We might be able to build on this to make a user management system.
UserCake Version: 2.0.2
http://usercake.com
This commit includes the original UserCake source.
Many files will need to be removed and/or rewritten.
UserCake uses MySQL for storing user information.
There is a C API for interfacing with MySQL. Hopefully that will work.
--- /dev/null
+The MCTX3420 Exploding Cans User Management System has been based upon UserCake.\r
+The original copyright notice is reproduced below.\r
+\r
+//--UserCake Copyright\r
+\r
+Copyright (c) 2009-2012\r
+\r
+Permission is hereby granted, free of charge, to any person obtaining a copy\r
+of this software and associated documentation files (the "Software"), to deal\r
+in the Software without restriction, including without limitation the rights\r
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\r
+copies of the Software, and to permit persons to whom the Software is\r
+furnished to do so, subject to the following conditions:\r
+\r
+The above copyright notice and this permission notice shall be included in\r
+all copies or substantial portions of the Software.\r
+\r
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\r
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\r
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\r
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\r
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\r
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\r
+THE SOFTWARE.\r
+\r
+//--Credits\r
+\r
+UserCake created by: Adam Davis\r
+UserCake V2.0 designed by: Jonathan Cassels\r
+\r
+---------------------------------------------------------------\r
+\r
+Vers: 2.0.2\r
+http://usercake.com\r
+http://usercake.com/LICENCE.txt\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+require_once("models/header.php");\r
+\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Account</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>\r
+Hey, $loggedInUser->displayname. This is an example secure page designed to demonstrate some of the basic features of UserCake. Just so you know, your title at the moment is $loggedInUser->title, and that can be changed in the admin panel. You registered this account on " . date("M d, Y", $loggedInUser->signupTimeStamp()) . ".\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
--- /dev/null
+<?php \r
+/*\r
+UserCake Version: 2.0.1\r
+http://usercake.com\r
+*/\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Get token param\r
+if(isset($_GET["token"]))\r
+{ \r
+ $token = $_GET["token"]; \r
+ if(!isset($token))\r
+ {\r
+ $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
+ }\r
+ else if(!validateActivationToken($token)) //Check for a valid token. Must exist and active must be = 0\r
+ {\r
+ $errors[] = lang("ACCOUNT_TOKEN_NOT_FOUND");\r
+ }\r
+ else\r
+ {\r
+ //Activate the users account\r
+ if(!setUserActive($token))\r
+ {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+}\r
+else\r
+{\r
+ $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
+}\r
+\r
+if(count($errors) == 0) {\r
+ $successes[] = lang("ACCOUNT_ACTIVATION_COMPLETE");\r
+}\r
+\r
+require_once("models/header.php");\r
+\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Activate Account</h2>\r
+\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Forms posted\r
+if(!empty($_POST))\r
+{\r
+ $cfgId = array();\r
+ $newSettings = $_POST['settings'];\r
+ \r
+ //Validate new site name\r
+ if ($newSettings[1] != $websiteName) {\r
+ $newWebsiteName = $newSettings[1];\r
+ if(minMaxRange(1,150,$newWebsiteName))\r
+ {\r
+ $errors[] = lang("CONFIG_NAME_CHAR_LIMIT",array(1,150));\r
+ }\r
+ else if (count($errors) == 0) {\r
+ $cfgId[] = 1;\r
+ $cfgValue[1] = $newWebsiteName;\r
+ $websiteName = $newWebsiteName;\r
+ }\r
+ }\r
+ \r
+ //Validate new URL\r
+ if ($newSettings[2] != $websiteUrl) {\r
+ $newWebsiteUrl = $newSettings[2];\r
+ if(minMaxRange(1,150,$newWebsiteUrl))\r
+ {\r
+ $errors[] = lang("CONFIG_URL_CHAR_LIMIT",array(1,150));\r
+ }\r
+ else if (substr($newWebsiteUrl, -1) != "/"){\r
+ $errors[] = lang("CONFIG_INVALID_URL_END");\r
+ }\r
+ else if (count($errors) == 0) {\r
+ $cfgId[] = 2;\r
+ $cfgValue[2] = $newWebsiteUrl;\r
+ $websiteUrl = $newWebsiteUrl;\r
+ }\r
+ }\r
+ \r
+ //Validate new site email address\r
+ if ($newSettings[3] != $emailAddress) {\r
+ $newEmail = $newSettings[3];\r
+ if(minMaxRange(1,150,$newEmail))\r
+ {\r
+ $errors[] = lang("CONFIG_EMAIL_CHAR_LIMIT",array(1,150));\r
+ }\r
+ elseif(!isValidEmail($newEmail))\r
+ {\r
+ $errors[] = lang("CONFIG_EMAIL_INVALID");\r
+ }\r
+ else if (count($errors) == 0) {\r
+ $cfgId[] = 3;\r
+ $cfgValue[3] = $newEmail;\r
+ $emailAddress = $newEmail;\r
+ }\r
+ }\r
+ \r
+ //Validate email activation selection\r
+ if ($newSettings[4] != $emailActivation) {\r
+ $newActivation = $newSettings[4];\r
+ if($newActivation != "true" AND $newActivation != "false")\r
+ {\r
+ $errors[] = lang("CONFIG_ACTIVATION_TRUE_FALSE");\r
+ }\r
+ else if (count($errors) == 0) {\r
+ $cfgId[] = 4;\r
+ $cfgValue[4] = $newActivation;\r
+ $emailActivation = $newActivation;\r
+ }\r
+ }\r
+ \r
+ //Validate new email activation resend threshold\r
+ if ($newSettings[5] != $resend_activation_threshold) {\r
+ $newResend_activation_threshold = $newSettings[5];\r
+ if($newResend_activation_threshold > 72 OR $newResend_activation_threshold < 0)\r
+ {\r
+ $errors[] = lang("CONFIG_ACTIVATION_RESEND_RANGE",array(0,72));\r
+ }\r
+ else if (count($errors) == 0) {\r
+ $cfgId[] = 5;\r
+ $cfgValue[5] = $newResend_activation_threshold;\r
+ $resend_activation_threshold = $newResend_activation_threshold;\r
+ }\r
+ }\r
+ \r
+ //Validate new language selection\r
+ if ($newSettings[6] != $language) {\r
+ $newLanguage = $newSettings[6];\r
+ if(minMaxRange(1,150,$language))\r
+ {\r
+ $errors[] = lang("CONFIG_LANGUAGE_CHAR_LIMIT",array(1,150));\r
+ }\r
+ elseif (!file_exists($newLanguage)) {\r
+ $errors[] = lang("CONFIG_LANGUAGE_INVALID",array($newLanguage)); \r
+ }\r
+ else if (count($errors) == 0) {\r
+ $cfgId[] = 6;\r
+ $cfgValue[6] = $newLanguage;\r
+ $language = $newLanguage;\r
+ }\r
+ }\r
+ \r
+ //Validate new template selection\r
+ if ($newSettings[7] != $template) {\r
+ $newTemplate = $newSettings[7];\r
+ if(minMaxRange(1,150,$template))\r
+ {\r
+ $errors[] = lang("CONFIG_TEMPLATE_CHAR_LIMIT",array(1,150));\r
+ }\r
+ elseif (!file_exists($newTemplate)) {\r
+ $errors[] = lang("CONFIG_TEMPLATE_INVALID",array($newTemplate)); \r
+ }\r
+ else if (count($errors) == 0) {\r
+ $cfgId[] = 7;\r
+ $cfgValue[7] = $newTemplate;\r
+ $template = $newTemplate;\r
+ }\r
+ }\r
+ \r
+ //Update configuration table with new settings\r
+ if (count($errors) == 0 AND count($cfgId) > 0) {\r
+ updateConfig($cfgId, $cfgValue);\r
+ $successes[] = lang("CONFIG_UPDATE_SUCCESSFUL");\r
+ }\r
+}\r
+\r
+$languages = getLanguageFiles(); //Retrieve list of language files\r
+$templates = getTemplateFiles(); //Retrieve list of template files\r
+$permissionData = fetchAllPermissions(); //Retrieve list of all permission levels\r
+require_once("models/header.php");\r
+\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Admin Configuration</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+<div id='regbox'>\r
+<form name='adminConfiguration' action='".$_SERVER['PHP_SELF']."' method='post'>\r
+<p>\r
+<label>Website Name:</label>\r
+<input type='text' name='settings[".$settings['website_name']['id']."]' value='".$websiteName."' />\r
+</p>\r
+<p>\r
+<label>Website URL:</label>\r
+<input type='text' name='settings[".$settings['website_url']['id']."]' value='".$websiteUrl."' />\r
+</p>\r
+<p>\r
+<label>Email:</label>\r
+<input type='text' name='settings[".$settings['email']['id']."]' value='".$emailAddress."' />\r
+</p>\r
+<p>\r
+<label>Activation Threshold:</label>\r
+<input type='text' name='settings[".$settings['resend_activation_threshold']['id']."]' value='".$resend_activation_threshold."' />\r
+</p>\r
+<p>\r
+<label>Language:</label>\r
+<select name='settings[".$settings['language']['id']."]'>";\r
+\r
+//Display language options\r
+foreach ($languages as $optLang){\r
+ if ($optLang == $language){\r
+ echo "<option value='".$optLang."' selected>$optLang</option>";\r
+ }\r
+ else {\r
+ echo "<option value='".$optLang."'>$optLang</option>";\r
+ }\r
+}\r
+\r
+echo "\r
+</select>\r
+</p>\r
+<p>\r
+<label>Email Activation:</label>\r
+<select name='settings[".$settings['activation']['id']."]'>";\r
+\r
+//Display email activation options\r
+if ($emailActivation == "true"){\r
+ echo "\r
+ <option value='true' selected>True</option>\r
+ <option value='false'>False</option>\r
+ </select>";\r
+}\r
+else {\r
+ echo "\r
+ <option value='true'>True</option>\r
+ <option value='false' selected>False</option>\r
+ </select>";\r
+}\r
+\r
+echo "</p>\r
+<p>\r
+<label>Template:</label>\r
+<select name='settings[".$settings['template']['id']."]'>";\r
+\r
+//Display template options\r
+foreach ($templates as $temp){\r
+ if ($temp == $template){\r
+ echo "<option value='".$temp."' selected>$temp</option>";\r
+ }\r
+ else {\r
+ echo "<option value='".$temp."'>$temp</option>";\r
+ }\r
+}\r
+\r
+echo "\r
+</select>\r
+</p>\r
+<input type='submit' name='Submit' value='Submit' />\r
+</form>\r
+</div>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+$pageId = $_GET['id'];\r
+\r
+//Check if selected pages exist\r
+if(!pageIdExists($pageId)){\r
+ header("Location: admin_pages.php"); die(); \r
+}\r
+\r
+$pageDetails = fetchPageDetails($pageId); //Fetch information specific to page\r
+\r
+//Forms posted\r
+if(!empty($_POST)){\r
+ $update = 0;\r
+ \r
+ if(!empty($_POST['private'])){ $private = $_POST['private']; }\r
+ \r
+ //Toggle private page setting\r
+ if (isset($private) AND $private == 'Yes'){\r
+ if ($pageDetails['private'] == 0){\r
+ if (updatePrivate($pageId, 1)){\r
+ $successes[] = lang("PAGE_PRIVATE_TOGGLED", array("private"));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ }\r
+ elseif ($pageDetails['private'] == 1){\r
+ if (updatePrivate($pageId, 0)){\r
+ $successes[] = lang("PAGE_PRIVATE_TOGGLED", array("public"));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR"); \r
+ }\r
+ }\r
+ \r
+ //Remove permission level(s) access to page\r
+ if(!empty($_POST['removePermission'])){\r
+ $remove = $_POST['removePermission'];\r
+ if ($deletion_count = removePage($pageId, $remove)){\r
+ $successes[] = lang("PAGE_ACCESS_REMOVED", array($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR"); \r
+ }\r
+ \r
+ }\r
+ \r
+ //Add permission level(s) access to page\r
+ if(!empty($_POST['addPermission'])){\r
+ $add = $_POST['addPermission'];\r
+ if ($addition_count = addPage($pageId, $add)){\r
+ $successes[] = lang("PAGE_ACCESS_ADDED", array($addition_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR"); \r
+ }\r
+ }\r
+ \r
+ $pageDetails = fetchPageDetails($pageId);\r
+}\r
+\r
+$pagePermissions = fetchPagePermissions($pageId);\r
+$permissionData = fetchAllPermissions();\r
+\r
+require_once("models/header.php");\r
+\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Admin Page</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+<form name='adminPage' action='".$_SERVER['PHP_SELF']."?id=".$pageId."' method='post'>\r
+<input type='hidden' name='process' value='1'>\r
+<table class='admin'>\r
+<tr><td>\r
+<h3>Page Information</h3>\r
+<div id='regbox'>\r
+<p>\r
+<label>ID:</label>\r
+".$pageDetails['id']."\r
+</p>\r
+<p>\r
+<label>Name:</label>\r
+".$pageDetails['page']."\r
+</p>\r
+<p>\r
+<label>Private:</label>";\r
+\r
+//Display private checkbox\r
+if ($pageDetails['private'] == 1){\r
+ echo "<input type='checkbox' name='private' id='private' value='Yes' checked>";\r
+}\r
+else {\r
+ echo "<input type='checkbox' name='private' id='private' value='Yes'>"; \r
+}\r
+\r
+echo "\r
+</p>\r
+</div></td><td>\r
+<h3>Page Access</h3>\r
+<div id='regbox'>\r
+<p>\r
+Remove Access:";\r
+\r
+//Display list of permission levels with access\r
+foreach ($permissionData as $v1) {\r
+ if(isset($pagePermissions[$v1['id']])){\r
+ echo "<br><input type='checkbox' name='removePermission[".$v1['id']."]' id='removePermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p><p>Add Access:";\r
+\r
+//Display list of permission levels without access\r
+foreach ($permissionData as $v1) {\r
+ if(!isset($pagePermissions[$v1['id']])){\r
+ echo "<br><input type='checkbox' name='addPermission[".$v1['id']."]' id='addPermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p>\r
+</div>\r
+</td>\r
+</tr>\r
