html/users/user_settings.php b/testing/MCTXWeb/public_html/users/user_settings.php new file mode 100644 index 0000000..12603d0 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/user_settings.php @@ -0,0 +1,152 @@ +hash_pw); + + if (trim($password) == ""){ + $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD"); + } + else if($entered_pass != $loggedInUser->hash_pw) + { + //No match + $errors[] = lang("ACCOUNT_PASSWORD_INVALID"); + } + if($email != $loggedInUser->email) + { + if(trim($email) == "") + { + $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); + } + else if(!isValidEmail($email)) + { + $errors[] = lang("ACCOUNT_INVALID_EMAIL"); + } + else if(emailExists($email)) + { + $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); + } + + //End data validation + if(count($errors) == 0) + { + $loggedInUser->updateEmail($email); + $successes[] = lang("ACCOUNT_EMAIL_UPDATED"); + } + } + + if ($password_new != "" OR $password_confirm != "") + { + if(trim($password_new) == "") + { + $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD"); + } + else if(trim($password_confirm) == "") + { + $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD"); + } + else if(minMaxRange(8,50,$password_new)) + { + $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(8,50)); + } + else if($password_new != $password_confirm) + { + $errors[] = lang("ACCOUNT_PASS_MISMATCH"); + } + + //End data validation + if(count($errors) == 0) + { + //Also prevent updating if someone attempts to update with the same password + $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw); + + if($entered_pass_new == $loggedInUser->hash_pw) + { + //Don't update, this fool is trying to update with the same password ¬¬ + $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE"); + } + else + { + //This function will create the new hash and update the hash_pw property. + $loggedInUser->updatePassword($password_new); + $successes[] = lang("ACCOUNT_PASSWORD_UPDATED"); + } + } + } + if(count($errors) == 0 AND count($successes) == 0){ + $errors[] = lang("NOTHING_TO_UPDATE"); + } +} + +require_once("models/header.php"); +echo " + +
    +
    +
    +

    UserCake

    +

    User Settings

    +
    "; +include("left-nav.php"); + +echo " +
    +
    "; + +echo resultBlock($errors,$successes); + +echo " +
    +
    +

    + + +

    +

    + + +

    +

    + + +

    +

    + + +

    +

    + + +

    +
    +
    +
    +
    +
    + +"; + +?>