+</table>\r
+<p>\r
+<label> </label>\r
+<input type='submit' value='Update' class='submit' />\r
+</p>\r
+</form>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+$pages = getPageFiles(); //Retrieve list of pages in root usercake folder\r
+$dbpages = fetchAllPages(); //Retrieve list of pages in pages table\r
+$creations = array();\r
+$deletions = array();\r
+\r
+//Check if any pages exist which are not in DB\r
+foreach ($pages as $page){\r
+ if(!isset($dbpages[$page])){\r
+ $creations[] = $page; \r
+ }\r
+}\r
+\r
+//Enter new pages in DB if found\r
+if (count($creations) > 0) {\r
+ createPages($creations) ;\r
+}\r
+\r
+if (count($dbpages) > 0){\r
+ //Check if DB contains pages that don't exist\r
+ foreach ($dbpages as $page){\r
+ if(!isset($pages[$page['page']])){\r
+ $deletions[] = $page['id']; \r
+ }\r
+ }\r
+}\r
+\r
+//Delete pages from DB if not found\r
+if (count($deletions) > 0) {\r
+ deletePages($deletions);\r
+}\r
+\r
+//Update DB pages\r
+$dbpages = fetchAllPages();\r
+\r
+require_once("models/header.php");\r
+\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Admin Pages</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>\r
+<table class='admin'>\r
+<tr><th>Id</th><th>Page</th><th>Access</th></tr>";\r
+\r
+//Display list of pages\r
+foreach ($dbpages as $page){\r
+ echo "\r
+ <tr>\r
+ <td>\r
+ ".$page['id']."\r
+ </td>\r
+ <td>\r
+ <a href ='admin_page.php?id=".$page['id']."'>".$page['page']."</a>\r
+ </td>\r
+ <td>";\r
+ \r
+ //Show public/private setting of page\r
+ if($page['private'] == 0){\r
+ echo "Public";\r
+ }\r
+ else {\r
+ echo "Private"; \r
+ }\r
+ \r
+ echo "\r
+ </td>\r
+ </tr>";\r
+}\r
+\r
+echo "\r
+</table>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+$permissionId = $_GET['id'];\r
+\r
+//Check if selected permission level exists\r
+if(!permissionIdExists($permissionId)){\r
+ header("Location: admin_permissions.php"); die(); \r
+}\r
+\r
+$permissionDetails = fetchPermissionDetails($permissionId); //Fetch information specific to permission level\r
+\r
+//Forms posted\r
+if(!empty($_POST)){\r
+ \r
+ //Delete selected permission level\r
+ if(!empty($_POST['delete'])){\r
+ $deletions = $_POST['delete'];\r
+ if ($deletion_count = deletePermission($deletions)){\r
+ $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR"); \r
+ }\r
+ }\r
+ else\r
+ {\r
+ //Update permission level name\r
+ if($permissionDetails['name'] != $_POST['name']) {\r
+ $permission = trim($_POST['name']);\r
+ \r
+ //Validate new name\r
+ if (permissionNameExists($permission)){\r
+ $errors[] = lang("ACCOUNT_PERMISSIONNAME_IN_USE", array($permission));\r
+ }\r
+ elseif (minMaxRange(1, 50, $permission)){\r
+ $errors[] = lang("ACCOUNT_PERMISSION_CHAR_LIMIT", array(1, 50)); \r
+ }\r
+ else {\r
+ if (updatePermissionName($permissionId, $permission)){\r
+ $successes[] = lang("PERMISSION_NAME_UPDATE", array($permission));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ }\r
+ \r
+ //Remove access to pages\r
+ if(!empty($_POST['removePermission'])){\r
+ $remove = $_POST['removePermission'];\r
+ if ($deletion_count = removePermission($permissionId, $remove)) {\r
+ $successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ //Add access to pages\r
+ if(!empty($_POST['addPermission'])){\r
+ $add = $_POST['addPermission'];\r
+ if ($addition_count = addPermission($permissionId, $add)) {\r
+ $successes[] = lang("PERMISSION_ADD_USERS", array($addition_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ //Remove access to pages\r
+ if(!empty($_POST['removePage'])){\r
+ $remove = $_POST['removePage'];\r
+ if ($deletion_count = removePage($remove, $permissionId)) {\r
+ $successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ //Add access to pages\r
+ if(!empty($_POST['addPage'])){\r
+ $add = $_POST['addPage'];\r
+ if ($addition_count = addPage($add, $permissionId)) {\r
+ $successes[] = lang("PERMISSION_ADD_PAGES", array($addition_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ $permissionDetails = fetchPermissionDetails($permissionId);\r
+ }\r
+}\r
+\r
+$pagePermissions = fetchPermissionPages($permissionId); //Retrieve list of accessible pages\r
+$permissionUsers = fetchPermissionUsers($permissionId); //Retrieve list of users with membership\r
+$userData = fetchAllUsers(); //Fetch all users\r
+$pageData = fetchAllPages(); //Fetch all pages\r
+\r
+require_once("models/header.php");\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Admin Permissions</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+<form name='adminPermission' action='".$_SERVER['PHP_SELF']."?id=".$permissionId."' method='post'>\r
+<table class='admin'>\r
+<tr><td>\r
+<h3>Permission Information</h3>\r
+<div id='regbox'>\r
+<p>\r
+<label>ID:</label>\r
+".$permissionDetails['id']."\r
+</p>\r
+<p>\r
+<label>Name:</label>\r
+<input type='text' name='name' value='".$permissionDetails['name']."' />\r
+</p>\r
+<label>Delete:</label>\r
+<input type='checkbox' name='delete[".$permissionDetails['id']."]' id='delete[".$permissionDetails['id']."]' value='".$permissionDetails['id']."'>\r
+</p>\r
+</div></td><td>\r
+<h3>Permission Membership</h3>\r
+<div id='regbox'>\r
+<p>\r
+Remove Members:";\r
+\r
+//List users with permission level\r
+foreach ($userData as $v1) {\r
+ if(isset($permissionUsers[$v1['id']])){\r
+ echo "<br><input type='checkbox' name='removePermission[".$v1['id']."]' id='removePermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['display_name'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p><p>Add Members:";\r
+\r
+//List users without permission level\r
+foreach ($userData as $v1) {\r
+ if(!isset($permissionUsers[$v1['id']])){\r
+ echo "<br><input type='checkbox' name='addPermission[".$v1['id']."]' id='addPermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['display_name'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p>\r
+</div>\r
+</td>\r
+<td>\r
+<h3>Permission Access</h3>\r
+<div id='regbox'>\r
+<p>\r
+Public Access:";\r
+\r
+//List public pages\r
+foreach ($pageData as $v1) {\r
+ if($v1['private'] != 1){\r
+ echo "<br>".$v1['page'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p>\r
+<p>\r
+Remove Access:";\r
+\r
+//List pages accessible to permission level\r
+foreach ($pageData as $v1) {\r
+ if(isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){\r
+ echo "<br><input type='checkbox' name='removePage[".$v1['id']."]' id='removePage[".$v1['id']."]' value='".$v1['id']."'> ".$v1['page'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p><p>Add Access:";\r
+\r
+//List pages inaccessible to permission level\r
+foreach ($pageData as $v1) {\r
+ if(!isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){\r
+ echo "<br><input type='checkbox' name='addPage[".$v1['id']."]' id='addPage[".$v1['id']."]' value='".$v1['id']."'> ".$v1['page'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p>\r
+</div>\r
+</td>\r
+</tr>\r
+</table>\r
+<p>\r
+<label> </label>\r
+<input type='submit' value='Update' class='submit' />\r
+</p>\r
+</form>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Forms posted\r
+if(!empty($_POST))\r
+{\r
+ //Delete permission levels\r
+ if(!empty($_POST['delete'])){\r
+ $deletions = $_POST['delete'];\r
+ if ($deletion_count = deletePermission($deletions)){\r
+ $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));\r
+ }\r
+ }\r
+ \r
+ //Create new permission level\r
+ if(!empty($_POST['newPermission'])) {\r
+ $permission = trim($_POST['newPermission']);\r
+ \r
+ //Validate request\r
+ if (permissionNameExists($permission)){\r
+ $errors[] = lang("PERMISSION_NAME_IN_USE", array($permission));\r
+ }\r
+ elseif (minMaxRange(1, 50, $permission)){\r
+ $errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50)); \r
+ }\r
+ else{\r
+ if (createPermission($permission)) {\r
+ $successes[] = lang("PERMISSION_CREATION_SUCCESSFUL", array($permission));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ }\r
+}\r
+\r
+$permissionData = fetchAllPermissions(); //Retrieve list of all permission levels\r
+\r
+require_once("models/header.php");\r
+\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Admin Permissions</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+<form name='adminPermissions' action='".$_SERVER['PHP_SELF']."' method='post'>\r
+<table class='admin'>\r
+<tr>\r
+<th>Delete</th><th>Permission Name</th>\r
+</tr>";\r
+\r
+//List each permission level\r
+foreach ($permissionData as $v1) {\r
+ echo "\r
+ <tr>\r
+ <td><input type='checkbox' name='delete[".$v1['id']."]' id='delete[".$v1['id']."]' value='".$v1['id']."'></td>\r
+ <td><a href='admin_permission.php?id=".$v1['id']."'>".$v1['name']."</a></td>\r
+ </tr>";\r
+}\r
+\r
+echo "\r
+</table>\r
+<p>\r
+<label>Permission Name:</label>\r
+<input type='text' name='newPermission' />\r
+</p> \r
+<input type='submit' name='Submit' value='Submit' />\r
+</form>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
--- /dev/null
+<?php
+
+require_once("models/config.php");
+if (!securePage($_SERVER['PHP_SELF'])){die();}
+
+require_once("models/header.php");
+
+
+if (!empty($_POST))
+{
+ echo "<p> Uploaded! </p>";
+}
+else
+{
+ echo "<p> Please provide a CSV file of usernames and email addresses. </p>
+ <div class=\"title\">Upload</div>
+ <form name='newUser' action='".$_SERVER['PHP_SELF']."' method='post'>
+ <input type=\"file\" name=\"users\"/>
+ <input type=\"submit\" value=\"Upload\"/>
+ </form>";
+}
+
+?>
+
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+$userId = $_GET['id'];\r
+\r
+//Check if selected user exists\r
+if(!userIdExists($userId)){\r
+ header("Location: admin_users.php"); die();\r
+}\r
+\r
+$userdetails = fetchUserDetails(NULL, NULL, $userId); //Fetch user details\r
+\r
+//Forms posted\r
+if(!empty($_POST))\r
+{ \r
+ //Delete selected account\r
+ if(!empty($_POST['delete'])){\r
+ $deletions = $_POST['delete'];\r
+ if ($deletion_count = deleteUsers($deletions)) {\r
+ $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ else\r
+ {\r
+ //Update display name\r
+ if ($userdetails['display_name'] != $_POST['display']){\r
+ $displayname = trim($_POST['display']);\r
+ \r
+ //Validate display name\r
+ if(displayNameExists($displayname))\r
+ {\r
+ $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname));\r
+ }\r
+ elseif(minMaxRange(5,25,$displayname))\r
+ {\r
+ $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT",array(5,25));\r
+ }\r
+ elseif(!ctype_alnum($displayname)){\r
+ $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");\r
+ }\r
+ else {\r
+ if (updateDisplayName($userId, $displayname)){\r
+ $successes[] = lang("ACCOUNT_DISPLAYNAME_UPDATED", array($displayname));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ }\r
+ else {\r
+ $displayname = $userdetails['display_name'];\r
+ }\r
+ \r
+ //Activate account\r
+ if(isset($_POST['activate']) && $_POST['activate'] == "activate"){\r
+ if (setUserActive($userdetails['activation_token'])){\r
+ $successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ //Update email\r
+ if ($userdetails['email'] != $_POST['email']){\r
+ $email = trim($_POST["email"]);\r
+ \r
+ //Validate email\r
+ if(!isValidEmail($email))\r
+ {\r
+ $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
+ }\r
+ elseif(emailExists($email))\r
+ {\r
+ $errors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email));\r
+ }\r
+ else {\r
+ if (updateEmail($userId, $email)){\r
+ $successes[] = lang("ACCOUNT_EMAIL_UPDATED");\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ }\r
+ \r
+ //Update title\r
+ if ($userdetails['title'] != $_POST['title']){\r
+ $title = trim($_POST['title']);\r
+ \r
+ //Validate title\r
+ if(minMaxRange(1,50,$title))\r
+ {\r
+ $errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT",array(1,50));\r
+ }\r
+ else {\r
+ if (updateTitle($userId, $title)){\r
+ $successes[] = lang("ACCOUNT_TITLE_UPDATED", array ($displayname, $title));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ }\r
+ \r
+ //Remove permission level\r
+ if(!empty($_POST['removePermission'])){\r
+ $remove = $_POST['removePermission'];\r
+ if ($deletion_count = removePermission($remove, $userId)){\r
+ $successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array ($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ if(!empty($_POST['addPermission'])){\r
+ $add = $_POST['addPermission'];\r
+ if ($addition_count = addPermission($add, $userId)){\r
+ $successes[] = lang("ACCOUNT_PERMISSION_ADDED", array ($addition_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ \r
+ $userdetails = fetchUserDetails(NULL, NULL, $userId);\r
+ }\r
+}\r
+\r
+$userPermission = fetchUserPermissions($userId);\r
+$permissionData = fetchAllPermissions();\r
+\r
+require_once("models/header.php");\r
+\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Admin User</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+<form name='adminUser' action='".$_SERVER['PHP_SELF']."?id=".$userId."' method='post'>\r
+<table class='admin'><tr><td>\r
+<h3>User Information</h3>\r
+<div id='regbox'>\r
+<p>\r
+<label>ID:</label>\r
+".$userdetails['id']."\r
+</p>\r
+<p>\r
+<label>Username:</label>\r
+".$userdetails['user_name']."\r
+</p>\r
+<p>\r
+<label>Display Name:</label>\r
+<input type='text' name='display' value='".$userdetails['display_name']."' />\r
+</p>\r
+<p>\r
+<label>Email:</label>\r
+<input type='text' name='email' value='".$userdetails['email']."' />\r
+</p>\r
+<p>\r
+<label>Active:</label>";\r
+\r
+//Display activation link, if account inactive\r
+if ($userdetails['active'] == '1'){\r
+ echo "Yes"; \r
+}\r
+else{\r
+ echo "No\r
+ </p>\r
+ <p>\r
+ <label>Activate:</label>\r
+ <input type='checkbox' name='activate' id='activate' value='activate'>\r
+ ";\r
+}\r
+\r
+echo "\r
+</p>\r
+<p>\r
+<label>Title:</label>\r
+<input type='text' name='title' value='".$userdetails['title']."' />\r
+</p>\r
+<p>\r
+<label>Sign Up:</label>\r
+".date("j M, Y", $userdetails['sign_up_stamp'])."\r
+</p>\r
+<p>\r
+<label>Last Sign In:</label>";\r
+\r
+//Last sign in, interpretation\r
+if ($userdetails['last_sign_in_stamp'] == '0'){\r
+ echo "Never"; \r
+}\r
+else {\r
+ echo date("j M, Y", $userdetails['last_sign_in_stamp']);\r
+}\r
+\r
+echo "\r
+</p>\r
+<p>\r
+<label>Delete:</label>\r
+<input type='checkbox' name='delete[".$userdetails['id']."]' id='delete[".$userdetails['id']."]' value='".$userdetails['id']."'>\r
+</p>\r
+<p>\r
+<label> </label>\r
+<input type='submit' value='Update' class='submit' />\r
+</p>\r
+</div>\r
+</td>\r
+<td>\r
+<h3>Permission Membership</h3>\r
+<div id='regbox'>\r
+<p>Remove Permission:";\r
+\r
+//List of permission levels user is apart of\r
+foreach ($permissionData as $v1) {\r
+ if(isset($userPermission[$v1['id']])){\r
+ echo "<br><input type='checkbox' name='removePermission[".$v1['id']."]' id='removePermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
+ }\r
+}\r
+\r
+//List of permission levels user is not apart of\r
+echo "</p><p>Add Permission:";\r
+foreach ($permissionData as $v1) {\r
+ if(!isset($userPermission[$v1['id']])){\r
+ echo "<br><input type='checkbox' name='addPermission[".$v1['id']."]' id='addPermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
+ }\r
+}\r
+\r
+echo"\r
+</p>\r
+</div>\r
+</td>\r
+</tr>\r
+</table>\r
+</form>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Forms posted\r
+if(!empty($_POST))\r
+{\r
+ $deletions = $_POST['delete'];\r
+ if ($deletion_count = deleteUsers($deletions)){\r
+ $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+}\r
+\r
+$userData = fetchAllUsers(); //Fetch information for all users\r
+\r
+require_once("models/header.php");\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Admin Users</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+<form name='adminUsers' action='".$_SERVER['PHP_SELF']."' method='post'>\r
+<table class='admin'>\r
+<tr>\r
+<th>Delete</th><th>Username</th><th>Display Name</th><th>Title</th><th>Last Sign In</th>\r
+</tr>";\r
+\r
+//Cycle through users\r
+foreach ($userData as $v1) {\r
+ echo "\r
+ <tr>\r
+ <td><input type='checkbox' name='delete[".$v1['id']."]' id='delete[".$v1['id']."]' value='".$v1['id']."'></td>\r
+ <td><a href='admin_user.php?id=".$v1['id']."'>".$v1['user_name']."</a></td>\r
+ <td>".$v1['display_name']."</td>\r
+ <td>".$v1['title']."</td>\r
+ <td>\r
+ ";\r
+ \r
+ //Interprety last login\r
+ if ($v1['last_sign_in_stamp'] == '0'){\r
+ echo "Never"; \r
+ }\r
+ else {\r
+ echo date("j M, Y", $v1['last_sign_in_stamp']);\r
+ }\r
+ echo "\r
+ </td>\r
+ </tr>";\r
+}\r
+\r
+echo "\r
+</table>\r
+<input type='submit' name='Submit' value='Delete' />\r
+</form>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//User has confirmed they want their password changed \r
+if(!empty($_GET["confirm"]))\r
+{\r
+ $token = trim($_GET["confirm"]);\r
+ \r
+ if($token == "" || !validateActivationToken($token,TRUE))\r
+ {\r
+ $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
+ }\r
+ else\r
+ {\r
+ $rand_pass = getUniqueCode(15); //Get unique code\r
+ $secure_pass = generateHash($rand_pass); //Generate random hash\r
+ $userdetails = fetchUserDetails(NULL,$token); //Fetchs user details\r
+ $mail = new userCakeMail(); \r
+ \r
+ //Setup our custom hooks\r
+ $hooks = array(\r
+ "searchStrs" => array("#GENERATED-PASS#","#USERNAME#"),\r
+ "subjectStrs" => array($rand_pass,$userdetails["display_name"])\r
+ );\r
+ \r
+ if(!$mail->newTemplateMsg("your-lost-password.txt",$hooks))\r
+ {\r
+ $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");\r
+ }\r
+ else\r
+ { \r
+ if(!$mail->sendMail($userdetails["email"],"Your new password"))\r
+ {\r
+ $errors[] = lang("MAIL_ERROR");\r
+ }\r
+ else\r
+ {\r
+ if(!updatePasswordFromToken($secure_pass,$token))\r
+ {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ else\r
+ { \r
+ if(!flagLostPasswordRequest($userdetails["user_name"],0))\r
+ {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ else {\r
+ $successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL");\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+}\r
+\r
+//User has denied this request\r
+if(!empty($_GET["deny"]))\r
+{\r
+ $token = trim($_GET["deny"]);\r
+ \r
+ if($token == "" || !validateActivationToken($token,TRUE))\r
+ {\r
+ $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
+ }\r
+ else\r
+ {\r
+ \r
+ $userdetails = fetchUserDetails(NULL,$token);\r
+ \r
+ if(!flagLostPasswordRequest($userdetails["user_name"],0))\r
+ {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ else {\r
+ $successes[] = lang("FORGOTPASS_REQUEST_CANNED");\r
+ }\r
+ }\r
+}\r
+\r
+//Forms posted\r
+if(!empty($_POST))\r
+{\r
+ $email = $_POST["email"];\r
+ $username = sanitize($_POST["username"]);\r
+ \r
+ //Perform some validation\r
+ //Feel free to edit / change as required\r
+ \r
+ if(trim($email) == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");\r
+ }\r
+ //Check to ensure email is in the correct format / in the db\r
+ else if(!isValidEmail($email) || !emailExists($email))\r
+ {\r
+ $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
+ }\r
+ \r
+ if(trim($username) == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
+ }\r
+ else if(!usernameExists($username))\r
+ {\r
+ $errors[] = lang("ACCOUNT_INVALID_USERNAME");\r
+ }\r
+ \r
+ if(count($errors) == 0)\r
+ {\r
+ \r
+ //Check that the username / email are associated to the same account\r
+ if(!emailUsernameLinked($email,$username))\r
+ {\r
+ $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");\r
+ }\r
+ else\r
+ {\r
+ //Check if the user has any outstanding lost password requests\r
+ $userdetails = fetchUserDetails($username);\r
+ if($userdetails["lost_password_request"] == 1)\r
+ {\r
+ $errors[] = lang("FORGOTPASS_REQUEST_EXISTS");\r
+ }\r
+ else\r
+ {\r
+ //Email the user asking to confirm this change password request\r
+ //We can use the template builder here\r
+ \r
+ //We use the activation token again for the url key it gets regenerated everytime it's used.\r
+ \r
+ $mail = new userCakeMail();\r
+ $confirm_url = lang("CONFIRM")."\n".$websiteUrl."forgot-password.php?confirm=".$userdetails["activation_token"];\r
+ $deny_url = lang("DENY")."\n".$websiteUrl."forgot-password.php?deny=".$userdetails["activation_token"];\r
+ \r
+ //Setup our custom hooks\r
+ $hooks = array(\r
+ "searchStrs" => array("#CONFIRM-URL#","#DENY-URL#","#USERNAME#"),\r
+ "subjectStrs" => array($confirm_url,$deny_url,$userdetails["user_name"])\r
+ );\r
+ \r
+ if(!$mail->newTemplateMsg("lost-password-request.txt",$hooks))\r
+ {\r
+ $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");\r
+ }\r
+ else\r
+ {\r
+ if(!$mail->sendMail($userdetails["email"],"Lost password request"))\r
+ {\r
+ $errors[] = lang("MAIL_ERROR");\r
+ }\r
+ else\r
+ {\r
+ //Update the DB to show this account has an outstanding request\r
+ if(!flagLostPasswordRequest($userdetails["user_name"],1))\r
+ {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ else {\r
+ \r
+ $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS");\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+}\r
+\r
+require_once("models/header.php");\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Forgot Password</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+<div id='regbox'>\r
+<form name='newLostPass' action='".$_SERVER['PHP_SELF']."' method='post'>\r
+<p>\r
+<label>Username:</label>\r
+<input type='text' name='username' />\r
+</p>\r
+<p> \r
+<label>Email:</label>\r
+<input type='text' name='email' />\r
+</p>\r
+<p>\r
+<label> </label>\r
+<input type='submit' value='Submit' class='submit' />\r
+</p>\r
+</form>\r
+</div>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+require_once("models/header.php");\r
+\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>2.00</h2>\r
+<div id='left-nav'>";\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>\r
+<p>Thank you for downloading UserCake. 100% Free and Opensource.</p>\r
+<p>Copyright (c) 2009-2012</p>\r
+<p>Permission is hereby granted, free of charge, to any person obtaining a copy\r
+of this software and associated documentation files (the 'Software'), to deal\r
+in the Software without restriction, including without limitation the rights\r
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\r
+copies of the Software, and to permit persons to whom the Software is\r
+furnished to do so, subject to the following conditions:</p>\r
+<p>The above copyright notice and this permission notice shall be included in\r
+all copies or substantial portions of the Software.</p>\r
+<p>THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\r
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\r
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\r
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\r
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\r
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\r
+THE SOFTWARE.</p>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Links for logged in user\r
+if(isUserLoggedIn()) {\r
+ echo "\r
+ <ul>\r
+ <li><a href='account.php'>Account Home</a></li>\r
+ <li><a href='user_settings.php'>User Settings</a></li>\r
+ <li><a href='logout.php'>Logout</a></li>\r
+ </ul>";\r
+ \r
+ //Links for permission level 2 (default admin)\r
+ if ($loggedInUser->checkPermission(array(2))){\r
+ echo "\r
+ <ul>\r
+ <li><a href='admin_configuration.php'>Admin Configuration</a></li>\r
+ <li><a href='admin_users.php'>Admin Users</a></li>\r
+ <li><a href='admin_permissions.php'>Admin Permissions</a></li>\r
+ <li><a href='admin_pages.php'>Admin Pages</a></li>\r
+ </ul>";\r
+ }\r
+} \r
+//Links for users not logged in\r
+else {\r
+ echo "\r
+ <ul>\r
+ <li><a href='index.php'>Home</a></li>\r
+ <li><a href='login.php'>Login</a></li>\r
+ <li><a href='register.php'>Register</a></li>\r
+ <li><a href='forgot-password.php'>Forgot Password</a></li>";\r
+ if ($emailActivation)\r
+ {\r
+ echo "<li><a href='resend-activation.php'>Resend Activation Email</a></li>";\r
+ }\r
+ echo "</ul>";\r
+}\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Prevent the user visiting the logged in page if he/she is already logged in\r
+if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
+\r
+//Forms posted\r
+if(!empty($_POST))\r
+{\r
+ $errors = array();\r
+ $username = sanitize(trim($_POST["username"]));\r
+ $password = trim($_POST["password"]);\r
+ \r
+ //Perform some validation\r
+ //Feel free to edit / change as required\r
+ if($username == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
+ }\r
+ if($password == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
+ }\r
+\r
+ if(count($errors) == 0)\r
+ {\r
+ //A security note here, never tell the user which credential was incorrect\r
+ if(!usernameExists($username))\r
+ {\r
+ $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
+ }\r
+ else\r
+ {\r
+ $userdetails = fetchUserDetails($username);\r
+ //See if the user's account is activated\r
+ if($userdetails["active"]==0)\r
+ {\r
+ $errors[] = lang("ACCOUNT_INACTIVE");\r
+ }\r
+ else\r
+ {\r
+ //Hash the password and use the salt from the database to compare the password.\r
+ $entered_pass = generateHash($password,$userdetails["password"]);\r
+ \r
+ if($entered_pass != $userdetails["password"])\r
+ {\r
+ //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing\r
+ $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
+ }\r
+ else\r
+ {\r
+ //Passwords match! we're good to go'\r
+ \r
+ //Construct a new logged in user object\r
+ //Transfer some db data to the session object\r
+ $loggedInUser = new loggedInUser();\r
+ $loggedInUser->email = $userdetails["email"];\r
+ $loggedInUser->user_id = $userdetails["id"];\r
+ $loggedInUser->hash_pw = $userdetails["password"];\r
+ $loggedInUser->title = $userdetails["title"];\r
+ $loggedInUser->displayname = $userdetails["display_name"];\r
+ $loggedInUser->username = $userdetails["user_name"];\r
+ \r
+ //Update last sign in\r
+ $loggedInUser->updateLastSignIn();\r
+ $_SESSION["userCakeUser"] = $loggedInUser;\r
+ \r
+ //Redirect to user account page\r
+ header("Location: account.php");\r
+ die();\r
+ }\r
+ }\r
+ }\r
+ }\r
+}\r
+\r
+require_once("models/header.php");\r
+\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Login</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+<div id='regbox'>\r
+<form name='login' action='".$_SERVER['PHP_SELF']."' method='post'>\r
+<p>\r
+<label>Username:</label>\r
+<input type='text' name='username' />\r
+</p>\r
+<p>\r
+<label>Password:</label>\r
+<input type='password' name='password' />\r
+</p>\r
+<p>\r
+<label> </label>\r
+<input type='submit' value='Login' class='submit' />\r
+</p>\r
+</form>\r
+</div>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Log the user out\r
+if(isUserLoggedIn())\r
+{\r
+ $loggedInUser->userLogOut();\r
+}\r
+\r
+if(!empty($websiteUrl)) \r
+{\r
+ $add_http = "";\r
+ \r
+ if(strpos($websiteUrl,"http://") === false)\r
+ {\r
+ $add_http = "http://";\r
+ }\r
+ \r
+ header("Location: ".$add_http.$websiteUrl);\r
+ die();\r
+}\r
+else\r
+{\r
+ header("Location: http://".$_SERVER['HTTP_HOST']);\r
+ die();\r
+} \r
+\r
+?>\r
+\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+session_start();\r
+$md5_hash = md5(rand(0,99999)); \r
+$security_code = substr($md5_hash, 25, 5); \r
+$enc = md5($security_code);\r
+$_SESSION['captcha'] = $enc;\r
+\r
+$width = 150;\r
+$height = 30; \r
+\r
+$image = ImageCreate($width, $height); \r
+$white = ImageColorAllocate($image, 255, 255, 255);\r
+$black = ImageColorAllocate($image, 0, 0, 0);\r
+$grey = ImageColorAllocate($image, 200, 200, 200);\r
+\r
+ImageFill($image, 0, 0, $white); \r
+ImageString($image, 10, 5, 0, $security_code, $black); \r
+\r
+header("Content-Type: image/png"); \r
+ImagePng($image);\r
+ImageDestroy($image);\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+class userCakeMail {\r
+ //UserCake uses a text based system with hooks to replace various strs in txt email templates\r
+ public $contents = NULL;\r
+ \r
+ //Function used for replacing hooks in our templates\r
+ public function newTemplateMsg($template,$additionalHooks)\r
+ {\r
+ global $mail_templates_dir,$debug_mode;\r
+ \r
+ $this->contents = file_get_contents($mail_templates_dir.$template);\r
+ \r
+ //Check to see we can access the file / it has some contents\r
+ if(!$this->contents || empty($this->contents))\r
+ {\r
+ return false;\r
+ }\r
+ else\r
+ {\r
+ //Replace default hooks\r
+ $this->contents = replaceDefaultHook($this->contents);\r
+ \r
+ //Replace defined / custom hooks\r
+ $this->contents = str_replace($additionalHooks["searchStrs"],$additionalHooks["subjectStrs"],$this->contents);\r
+ \r
+ return true;\r
+ }\r
+ }\r
+ \r
+ public function sendMail($email,$subject,$msg = NULL)\r
+ {\r
+ global $websiteName,$emailAddress;\r
+ \r
+ $header = "MIME-Version: 1.0\r\n";\r
+ $header .= "Content-type: text/plain; charset=iso-8859-1\r\n";\r
+ $header .= "From: ". $websiteName . " <" . $emailAddress . ">\r\n";\r
+ \r
+ //Check to see if we sending a template email.\r
+ if($msg == NULL)\r
+ $msg = $this->contents; \r
+ \r
+ $message = $msg;\r
+ \r
+ $message = wordwrap($message, 70);\r
+ \r
+ return mail($email,$subject,$message,$header);\r
+ }\r
+}\r
+\r
+?>
\ No newline at end of file
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+\r
+class User \r
+{\r
+ public $user_active = 0;\r
+ private $clean_email;\r
+ public $status = false;\r
+ private $clean_password;\r
+ private $username;\r
+ private $displayname;\r
+ public $sql_failure = false;\r
+ public $mail_failure = false;\r
+ public $email_taken = false;\r
+ public $username_taken = false;\r
+ public $displayname_taken = false;\r
+ public $activation_token = 0;\r
+ public $success = NULL;\r
+ \r
+ function __construct($user,$display,$pass,$email)\r
+ {\r
+ //Used for display only\r
+ $this->displayname = $display;\r
+ \r
+ //Sanitize\r
+ $this->clean_email = sanitize($email);\r
+ $this->clean_password = trim($pass);\r
+ $this->username = sanitize($user);\r
+ \r
+ if(usernameExists($this->username))\r
+ {\r
+ $this->username_taken = true;\r
+ }\r
+ else if(displayNameExists($this->displayname))\r
+ {\r
+ $this->displayname_taken = true;\r
+ }\r
+ else if(emailExists($this->clean_email))\r
+ {\r
+ $this->email_taken = true;\r
+ }\r
+ else\r
+ {\r
+ //No problems have been found.\r
+ $this->status = true;\r
+ }\r
+ }\r
+ \r
+ public function userCakeAddUser()\r
+ {\r
+ global $mysqli,$emailActivation,$websiteUrl,$db_table_prefix;\r
+ \r
+ //Prevent this function being called if there were construction errors\r
+ if($this->status)\r
+ {\r
+ //Construct a secure hash for the plain text password\r
+ $secure_pass = generateHash($this->clean_password);\r
+ \r
+ //Construct a unique activation token\r
+ $this->activation_token = generateActivationToken();\r
+ \r
+ //Do we need to send out an activation email?\r
+ if($emailActivation == "true")\r
+ {\r
+ //User must activate their account first\r
+ $this->user_active = 0;\r
+ \r
+ $mail = new userCakeMail();\r
+ \r
+ //Build the activation message\r
+ $activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE",array($websiteUrl,$this->activation_token));\r
+ \r
+ //Define more if you want to build larger structures\r
+ $hooks = array(\r
+ "searchStrs" => array("#ACTIVATION-MESSAGE","#ACTIVATION-KEY","#USERNAME#"),\r
+ "subjectStrs" => array($activation_message,$this->activation_token,$this->displayname)\r
+ );\r
+ \r
+ /* Build the template - Optional, you can just use the sendMail function \r
+ Instead to pass a message. */\r
+ \r
+ if(!$mail->newTemplateMsg("new-registration.txt",$hooks))\r
+ {\r
+ $this->mail_failure = true;\r
+ }\r
+ else\r
+ {\r
+ //Send the mail. Specify users email here and subject. \r
+ //SendMail can have a third parementer for message if you do not wish to build a template.\r
+ \r
+ if(!$mail->sendMail($this->clean_email,"New User"))\r
+ {\r
+ $this->mail_failure = true;\r
+ }\r
+ }\r
+ $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE2");\r
+ }\r
+ else\r
+ {\r
+ //Instant account activation\r
+ $this->user_active = 1;\r
+ $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE1");\r
+ } \r
+ \r
+ \r
+ if(!$this->mail_failure)\r
+ {\r
+ //Insert the user into the database providing no errors have been found.\r
+ $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."users (\r
+ user_name,\r
+ display_name,\r
+ password,\r
+ email,\r
+ activation_token,\r
+ last_activation_request,\r
+ lost_password_request, \r
+ active,\r
+ title,\r
+ sign_up_stamp,\r
+ last_sign_in_stamp\r
+ )\r
+ VALUES (\r
+ ?,\r
+ ?,\r
+ ?,\r
+ ?,\r
+ ?,\r
+ '".time()."',\r
+ '0',\r
+ ?,\r
+ 'New Member',\r
+ '".time()."',\r
+ '0'\r
+ )");\r
+ \r
+ $stmt->bind_param("sssssi", $this->username, $this->displayname, $secure_pass, $this->clean_email, $this->activation_token, $this->user_active);\r
+ $stmt->execute();\r
+ $inserted_id = $mysqli->insert_id;\r
+ $stmt->close();\r
+ \r
+ //Insert default permission into matches table\r
+ $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches (\r
+ user_id,\r
+ permission_id\r
+ )\r
+ VALUES (\r
+ ?,\r
+ '1'\r
+ )");\r
+ $stmt->bind_param("s", $inserted_id);\r
+ $stmt->execute();\r
+ $stmt->close();\r
+ }\r
+ }\r
+ }\r
+}\r
+\r
+?>
\ No newline at end of file
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+class loggedInUser {\r
+ public $email = NULL;\r
+ public $hash_pw = NULL;\r
+ public $user_id = NULL;\r
+ \r
+ //Simple function to update the last sign in of a user\r
+ public function updateLastSignIn()\r
+ {\r
+ global $mysqli,$db_table_prefix;\r
+ $time = time();\r
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users\r
+ SET\r
+ last_sign_in_stamp = ?\r
+ WHERE\r
+ id = ?");\r
+ $stmt->bind_param("ii", $time, $this->user_id);\r
+ $stmt->execute();\r
+ $stmt->close(); \r
+ }\r
+ \r
+ //Return the timestamp when the user registered\r
+ public function signupTimeStamp()\r
+ {\r
+ global $mysqli,$db_table_prefix;\r
+ \r
+ $stmt = $mysqli->prepare("SELECT sign_up_stamp\r
+ FROM ".$db_table_prefix."users\r
+ WHERE id = ?");\r
+ $stmt->bind_param("i", $this->user_id);\r
+ $stmt->execute();\r
+ $stmt->bind_result($timestamp);\r
+ $stmt->fetch();\r
+ $stmt->close();\r
+ return ($timestamp);\r
+ }\r
+ \r
+ //Update a users password\r
+ public function updatePassword($pass)\r
+ {\r
+ global $mysqli,$db_table_prefix;\r
+ $secure_pass = generateHash($pass);\r
+ $this->hash_pw = $secure_pass;\r
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users\r
+ SET\r
+ password = ? \r
+ WHERE\r
+ id = ?");\r
+ $stmt->bind_param("si", $secure_pass, $this->user_id);\r
+ $stmt->execute();\r
+ $stmt->close(); \r
+ }\r
+ \r
+ //Update a users email\r
+ public function updateEmail($email)\r
+ {\r
+ global $mysqli,$db_table_prefix;\r
+ $this->email = $email;\r
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users\r
+ SET \r
+ email = ?\r
+ WHERE\r
+ id = ?");\r
+ $stmt->bind_param("si", $email, $this->user_id);\r
+ $stmt->execute();\r
+ $stmt->close(); \r
+ }\r
+ \r
+ //Is a user has a permission\r
+ public function checkPermission($permission)\r
+ {\r
+ global $mysqli,$db_table_prefix,$master_account;\r
+ \r
+ //Grant access if master user\r
+ \r
+ $stmt = $mysqli->prepare("SELECT id \r
+ FROM ".$db_table_prefix."user_permission_matches\r
+ WHERE user_id = ?\r
+ AND permission_id = ?\r
+ LIMIT 1\r
+ ");\r
+ $access = 0;\r
+ foreach($permission as $check){\r
+ if ($access == 0){\r
+ $stmt->bind_param("ii", $this->user_id, $check);\r
+ $stmt->execute();\r
+ $stmt->store_result();\r
+ if ($stmt->num_rows > 0){\r
+ $access = 1;\r
+ }\r
+ }\r
+ }\r
+ if ($access == 1)\r
+ {\r
+ return true;\r
+ }\r
+ if ($this->user_id == $master_account){\r
+ return true; \r
+ }\r
+ else\r
+ {\r
+ return false; \r
+ }\r
+ $stmt->close();\r
+ }\r
+ \r
+ //Logout\r
+ public function userLogOut()\r
+ {\r
+ destroySession("userCakeUser");\r
+ } \r
+}\r
+\r
+?>
\ No newline at end of file
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+require_once("db-settings.php"); //Require DB connection\r
+\r
+//Retrieve settings\r
+$stmt = $mysqli->prepare("SELECT id, name, value\r
+ FROM ".$db_table_prefix."configuration"); \r
+$stmt->execute();\r
+$stmt->bind_result($id, $name, $value);\r
+\r
+while ($stmt->fetch()){\r
+ $settings[$name] = array('id' => $id, 'name' => $name, 'value' => $value);\r
+}\r
+$stmt->close();\r
+\r
+//Set Settings\r
+$emailActivation = $settings['activation']['value'];\r
+$mail_templates_dir = "models/mail-templates/";\r
+$websiteName = $settings['website_name']['value'];\r
+$websiteUrl = $settings['website_url']['value'];\r
+$emailAddress = $settings['email']['value'];\r
+$resend_activation_threshold = $settings['resend_activation_threshold']['value'];\r
+$emailDate = date('dmy');\r
+$language = $settings['language']['value'];\r
+$template = $settings['template']['value'];\r
+\r
+$master_account = -1;\r
+\r
+$default_hooks = array("#WEBSITENAME#","#WEBSITEURL#","#DATE#");\r
+$default_replace = array($websiteName,$websiteUrl,$emailDate);\r
+\r
+if (!file_exists($language)) {\r
+ $language = "models/languages/en.php";\r
+}\r
+\r
+if(!isset($language)) $language = "models/languages/en.php";\r
+\r
+//Pages to require\r
+require_once($language);\r
+require_once("class.mail.php");\r
+require_once("class.user.php");\r
+require_once("class.newuser.php");\r
+require_once("funcs.php");\r
+\r
+session_start();\r
+\r
+//Global User Object Var\r
+//loggedInUser can be used globally if constructed\r
+if(isset($_SESSION["userCakeUser"]) && is_object($_SESSION["userCakeUser"]))\r
+{\r
+ $loggedInUser = $_SESSION["userCakeUser"];\r
+}\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+//Database Information\r
+$db_host = "localhost"; //Host address (most likely localhost)\r
+$db_name = "users"; //Name of Database\r
+$db_user = "root"; //Name of database user\r
+$db_pass = "NOT_THE_PASSWORD"; //Password for database user\r
+$db_table_prefix = "uc_";\r
+\r
+GLOBAL $errors;\r
+GLOBAL $successes;\r
+\r
+$errors = array();\r
+$successes = array();\r
+\r
+/* Create a new mysqli object with database connection parameters */\r
+$mysqli = new mysqli($db_host, $db_user, $db_pass, $db_name);\r
+GLOBAL $mysqli;\r
+\r
+if(mysqli_connect_errno()) {\r
+ echo "Connection Failed: " . mysqli_connect_errno();\r
+ exit();\r
+}\r
+\r
+//Direct to install directory, if it exists\r
+if(is_dir("install/"))\r
+{\r
+ header("Location: install/");\r
+ die();\r
+\r
+}\r
+\r
+?>\r
--- /dev/null
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+function showHide(div){\r
+ if(document.getElementById(div).style.display = 'block'){\r
+ document.getElementById(div).style.display = 'none';\r
+ }else{\r
+ document.getElementById(div).style.display = 'block'; \r
+ }\r
+}\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+//Functions that do not interact with DB\r
+//------------------------------------------------------------------------------\r
+\r
+//Retrieve a list of all .php files in models/languages\r
+function getLanguageFiles()\r
+{\r
+ $directory = "models/languages/";\r
+ $languages = glob($directory . "*.php");\r
+ //print each file name\r
+ return $languages;\r
+}\r
+\r
+//Retrieve a list of all .css files in models/site-templates \r
+function getTemplateFiles()\r
+{\r
+ $directory = "models/site-templates/";\r
+ $languages = glob($directory . "*.css");\r
+ //print each file name\r
+ return $languages;\r
+}\r
+\r
+//Retrieve a list of all .php files in root files folder\r
+function getPageFiles()\r
+{\r
+ $directory = "";\r
+ $pages = glob($directory . "*.php");\r
+ //print each file name\r
+ foreach ($pages as $page){\r
+ $row[$page] = $page;\r
+ }\r
+ return $row;\r
+}\r
+\r
+//Destroys a session as part of logout\r
+function destroySession($name)\r
+{\r
+ if(isset($_SESSION[$name]))\r
+ {\r
+ $_SESSION[$name] = NULL;\r
+ unset($_SESSION[$name]);\r
+ }\r
+}\r
+\r
+//Generate a unique code\r
+function getUniqueCode($length = "")\r
+{ \r
+ $code = md5(uniqid(rand(), true));\r
+ if ($length != "") return substr($code, 0, $length);\r
+ else return $code;\r
+}\r
+\r
+//Generate an activation key\r
+function generateActivationToken($gen = null)\r
+{\r
+ do\r
+ {\r
+ $gen = md5(uniqid(mt_rand(), false));\r
+ }\r
+ while(validateActivationToken($gen));\r
+ return $gen;\r
+}\r
+\r
+//@ Thanks to - http://phpsec.org\r
+function generateHash($plainText, $salt = null)\r
+{\r
+ if ($salt === null)\r
+ {\r
+ $salt = substr(md5(uniqid(rand(), true)), 0, 25);\r
+ }\r
+ else\r
+ {\r
+ $salt = substr($salt, 0, 25);\r
+ }\r
+ \r
+ return $salt . sha1($salt . $plainText);\r
+}\r
+\r
+//Checks if an email is valid\r
+function isValidEmail($email)\r
+{\r
+ if (filter_var($email, FILTER_VALIDATE_EMAIL)) {\r
+ return true;\r
+ }\r
+ else {\r
+ return false;\r
+ }\r
+}\r
+\r
+//Inputs language strings from selected language.\r
+function lang($key,$markers = NULL)\r
+{\r
+ global $lang;\r
+ if($markers == NULL)\r
+ {\r
+ $str = $lang[$key];\r
+ }\r
+ else\r
+ {\r
+ //Replace any dyamic markers\r
+ $str = $lang[$key];\r
+ $iteration = 1;\r
+ foreach($markers as $marker)\r
+ {\r
+ $str = str_replace("%m".$iteration."%",$marker,$str);\r
+ $iteration++;\r
+ }\r
+ }\r
+ //Ensure we have something to return\r
+ if($str == "")\r
+ {\r
+ return ("No language key found");\r
+ }\r
+ else\r
+ {\r
+ return $str;\r
+ }\r
+}\r
+\r
+//Checks if a string is within a min and max length\r
+function minMaxRange($min, $max, $what)\r
+{\r
+ if(strlen(trim($what)) < $min)\r
+ return true;\r
+ else if(strlen(trim($what)) > $max)\r
+ return true;\r
+ else\r
+ return false;\r
+}\r
+\r
+//Replaces hooks with specified text\r
+function replaceDefaultHook($str)\r
+{\r
+ global $default_hooks,$default_replace; \r
+ return (str_replace($default_hooks,$default_replace,$str));\r
+}\r
+\r
+//Displays error and success messages\r
+function resultBlock($errors,$successes){\r
+ //Error block\r
+ if(count($errors) > 0)\r
+ {\r
+ echo "<div id='error'>\r
+ <a href='#' onclick=\"showHide('error');\">[X]</a>\r
+ <ul>";\r
+ foreach($errors as $error)\r
+ {\r
+ echo "<li>".$error."</li>";\r
+ }\r
+ echo "</ul>";\r
+ echo "</div>";\r
+ }\r
+ //Success block\r
+ if(count($successes) > 0)\r
+ {\r
+ echo "<div id='success'>\r
+ <a href='#' onclick=\"showHide('success');\">[X]</a>\r
+ <ul>";\r
+ foreach($successes as $success)\r
+ {\r
+ echo "<li>".$success."</li>";\r
+ }\r
+ echo "</ul>";\r
+ echo "</div>";\r
+ }\r
+}\r
+\r
+//Completely sanitizes text\r
+function sanitize($str)\r
+{\r
+ return strtolower(strip_tags(trim(($str))));\r
+}\r
+\r
+//Functions that interact mainly with .users table\r
+//------------------------------------------------------------------------------\r
+\r
+//Delete a defined array of users\r
+function deleteUsers($users) {\r
+ global $mysqli,$db_table_prefix; \r
+ $i = 0;\r
+ $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."users \r
+ WHERE id = ?");\r
+ $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches \r
+ WHERE user_id = ?");\r
+ foreach($users as $id){\r
+ $stmt->bind_param("i", $id);\r
+ $stmt->execute();\r
+ $stmt2->bind_param("i", $id);\r
+ $stmt2->execute();\r
+ $i++;\r
+ }\r
+ $stmt->close();\r
+ $stmt2->close();\r
+ return $i;\r
+}\r
+\r
+//Check if a display name exists in the DB\r
+function displayNameExists($displayname)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("SELECT active\r
+ FROM ".$db_table_prefix."users\r
+ WHERE\r
+ display_name = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("s", $displayname); \r
+ $stmt->execute();\r
+ $stmt->store_result();\r
+ $num_returns = $stmt->num_rows;\r
+ $stmt->close();\r
+ \r
+ if ($num_returns > 0)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ return false; \r
+ }\r
+}\r
+\r
+//Check if an email exists in the DB\r
+function emailExists($email)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("SELECT active\r
+ FROM ".$db_table_prefix."users\r
+ WHERE\r
+ email = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("s", $email); \r
+ $stmt->execute();\r
+ $stmt->store_result();\r
+ $num_returns = $stmt->num_rows;\r
+ $stmt->close();\r
+ \r
+ if ($num_returns > 0)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ return false; \r
+ }\r
+}\r
+\r
+//Check if a user name and email belong to the same user\r
+function emailUsernameLinked($email,$username)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("SELECT active\r
+ FROM ".$db_table_prefix."users\r
+ WHERE user_name = ?\r
+ AND\r
+ email = ?\r
+ LIMIT 1\r
+ ");\r
+ $stmt->bind_param("ss", $username, $email); \r
+ $stmt->execute();\r
+ $stmt->store_result();\r
+ $num_returns = $stmt->num_rows;\r
+ $stmt->close();\r
+ \r
+ if ($num_returns > 0)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ return false; \r
+ }\r
+}\r
+\r
+//Retrieve information for all users\r
+function fetchAllUsers()\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("SELECT \r
+ id,\r
+ user_name,\r
+ display_name,\r
+ password,\r
+ email,\r
+ activation_token,\r
+ last_activation_request,\r
+ lost_password_request,\r
+ active,\r
+ title,\r
+ sign_up_stamp,\r
+ last_sign_in_stamp\r
+ FROM ".$db_table_prefix."users");\r
+ $stmt->execute();\r
+ $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);\r
+ \r
+ while ($stmt->fetch()){\r
+ $row[] = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);\r
+ }\r
+ $stmt->close();\r
+ return ($row);\r
+}\r
+\r
+//Retrieve complete user information by username, token or ID\r
+function fetchUserDetails($username=NULL,$token=NULL, $id=NULL)\r
+{\r
+ if($username!=NULL) {\r
+ $column = "user_name";\r
+ $data = $username;\r
+ }\r
+ elseif($token!=NULL) {\r
+ $column = "activation_token";\r
+ $data = $token;\r
+ }\r
+ elseif($id!=NULL) {\r
+ $column = "id";\r
+ $data = $id;\r
+ }\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("SELECT \r
+ id,\r
+ user_name,\r
+ display_name,\r
+ password,\r
+ email,\r
+ activation_token,\r
+ last_activation_request,\r
+ lost_password_request,\r
+ active,\r
+ title,\r
+ sign_up_stamp,\r
+ last_sign_in_stamp\r
+ FROM ".$db_table_prefix."users\r
+ WHERE\r
+ $column = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("s", $data);\r
+ \r
+ $stmt->execute();\r
+ $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);\r
+ while ($stmt->fetch()){\r
+ $row = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);\r
+ }\r
+ $stmt->close();\r
+ return ($row);\r
+}\r
+\r
+//Toggle if lost password request flag on or off\r
+function flagLostPasswordRequest($username,$value)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users\r
+ SET lost_password_request = ?\r
+ WHERE\r
+ user_name = ?\r
+ LIMIT 1\r
+ ");\r
+ $stmt->bind_param("ss", $value, $username);\r
+ $result = $stmt->execute();\r
+ $stmt->close();\r
+ return $result;\r
+}\r
+\r
+//Check if a user is logged in\r
+function isUserLoggedIn()\r
+{\r
+ global $loggedInUser,$mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("SELECT \r
+ id,\r
+ password\r
+ FROM ".$db_table_prefix."users\r
+ WHERE\r
+ id = ?\r
+ AND \r
+ password = ? \r
+ AND\r
+ active = 1\r
+ LIMIT 1");\r
+ $stmt->bind_param("is", $loggedInUser->user_id, $loggedInUser->hash_pw); \r
+ $stmt->execute();\r
+ $stmt->store_result();\r
+ $num_returns = $stmt->num_rows;\r
+ $stmt->close();\r
+ \r
+ if($loggedInUser == NULL)\r
+ {\r
+ return false;\r
+ }\r
+ else\r
+ {\r
+ if ($num_returns > 0)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ destroySession("userCakeUser");\r
+ return false; \r
+ }\r
+ }\r
+}\r
+\r
+//Change a user from inactive to active\r
+function setUserActive($token)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users\r
+ SET active = 1\r
+ WHERE\r
+ activation_token = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("s", $token);\r
+ $result = $stmt->execute();\r
+ $stmt->close(); \r
+ return $result;\r
+}\r
+\r
+//Change a user's display name\r
+function updateDisplayName($id, $display)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users\r
+ SET display_name = ?\r
+ WHERE\r
+ id = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("si", $display, $id);\r
+ $result = $stmt->execute();\r
+ $stmt->close();\r
+ return $result;\r
+}\r
+\r
+//Update a user's email\r
+function updateEmail($id, $email)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users\r
+ SET \r
+ email = ?\r
+ WHERE\r
+ id = ?");\r
+ $stmt->bind_param("si", $email, $id);\r
+ $result = $stmt->execute();\r
+ $stmt->close(); \r
+ return $result;\r
+}\r
+\r
+//Input new activation token, and update the time of the most recent activation request\r
+function updateLastActivationRequest($new_activation_token,$username,$email)\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users\r
+ SET activation_token = ?,\r
+ last_activation_request = ?\r
+ WHERE email = ?\r
+ AND\r
+ user_name = ?");\r
+ $stmt->bind_param("ssss", $new_activation_token, time(), $email, $username);\r
+ $result = $stmt->execute();\r
+ $stmt->close(); \r
+ return $result;\r
+}\r
+\r
+//Generate a random password, and new token\r
+function updatePasswordFromToken($pass,$token)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $new_activation_token = generateActivationToken();\r
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users\r
+ SET password = ?,\r
+ activation_token = ?\r
+ WHERE\r
+ activation_token = ?");\r
+ $stmt->bind_param("sss", $pass, $new_activation_token, $token);\r
+ $result = $stmt->execute();\r
+ $stmt->close(); \r
+ return $result;\r
+}\r
+\r
+//Update a user's title\r
+function updateTitle($id, $title)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users\r
+ SET \r
+ title = ?\r
+ WHERE\r
+ id = ?");\r
+ $stmt->bind_param("si", $title, $id);\r
+ $result = $stmt->execute();\r
+ $stmt->close(); \r
+ return $result; \r
+}\r
+\r
+//Check if a user ID exists in the DB\r
+function userIdExists($id)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("SELECT active\r
+ FROM ".$db_table_prefix."users\r
+ WHERE\r
+ id = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("i", $id); \r
+ $stmt->execute();\r
+ $stmt->store_result();\r
+ $num_returns = $stmt->num_rows;\r
+ $stmt->close();\r
+ \r
+ if ($num_returns > 0)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ return false; \r
+ }\r
+}\r
+\r
+//Checks if a username exists in the DB\r
+function usernameExists($username)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("SELECT active\r
+ FROM ".$db_table_prefix."users\r
+ WHERE\r
+ user_name = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("s", $username); \r
+ $stmt->execute();\r
+ $stmt->store_result();\r
+ $num_returns = $stmt->num_rows;\r
+ $stmt->close();\r
+ \r
+ if ($num_returns > 0)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ return false; \r
+ }\r
+}\r
+\r
+//Check if activation token exists in DB\r
+function validateActivationToken($token,$lostpass=NULL)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ if($lostpass == NULL) \r
+ { \r
+ $stmt = $mysqli->prepare("SELECT active\r
+ FROM ".$db_table_prefix."users\r
+ WHERE active = 0\r
+ AND\r
+ activation_token = ?\r
+ LIMIT 1");\r
+ }\r
+ else \r
+ {\r
+ $stmt = $mysqli->prepare("SELECT active\r
+ FROM ".$db_table_prefix."users\r
+ WHERE active = 1\r
+ AND\r
+ activation_token = ?\r
+ AND\r
+ lost_password_request = 1 \r
+ LIMIT 1");\r
+ }\r
+ $stmt->bind_param("s", $token);\r
+ $stmt->execute();\r
+ $stmt->store_result();\r
+ $num_returns = $stmt->num_rows;\r
+ $stmt->close();\r
+ \r
+ if ($num_returns > 0)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ return false; \r
+ }\r
+}\r
+\r
+//Functions that interact mainly with .permissions table\r
+//------------------------------------------------------------------------------\r
+\r
+//Create a permission level in DB\r
+function createPermission($permission) {\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permissions (\r
+ name\r
+ )\r
+ VALUES (\r
+ ?\r
+ )");\r
+ $stmt->bind_param("s", $permission);\r
+ $result = $stmt->execute();\r
+ $stmt->close(); \r
+ return $result;\r
+}\r
+\r
+//Delete a permission level from the DB\r
+function deletePermission($permission) {\r
+ global $mysqli,$db_table_prefix,$errors; \r
+ $i = 0;\r
+ $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permissions \r
+ WHERE id = ?");\r
+ $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches \r
+ WHERE permission_id = ?");\r
+ $stmt3 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches \r
+ WHERE permission_id = ?");\r
+ foreach($permission as $id){\r
+ if ($id == 1){\r
+ $errors[] = lang("CANNOT_DELETE_NEWUSERS");\r
+ }\r
+ elseif ($id == 2){\r
+ $errors[] = lang("CANNOT_DELETE_ADMIN");\r
+ }\r
+ else{\r
+ $stmt->bind_param("i", $id);\r
+ $stmt->execute();\r
+ $stmt2->bind_param("i", $id);\r
+ $stmt2->execute();\r
+ $stmt3->bind_param("i", $id);\r
+ $stmt3->execute();\r
+ $i++;\r
+ }\r
+ }\r
+ $stmt->close();\r
+ $stmt2->close();\r
+ $stmt3->close();\r
+ return $i;\r
+}\r
+\r
+//Retrieve information for all permission levels\r
+function fetchAllPermissions()\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("SELECT \r
+ id,\r
+ name\r
+ FROM ".$db_table_prefix."permissions");\r
+ $stmt->execute();\r
+ $stmt->bind_result($id, $name);\r
+ while ($stmt->fetch()){\r
+ $row[] = array('id' => $id, 'name' => $name);\r
+ }\r
+ $stmt->close();\r
+ return ($row);\r
+}\r
+\r
+//Retrieve information for a single permission level\r
+function fetchPermissionDetails($id)\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("SELECT \r
+ id,\r
+ name\r
+ FROM ".$db_table_prefix."permissions\r
+ WHERE\r
+ id = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("i", $id);\r
+ $stmt->execute();\r
+ $stmt->bind_result($id, $name);\r
+ while ($stmt->fetch()){\r
+ $row = array('id' => $id, 'name' => $name);\r
+ }\r
+ $stmt->close();\r
+ return ($row);\r
+}\r
+\r
+//Check if a permission level ID exists in the DB\r
+function permissionIdExists($id)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("SELECT id\r
+ FROM ".$db_table_prefix."permissions\r
+ WHERE\r
+ id = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("i", $id); \r
+ $stmt->execute();\r
+ $stmt->store_result();\r
+ $num_returns = $stmt->num_rows;\r
+ $stmt->close();\r
+ \r
+ if ($num_returns > 0)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ return false; \r
+ }\r
+}\r
+\r
+//Check if a permission level name exists in the DB\r
+function permissionNameExists($permission)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("SELECT id\r
+ FROM ".$db_table_prefix."permissions\r
+ WHERE\r
+ name = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("s", $permission); \r
+ $stmt->execute();\r
+ $stmt->store_result();\r
+ $num_returns = $stmt->num_rows;\r
+ $stmt->close();\r
+ \r
+ if ($num_returns > 0)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ return false; \r
+ }\r
+}\r
+\r
+//Change a permission level's name\r
+function updatePermissionName($id, $name)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."permissions\r
+ SET name = ?\r
+ WHERE\r
+ id = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("si", $name, $id);\r
+ $result = $stmt->execute();\r
+ $stmt->close(); \r
+ return $result; \r
+}\r
+\r
+//Functions that interact mainly with .user_permission_matches table\r
+//------------------------------------------------------------------------------\r
+\r
+//Match permission level(s) with user(s)\r
+function addPermission($permission, $user) {\r
+ global $mysqli,$db_table_prefix; \r
+ $i = 0;\r
+ $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches (\r
+ permission_id,\r
+ user_id\r
+ )\r
+ VALUES (\r
+ ?,\r
+ ?\r
+ )");\r
+ if (is_array($permission)){\r
+ foreach($permission as $id){\r
+ $stmt->bind_param("ii", $id, $user);\r
+ $stmt->execute();\r
+ $i++;\r
+ }\r
+ }\r
+ elseif (is_array($user)){\r
+ foreach($user as $id){\r
+ $stmt->bind_param("ii", $permission, $id);\r
+ $stmt->execute();\r
+ $i++;\r
+ }\r
+ }\r
+ else {\r
+ $stmt->bind_param("ii", $permission, $user);\r
+ $stmt->execute();\r
+ $i++;\r
+ }\r
+ $stmt->close();\r
+ return $i;\r
+}\r
+\r
+//Retrieve information for all user/permission level matches\r
+function fetchAllMatches()\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("SELECT \r
+ id,\r
+ user_id,\r
+ permission_id\r
+ FROM ".$db_table_prefix."user_permission_matches");\r
+ $stmt->execute();\r
+ $stmt->bind_result($id, $user, $permission);\r
+ while ($stmt->fetch()){\r
+ $row[] = array('id' => $id, 'user_id' => $user, 'permission_id' => $permission);\r
+ }\r
+ $stmt->close();\r
+ return ($row); \r
+}\r
+\r
+//Retrieve list of permission levels a user has\r
+function fetchUserPermissions($user_id)\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("SELECT\r
+ id,\r
+ permission_id\r
+ FROM ".$db_table_prefix."user_permission_matches\r
+ WHERE user_id = ?\r
+ ");\r
+ $stmt->bind_param("i", $user_id); \r
+ $stmt->execute();\r
+ $stmt->bind_result($id, $permission);\r
+ while ($stmt->fetch()){\r
+ $row[$permission] = array('id' => $id, 'permission_id' => $permission);\r
+ }\r
+ $stmt->close();\r
+ if (isset($row)){\r
+ return ($row);\r
+ }\r
+}\r
+\r
+//Retrieve list of users who have a permission level\r
+function fetchPermissionUsers($permission_id)\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("SELECT id, user_id\r
+ FROM ".$db_table_prefix."user_permission_matches\r
+ WHERE permission_id = ?\r
+ ");\r
+ $stmt->bind_param("i", $permission_id); \r
+ $stmt->execute();\r
+ $stmt->bind_result($id, $user);\r
+ while ($stmt->fetch()){\r
+ $row[$user] = array('id' => $id, 'user_id' => $user);\r
+ }\r
+ $stmt->close();\r
+ if (isset($row)){\r
+ return ($row);\r
+ }\r
+}\r
+\r
+//Unmatch permission level(s) from user(s)\r
+function removePermission($permission, $user) {\r
+ global $mysqli,$db_table_prefix; \r
+ $i = 0;\r
+ $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches \r
+ WHERE permission_id = ?\r
+ AND user_id =?");\r
+ if (is_array($permission)){\r
+ foreach($permission as $id){\r
+ $stmt->bind_param("ii", $id, $user);\r
+ $stmt->execute();\r
+ $i++;\r
+ }\r
+ }\r
+ elseif (is_array($user)){\r
+ foreach($user as $id){\r
+ $stmt->bind_param("ii", $permission, $id);\r
+ $stmt->execute();\r
+ $i++;\r
+ }\r
+ }\r
+ else {\r
+ $stmt->bind_param("ii", $permission, $user);\r
+ $stmt->execute();\r
+ $i++;\r
+ }\r
+ $stmt->close();\r
+ return $i;\r
+}\r
+\r
+//Functions that interact mainly with .configuration table\r
+//------------------------------------------------------------------------------\r
+\r
+//Update configuration table\r
+function updateConfig($id, $value)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."configuration\r
+ SET \r
+ value = ?\r
+ WHERE\r
+ id = ?");\r
+ foreach ($id as $cfg){\r
+ $stmt->bind_param("si", $value[$cfg], $cfg);\r
+ $stmt->execute();\r
+ }\r
+ $stmt->close(); \r
+}\r
+\r
+//Functions that interact mainly with .pages table\r
+//------------------------------------------------------------------------------\r
+\r
+//Add a page to the DB\r
+function createPages($pages) {\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."pages (\r
+ page\r
+ )\r
+ VALUES (\r
+ ?\r
+ )");\r
+ foreach($pages as $page){\r
+ $stmt->bind_param("s", $page);\r
+ $stmt->execute();\r
+ }\r
+ $stmt->close();\r
+}\r
+\r
+//Delete a page from the DB\r
+function deletePages($pages) {\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."pages \r
+ WHERE id = ?");\r
+ $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches \r
+ WHERE page_id = ?");\r
+ foreach($pages as $id){\r
+ $stmt->bind_param("i", $id);\r
+ $stmt->execute();\r
+ $stmt2->bind_param("i", $id);\r
+ $stmt2->execute();\r
+ }\r
+ $stmt->close();\r
+ $stmt2->close();\r
+}\r
+\r
+//Fetch information on all pages\r
+function fetchAllPages()\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("SELECT \r
+ id,\r
+ page,\r
+ private\r
+ FROM ".$db_table_prefix."pages");\r
+ $stmt->execute();\r
+ $stmt->bind_result($id, $page, $private);\r
+ while ($stmt->fetch()){\r
+ $row[$page] = array('id' => $id, 'page' => $page, 'private' => $private);\r
+ }\r
+ $stmt->close();\r
+ if (isset($row)){\r
+ return ($row);\r
+ }\r
+}\r
+\r
+//Fetch information for a specific page\r
+function fetchPageDetails($id)\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("SELECT \r
+ id,\r
+ page,\r
+ private\r
+ FROM ".$db_table_prefix."pages\r
+ WHERE\r
+ id = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("i", $id);\r
+ $stmt->execute();\r
+ $stmt->bind_result($id, $page, $private);\r
+ while ($stmt->fetch()){\r
+ $row = array('id' => $id, 'page' => $page, 'private' => $private);\r
+ }\r
+ $stmt->close();\r
+ return ($row);\r
+}\r
+\r
+//Check if a page ID exists\r
+function pageIdExists($id)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("SELECT private\r
+ FROM ".$db_table_prefix."pages\r
+ WHERE\r
+ id = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("i", $id); \r
+ $stmt->execute();\r
+ $stmt->store_result(); \r
+ $num_returns = $stmt->num_rows;\r
+ $stmt->close();\r
+ \r
+ if ($num_returns > 0)\r
+ {\r
+ return true;\r
+ }\r
+ else\r
+ {\r
+ return false; \r
+ }\r
+}\r
+\r
+//Toggle private/public setting of a page\r
+function updatePrivate($id, $private)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."pages\r
+ SET \r
+ private = ?\r
+ WHERE\r
+ id = ?");\r
+ $stmt->bind_param("ii", $private, $id);\r
+ $result = $stmt->execute();\r
+ $stmt->close(); \r
+ return $result; \r
+}\r
+\r
+//Functions that interact mainly with .permission_page_matches table\r
+//------------------------------------------------------------------------------\r
+\r
+//Match permission level(s) with page(s)\r
+function addPage($page, $permission) {\r
+ global $mysqli,$db_table_prefix; \r
+ $i = 0;\r
+ $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permission_page_matches (\r
+ permission_id,\r
+ page_id\r
+ )\r
+ VALUES (\r
+ ?,\r
+ ?\r
+ )");\r
+ if (is_array($permission)){\r
+ foreach($permission as $id){\r
+ $stmt->bind_param("ii", $id, $page);\r
+ $stmt->execute();\r
+ $i++;\r
+ }\r
+ }\r
+ elseif (is_array($page)){\r
+ foreach($page as $id){\r
+ $stmt->bind_param("ii", $permission, $id);\r
+ $stmt->execute();\r
+ $i++;\r
+ }\r
+ }\r
+ else {\r
+ $stmt->bind_param("ii", $permission, $page);\r
+ $stmt->execute();\r
+ $i++;\r
+ }\r
+ $stmt->close();\r
+ return $i;\r
+}\r
+\r
+//Retrieve list of permission levels that can access a page\r
+function fetchPagePermissions($page_id)\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("SELECT\r
+ id,\r
+ permission_id\r
+ FROM ".$db_table_prefix."permission_page_matches\r
+ WHERE page_id = ?\r
+ ");\r
+ $stmt->bind_param("i", $page_id); \r
+ $stmt->execute();\r
+ $stmt->bind_result($id, $permission);\r
+ while ($stmt->fetch()){\r
+ $row[$permission] = array('id' => $id, 'permission_id' => $permission);\r
+ }\r
+ $stmt->close();\r
+ if (isset($row)){\r
+ return ($row);\r
+ }\r
+}\r
+\r
+//Retrieve list of pages that a permission level can access\r
+function fetchPermissionPages($permission_id)\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("SELECT\r
+ id,\r
+ page_id\r
+ FROM ".$db_table_prefix."permission_page_matches\r
+ WHERE permission_id = ?\r
+ ");\r
+ $stmt->bind_param("i", $permission_id); \r
+ $stmt->execute();\r
+ $stmt->bind_result($id, $page);\r
+ while ($stmt->fetch()){\r
+ $row[$page] = array('id' => $id, 'permission_id' => $page);\r
+ }\r
+ $stmt->close();\r
+ if (isset($row)){\r
+ return ($row);\r
+ }\r
+}\r
+\r
+//Unmatched permission and page\r
+function removePage($page, $permission) {\r
+ global $mysqli,$db_table_prefix; \r
+ $i = 0;\r
+ $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches \r
+ WHERE page_id = ?\r
+ AND permission_id =?");\r
+ if (is_array($page)){\r
+ foreach($page as $id){\r
+ $stmt->bind_param("ii", $id, $permission);\r
+ $stmt->execute();\r
+ $i++;\r
+ }\r
+ }\r
+ elseif (is_array($permission)){\r
+ foreach($permission as $id){\r
+ $stmt->bind_param("ii", $page, $id);\r
+ $stmt->execute();\r
+ $i++;\r
+ }\r
+ }\r
+ else {\r
+ $stmt->bind_param("ii", $permission, $user);\r
+ $stmt->execute();\r
+ $i++;\r
+ }\r
+ $stmt->close();\r
+ return $i;\r
+}\r
+\r
+//Check if a user has access to a page\r
+function securePage($uri){\r
+ \r
+ //Separate document name from uri\r
+ $tokens = explode('/', $uri);\r
+ $page = $tokens[sizeof($tokens)-1];\r
+ global $mysqli,$db_table_prefix,$loggedInUser;\r
+ //retrieve page details\r
+ $stmt = $mysqli->prepare("SELECT \r
+ id,\r
+ page,\r
+ private\r
+ FROM ".$db_table_prefix."pages\r
+ WHERE\r
+ page = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("s", $page);\r
+ $stmt->execute();\r
+ $stmt->bind_result($id, $page, $private);\r
+ while ($stmt->fetch()){\r
+ $pageDetails = array('id' => $id, 'page' => $page, 'private' => $private);\r
+ }\r
+ $stmt->close();\r
+ //If page does not exist in DB, allow access\r
+ if (empty($pageDetails)){\r
+ return true;\r
+ }\r
+ //If page is public, allow access\r
+ elseif ($pageDetails['private'] == 0) {\r
+ return true; \r
+ }\r
+ //If user is not logged in, deny access\r
+ elseif(!isUserLoggedIn()) \r
+ {\r
+ header("Location: login.php");\r
+ return false;\r
+ }\r
+ else {\r
+ //Retrieve list of permission levels with access to page\r
+ $stmt = $mysqli->prepare("SELECT\r
+ permission_id\r
+ FROM ".$db_table_prefix."permission_page_matches\r
+ WHERE page_id = ?\r
+ ");\r
+ $stmt->bind_param("i", $pageDetails['id']); \r
+ $stmt->execute();\r
+ $stmt->bind_result($permission);\r
+ while ($stmt->fetch()){\r
+ $pagePermissions[] = $permission;\r
+ }\r
+ $stmt->close();\r
+ //Check if user's permission levels allow access to page\r
+ if ($loggedInUser->checkPermission($pagePermissions)){ \r
+ return true;\r
+ }\r
+ //Grant access if master user\r
+ elseif ($loggedInUser->user_id == $master_account){\r
+ return true;\r
+ }\r
+ else {\r
+ header("Location: account.php");\r
+ return false; \r
+ }\r
+ }\r
+}\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+echo "\r
+<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>\r
+<html xmlns='http://www.w3.org/1999/xhtml'>\r
+<head>\r
+<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />\r
+<title>".$websiteName."</title>\r
+<link href='".$template."' rel='stylesheet' type='text/css' />\r
+<script src='models/funcs.js' type='text/javascript'>\r
+</script>\r
+</head>";\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+/*\r
+%m1% - Dymamic markers which are replaced at run time by the relevant index.\r
+*/\r
+\r
+$lang = array();\r
+\r
+//Account\r
+$lang = array_merge($lang,array(\r
+ "ACCOUNT_SPECIFY_USERNAME" => "Please enter your username",\r
+ "ACCOUNT_SPECIFY_PASSWORD" => "Please enter your password",\r
+ "ACCOUNT_SPECIFY_EMAIL" => "Please enter your email address",\r
+ "ACCOUNT_INVALID_EMAIL" => "Invalid email address",\r
+ "ACCOUNT_USER_OR_EMAIL_INVALID" => "Username or email address is invalid",\r
+ "ACCOUNT_USER_OR_PASS_INVALID" => "Username or password is invalid",\r
+ "ACCOUNT_ALREADY_ACTIVE" => "Your account is already activated",\r
+ "ACCOUNT_INACTIVE" => "Your account is in-active. Check your emails / spam folder for account activation instructions",\r
+ "ACCOUNT_USER_CHAR_LIMIT" => "Your username must be between %m1% and %m2% characters in length",\r
+ "ACCOUNT_DISPLAY_CHAR_LIMIT" => "Your display name must be between %m1% and %m2% characters in length",\r
+ "ACCOUNT_PASS_CHAR_LIMIT" => "Your password must be between %m1% and %m2% characters in length",\r
+ "ACCOUNT_TITLE_CHAR_LIMIT" => "Titles must be between %m1% and %m2% characters in length",\r
+ "ACCOUNT_PASS_MISMATCH" => "Your password and confirmation password must match",\r
+ "ACCOUNT_DISPLAY_INVALID_CHARACTERS" => "Display name can only include alpha-numeric characters",\r
+ "ACCOUNT_USERNAME_IN_USE" => "Username %m1% is already in use",\r
+ "ACCOUNT_DISPLAYNAME_IN_USE" => "Display name %m1% is already in use",\r
+ "ACCOUNT_EMAIL_IN_USE" => "Email %m1% is already in use",\r
+ "ACCOUNT_LINK_ALREADY_SENT" => "An activation email has already been sent to this email address in the last %m1% hour(s)",\r
+ "ACCOUNT_NEW_ACTIVATION_SENT" => "We have emailed you a new activation link, please check your email",\r
+ "ACCOUNT_SPECIFY_NEW_PASSWORD" => "Please enter your new password", \r
+ "ACCOUNT_SPECIFY_CONFIRM_PASSWORD" => "Please confirm your new password",\r
+ "ACCOUNT_NEW_PASSWORD_LENGTH" => "New password must be between %m1% and %m2% characters in length", \r
+ "ACCOUNT_PASSWORD_INVALID" => "Current password doesn't match the one we have on record", \r
+ "ACCOUNT_DETAILS_UPDATED" => "Account details updated",\r
+ "ACCOUNT_ACTIVATION_MESSAGE" => "You will need to activate your account before you can login. Please follow the link below to activate your account. \n\n\r
+ %m1%activate-account.php?token=%m2%", \r
+ "ACCOUNT_ACTIVATION_COMPLETE" => "You have successfully activated your account. You can now login <a href=\"login.php\">here</a>.",\r
+ "ACCOUNT_REGISTRATION_COMPLETE_TYPE1" => "You have successfully registered. You can now login <a href=\"login.php\">here</a>.",\r
+ "ACCOUNT_REGISTRATION_COMPLETE_TYPE2" => "You have successfully registered. You will soon receive an activation email. \r
+ You must activate your account before logging in.",\r
+ "ACCOUNT_PASSWORD_NOTHING_TO_UPDATE" => "You cannot update with the same password",\r
+ "ACCOUNT_PASSWORD_UPDATED" => "Account password updated",\r
+ "ACCOUNT_EMAIL_UPDATED" => "Account email updated",\r
+ "ACCOUNT_TOKEN_NOT_FOUND" => "Token does not exist / Account is already activated",\r
+ "ACCOUNT_USER_INVALID_CHARACTERS" => "Username can only include alpha-numeric characters",\r
+ "ACCOUNT_DELETIONS_SUCCESSFUL" => "You have successfully deleted %m1% users",\r
+ "ACCOUNT_MANUALLY_ACTIVATED" => "%m1%'s account has been manually activated",\r
+ "ACCOUNT_DISPLAYNAME_UPDATED" => "Displayname changed to %m1%",\r
+ "ACCOUNT_TITLE_UPDATED" => "%m1%'s title changed to %m2%",\r
+ "ACCOUNT_PERMISSION_ADDED" => "Added access to %m1% permission levels",\r
+ "ACCOUNT_PERMISSION_REMOVED" => "Removed access from %m1% permission levels",\r
+ "ACCOUNT_INVALID_USERNAME" => "Invalid username",\r
+ ));\r
+\r
+//Configuration\r
+$lang = array_merge($lang,array(\r
+ "CONFIG_NAME_CHAR_LIMIT" => "Site name must be between %m1% and %m2% characters in length",\r
+ "CONFIG_URL_CHAR_LIMIT" => "Site name must be between %m1% and %m2% characters in length",\r
+ "CONFIG_EMAIL_CHAR_LIMIT" => "Site name must be between %m1% and %m2% characters in length",\r
+ "CONFIG_ACTIVATION_TRUE_FALSE" => "Email activation must be either `true` or `false`",\r
+ "CONFIG_ACTIVATION_RESEND_RANGE" => "Activation Threshold must be between %m1% and %m2% hours",\r
+ "CONFIG_LANGUAGE_CHAR_LIMIT" => "Language path must be between %m1% and %m2% characters in length",\r
+ "CONFIG_LANGUAGE_INVALID" => "There is no file for the language key `%m1%`",\r
+ "CONFIG_TEMPLATE_CHAR_LIMIT" => "Template path must be between %m1% and %m2% characters in length",\r
+ "CONFIG_TEMPLATE_INVALID" => "There is no file for the template key `%m1%`",\r
+ "CONFIG_EMAIL_INVALID" => "The email you have entered is not valid",\r
+ "CONFIG_INVALID_URL_END" => "Please include the ending / in your site's URL",\r
+ "CONFIG_UPDATE_SUCCESSFUL" => "Your site's configuration has been updated. You may need to load a new page for all the settings to take effect",\r
+ ));\r
+\r
+//Forgot Password\r
+$lang = array_merge($lang,array(\r
+ "FORGOTPASS_INVALID_TOKEN" => "Your activation token is not valid",\r
+ "FORGOTPASS_NEW_PASS_EMAIL" => "We have emailed you a new password",\r
+ "FORGOTPASS_REQUEST_CANNED" => "Lost password request cancelled",\r
+ "FORGOTPASS_REQUEST_EXISTS" => "There is already a outstanding lost password request on this account",\r
+ "FORGOTPASS_REQUEST_SUCCESS" => "We have emailed you instructions on how to regain access to your account",\r
+ ));\r
+\r
+//Mail\r
+$lang = array_merge($lang,array(\r
+ "MAIL_ERROR" => "Fatal error attempting mail, contact your server administrator",\r
+ "MAIL_TEMPLATE_BUILD_ERROR" => "Error building email template",\r
+ "MAIL_TEMPLATE_DIRECTORY_ERROR" => "Unable to open mail-templates directory. Perhaps try setting the mail directory to %m1%",\r
+ "MAIL_TEMPLATE_FILE_EMPTY" => "Template file is empty... nothing to send",\r
+ ));\r
+\r
+//Miscellaneous\r
+$lang = array_merge($lang,array(\r
+ "CAPTCHA_FAIL" => "Failed security question",\r
+ "CONFIRM" => "Confirm",\r
+ "DENY" => "Deny",\r
+ "SUCCESS" => "Success",\r
+ "ERROR" => "Error",\r
+ "NOTHING_TO_UPDATE" => "Nothing to update",\r
+ "SQL_ERROR" => "Fatal SQL error",\r
+ "FEATURE_DISABLED" => "This feature is currently disabled",\r
+ "PAGE_PRIVATE_TOGGLED" => "This page is now %m1%",\r
+ "PAGE_ACCESS_REMOVED" => "Page access removed for %m1% permission level(s)",\r
+ "PAGE_ACCESS_ADDED" => "Page access added for %m1% permission level(s)",\r
+ ));\r
+\r
+//Permissions\r
+$lang = array_merge($lang,array(\r
+ "PERMISSION_CHAR_LIMIT" => "Permission names must be between %m1% and %m2% characters in length",\r
+ "PERMISSION_NAME_IN_USE" => "Permission name %m1% is already in use",\r
+ "PERMISSION_DELETIONS_SUCCESSFUL" => "Successfully deleted %m1% permission level(s)",\r
+ "PERMISSION_CREATION_SUCCESSFUL" => "Successfully created the permission level `%m1%`",\r
+ "PERMISSION_NAME_UPDATE" => "Permission level name changed to `%m1%`",\r
+ "PERMISSION_REMOVE_PAGES" => "Successfully removed access to %m1% page(s)",\r
+ "PERMISSION_ADD_PAGES" => "Successfully added access to %m1% page(s)",\r
+ "PERMISSION_REMOVE_USERS" => "Successfully removed %m1% user(s)",\r
+ "PERMISSION_ADD_USERS" => "Successfully added %m1% user(s)",\r
+ "CANNOT_DELETE_NEWUSERS" => "You cannot delete the default 'new user' group",\r
+ "CANNOT_DELETE_ADMIN" => "You cannot delete the default 'admin' group",\r
+ ));\r
+?>
\ No newline at end of file
--- /dev/null
+Hello #USERNAME#\r
+\r
+A lost password request has been submitted for your account on #DATE#.\r
+\r
+To confirm / deny this request click one of the below links\r
+\r
+#CONFIRM-URL# \r
+\r
+#DENY-URL#\r
--- /dev/null
+Hello #USERNAME#\r
+\r
+Thank you for joining our website #WEBSITENAME#\r
+#ACTIVATION-MESSAGE\r
+\r
+-Regards
\ No newline at end of file
--- /dev/null
+Hello #USERNAME#\r
+\r
+We have received a new activation request for your account. Please follow the link below to activate.\r
+\r
+If you did not request this e-mail, please disregard this message.\r
+\r
+#ACTIVATION-URL\r
+\r
+-Regards
\ No newline at end of file
--- /dev/null
+Hello #USERNAME#\r
+\r
+We have set up a temporary password for your account at #WEBSITENAME#.\r
+\r
+Please login at #WEBSITEURL#login.php as soon as possible and change this password to something you will remember.\r
+\r
+Your Password: #GENERATED-PASS#\r
+\r
+-Regards\r
--- /dev/null
+html, body {\r
+ margin: 0px;\r
+ background: #fff;\r
+ font-family:Verdana, Arial, Helvetica, sans-serif;\r
+ font-size:0.95em;\r
+ color:#4d4948;\r
+}\r
+\r
+h1 {\r
+ margin: 0;\r
+ text-align: center;\r
+ font-size: 150%;\r
+ padding: 0px;\r
+}\r
+\r
+h2 {\r
+ margin: 0;\r
+ text-align: center;\r
+ font-size: 120%;\r
+ padding: 0px;\r
+}\r
+\r
+h3 {\r
+ margin: 0;\r
+ font-size: 105%;\r
+ padding: 0px;\r
+}\r
+\r
+a {\r
+ color:#4d4948;\r
+}\r
+\r
+#top {\r
+ margin: 0 auto 0 auto;\r
+ background:url('images/top-bg.jpg') repeat-x;\r
+ width:100%;\r
+ height:115px;\r
+}\r
+\r
+#logo {\r
+ margin: 0 auto 0 auto;\r
+ background:url('images/latest-build.gif');\r
+ width: 155px;\r
+ height: 124px;\r
+}\r
+\r
+#content {\r
+ margin: 0 auto 0 auto;\r
+ width: 95%;\r
+}\r
+\r
+#content #left-nav {\r
+ width:15%;\r
+ float:left;\r
+ font-size:95%;\r
+}\r
+\r
+#content #left-nav ul {\r
+ padding:0 0 50px 0;\r
+ margin:0;\r
+}\r
+\r
+#content #left-nav ul li {\r
+ padding:0;\r
+ margin:0;\r
+ list-style:none;\r
+}\r
+\r
+#content #left-nav ul li a {\r
+ text-decoration:none;\r
+}\r
+\r
+#content #left-nav ul li a:hover {\r
+ color:#ff0505;\r
+ text-decoration:underline;\r
+}\r
+\r
+#content #main {\r
+ float:left;\r
+ width:85%;\r
+ font-size:90%;\r
+}\r
+\r
+#content #main #regbox {\r
+ padding: 0 0 0 0;\r
+}\r
+\r
+#content #main #regbox label {\r
+ width:100px;\r
+ float:left;\r
+}\r
+\r
+table.admin td {\r
+ vertical-align: top; \r
+}\r
+\r
+#error {\r
+ display:block;\r
+ margin:5px;\r
+ color:#4d4948;\r
+ background-color:#fffebe;\r
+ border: 1px solid #cbcbcb;\r
+ font-size:90%;\r
+}\r
+\r
+#success {\r
+ margin:5px;\r
+ color:#4d4948;\r
+ background-color:#bce9b5;\r
+ border: 1px solid #7ace6c;\r
+ font-size:90%;\r
+}\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Prevent the user visiting the logged in page if he/she is already logged in\r
+if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
+\r
+//Forms posted\r
+if(!empty($_POST))\r
+{\r
+ $errors = array();\r
+ $email = trim($_POST["email"]);\r
+ $username = trim($_POST["username"]);\r
+ $displayname = trim($_POST["displayname"]);\r
+ $password = trim($_POST["password"]);\r
+ $confirm_pass = trim($_POST["passwordc"]);\r
+ $captcha = md5($_POST["captcha"]);\r
+ \r
+ \r
+ if ($captcha != $_SESSION['captcha'])\r
+ {\r
+ $errors[] = lang("CAPTCHA_FAIL");\r
+ }\r
+ if(minMaxRange(5,25,$username))\r
+ {\r
+ $errors[] = lang("ACCOUNT_USER_CHAR_LIMIT",array(5,25));\r
+ }\r
+ if(!ctype_alnum($username)){\r
+ $errors[] = lang("ACCOUNT_USER_INVALID_CHARACTERS");\r
+ }\r
+ if(minMaxRange(5,25,$displayname))\r
+ {\r
+ $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT",array(5,25));\r
+ }\r
+ if(!ctype_alnum($displayname)){\r
+ $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");\r
+ }\r
+ if(minMaxRange(8,50,$password) && minMaxRange(8,50,$confirm_pass))\r
+ {\r
+ $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT",array(8,50));\r
+ }\r
+ else if($password != $confirm_pass)\r
+ {\r
+ $errors[] = lang("ACCOUNT_PASS_MISMATCH");\r
+ }\r
+ if(!isValidEmail($email))\r
+ {\r
+ $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
+ }\r
+ //End data validation\r
+ if(count($errors) == 0)\r
+ { \r
+ //Construct a user object\r
+ $user = new User($username,$displayname,$password,$email);\r
+ \r
+ //Checking this flag tells us whether there were any errors such as possible data duplication occured\r
+ if(!$user->status)\r
+ {\r
+ if($user->username_taken) $errors[] = lang("ACCOUNT_USERNAME_IN_USE",array($username));\r
+ if($user->displayname_taken) $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname));\r
+ if($user->email_taken) $errors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email)); \r
+ }\r
+ else\r
+ {\r
+ //Attempt to add the user to the database, carry out finishing tasks like emailing the user (if required)\r
+ if(!$user->userCakeAddUser())\r
+ {\r
+ if($user->mail_failure) $errors[] = lang("MAIL_ERROR");\r
+ if($user->sql_failure) $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ }\r
+ if(count($errors) == 0) {\r
+ $successes[] = $user->success;\r
+ }\r
+}\r
+\r
+require_once("models/header.php");\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Register</h2>\r
+\r
+<div id='left-nav'>";\r
+include("left-nav.php");\r
+echo "\r
+</div>\r
+\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+<div id='regbox'>\r
+<form name='newUser' action='".$_SERVER['PHP_SELF']."' method='post'>\r
+\r
+<p>\r
+<label>User Name:</label>\r
+<input type='text' name='username' />\r
+</p>\r
+<p>\r
+<label>Display Name:</label>\r
+<input type='text' name='displayname' />\r
+</p>\r
+<p>\r
+<label>Password:</label>\r
+<input type='password' name='password' />\r
+</p>\r
+<p>\r
+<label>Confirm:</label>\r
+<input type='password' name='passwordc' />\r
+</p>\r
+<p>\r
+<label>Email:</label>\r
+<input type='text' name='email' />\r
+</p>\r
+<p>\r
+<label>Security Code:</label>\r
+<img src='models/captcha.php'>\r
+</p>\r
+<label>Enter Security Code:</label>\r
+<input name='captcha' type='text'>\r
+</p>\r
+<label> <br>\r
+<input type='submit' value='Register'/>\r
+</p>\r
+\r
+</form>\r
+</div>\r
+\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Forms posted\r
+if(!empty($_POST) && $emailActivation)\r
+{\r
+ $email = $_POST["email"];\r
+ $username = $_POST["username"];\r
+ \r
+ //Perform some validation\r
+ //Feel free to edit / change as required\r
+ if(trim($email) == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");\r
+ }\r
+ //Check to ensure email is in the correct format / in the db\r
+ else if(!isValidEmail($email) || !emailExists($email))\r
+ {\r
+ $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
+ }\r
+ \r
+ if(trim($username) == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
+ }\r
+ else if(!usernameExists($username))\r
+ {\r
+ $errors[] = lang("ACCOUNT_INVALID_USERNAME");\r
+ }\r
+ \r
+ if(count($errors) == 0)\r
+ {\r
+ //Check that the username / email are associated to the same account\r
+ if(!emailUsernameLinked($email,$username))\r
+ {\r
+ $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");\r
+ }\r
+ else\r
+ {\r
+ $userdetails = fetchUserDetails($username);\r
+ \r
+ //See if the user's account is activation\r
+ if($userdetails["active"]==1)\r
+ {\r
+ $errors[] = lang("ACCOUNT_ALREADY_ACTIVE");\r
+ }\r
+ else\r
+ {\r
+ if ($resend_activation_threshold == 0) {\r
+ $hours_diff = 0;\r
+ }\r
+ else {\r
+ $last_request = $userdetails["last_activation_request"];\r
+ $hours_diff = round((time()-$last_request) / (3600*$resend_activation_threshold),0);\r
+ }\r
+ \r
+ if($resend_activation_threshold!=0 && $hours_diff <= $resend_activation_threshold)\r
+ {\r
+ $errors[] = lang("ACCOUNT_LINK_ALREADY_SENT",array($resend_activation_threshold));\r
+ }\r
+ else\r
+ {\r
+ //For security create a new activation url;\r
+ $new_activation_token = generateActivationToken();\r
+ \r
+ if(!updateLastActivationRequest($new_activation_token,$username,$email))\r
+ {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ else\r
+ {\r
+ $mail = new userCakeMail();\r
+ \r
+ $activation_url = $websiteUrl."activate-account.php?token=".$new_activation_token;\r
+ \r
+ //Setup our custom hooks\r
+ $hooks = array(\r
+ "searchStrs" => array("#ACTIVATION-URL","#USERNAME#"),\r
+ "subjectStrs" => array($activation_url,$userdetails["display_name"])\r
+ );\r
+ \r
+ if(!$mail->newTemplateMsg("resend-activation.txt",$hooks))\r
+ {\r
+ $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");\r
+ }\r
+ else\r
+ {\r
+ if(!$mail->sendMail($userdetails["email"],"Activate your ".$websiteName." Account"))\r
+ {\r
+ $errors[] = lang("MAIL_ERROR");\r
+ }\r
+ else\r
+ {\r
+ //Success, user details have been updated in the db now mail this information out.\r
+ $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT");\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+}\r
+\r
+//Prevent the user visiting the logged in page if he/she is already logged in\r
+if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
+\r
+require_once("models/header.php");\r
+\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>Resend Activation</h2>\r
+<div id='left-nav'>";\r
+\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "<div id='regbox'>";\r
+\r
+//Show disabled if email activation not required\r
+if(!$emailActivation)\r
+{ \r
+ echo lang("FEATURE_DISABLED");\r
+}\r
+else\r
+{\r
+ echo "<form name='resendActivation' action='".$_SERVER['PHP_SELF']."' method='post'>\r
+ <p>\r
+ <label>Username:</label>\r
+ <input type='text' name='username' />\r
+ </p> \r
+ <p>\r
+ <label>Email:</label>\r
+ <input type='text' name='email' />\r
+ </p> \r
+ <p>\r
+ <label> </label>\r
+ <input type='submit' value='Submit' class='submit' />\r
+ </p>\r
+ </form>";\r
+}\r
+\r
+echo "\r
+</div> \r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Prevent the user visiting the logged in page if he is not logged in\r
+if(!isUserLoggedIn()) { header("Location: login.php"); die(); }\r
+\r
+if(!empty($_POST))\r
+{\r
+ $errors = array();\r
+ $successes = array();\r
+ $password = $_POST["password"];\r
+ $password_new = $_POST["passwordc"];\r
+ $password_confirm = $_POST["passwordcheck"];\r
+ \r
+ $errors = array();\r
+ $email = $_POST["email"];\r
+ \r
+ //Perform some validation\r
+ //Feel free to edit / change as required\r
+ \r
+ //Confirm the hashes match before updating a users password\r
+ $entered_pass = generateHash($password,$loggedInUser->hash_pw);\r
+ \r
+ if (trim($password) == ""){\r
+ $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
+ }\r
+ else if($entered_pass != $loggedInUser->hash_pw)\r
+ {\r
+ //No match\r
+ $errors[] = lang("ACCOUNT_PASSWORD_INVALID");\r
+ } \r
+ if($email != $loggedInUser->email)\r
+ {\r
+ if(trim($email) == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");\r
+ }\r
+ else if(!isValidEmail($email))\r
+ {\r
+ $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
+ }\r
+ else if(emailExists($email))\r
+ {\r
+ $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); \r
+ }\r
+ \r
+ //End data validation\r
+ if(count($errors) == 0)\r
+ {\r
+ $loggedInUser->updateEmail($email);\r
+ $successes[] = lang("ACCOUNT_EMAIL_UPDATED");\r
+ }\r
+ }\r
+ \r
+ if ($password_new != "" OR $password_confirm != "")\r
+ {\r
+ if(trim($password_new) == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");\r
+ }\r
+ else if(trim($password_confirm) == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");\r
+ }\r
+ else if(minMaxRange(8,50,$password_new))\r
+ { \r
+ $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(8,50));\r
+ }\r
+ else if($password_new != $password_confirm)\r
+ {\r
+ $errors[] = lang("ACCOUNT_PASS_MISMATCH");\r
+ }\r
+ \r
+ //End data validation\r
+ if(count($errors) == 0)\r
+ {\r
+ //Also prevent updating if someone attempts to update with the same password\r
+ $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw);\r
+ \r
+ if($entered_pass_new == $loggedInUser->hash_pw)\r
+ {\r
+ //Don't update, this fool is trying to update with the same password ¬¬\r
+ $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");\r
+ }\r
+ else\r
+ {\r
+ //This function will create the new hash and update the hash_pw property.\r
+ $loggedInUser->updatePassword($password_new);\r
+ $successes[] = lang("ACCOUNT_PASSWORD_UPDATED");\r
+ }\r
+ }\r
+ }\r
+ if(count($errors) == 0 AND count($successes) == 0){\r
+ $errors[] = lang("NOTHING_TO_UPDATE");\r
+ }\r
+}\r
+\r
+require_once("models/header.php");\r
+echo "\r
+<body>\r
+<div id='wrapper'>\r
+<div id='top'><div id='logo'></div></div>\r
+<div id='content'>\r
+<h1>UserCake</h1>\r
+<h2>User Settings</h2>\r
+<div id='left-nav'>";\r
+include("left-nav.php");\r
+\r
+echo "\r
+</div>\r
+<div id='main'>";\r
+\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
+<div id='regbox'>\r
+<form name='updateAccount' action='".$_SERVER['PHP_SELF']."' method='post'>\r
+<p>\r
+<label>Password:</label>\r
+<input type='password' name='password' />\r
+</p>\r
+<p>\r
+<label>Email:</label>\r
+<input type='text' name='email' value='".$loggedInUser->email."' />\r
+</p>\r
+<p>\r
+<label>New Pass:</label>\r
+<input type='password' name='passwordc' />\r
+</p>\r
+<p>\r
+<label>Confirm Pass:</label>\r
+<input type='password' name='passwordcheck' />\r
+</p>\r
+<p>\r
+<label> </label>\r
+<input type='submit' value='Update' class='submit' />\r
+</p>\r
+</form>\r
+</div>\r
+</div>\r
+<div id='bottom'></div>\r
+</div>\r
+</body>\r
+</html>";\r
+\r
+?>\r
git.ucc.asn.au / matches / MCTX3420.git / commitdiff
UCC git Repository :: git.ucc.asn.au
