verbosity="$LOGDEBUG"
# Set to 1/0 to enable/disable the pin module (gives direct control over GPIO/ADC/PWM)
+#TODO: This option isn't actually implemented yet...
pin_test="0"
# Set to the URI to use authentication
-#auth_uri="ldap://192.168.1.1"
-#auth_uri="ldaps://ldap.pheme.uwa.edu.au" #UWA
+#auth_uri="ldap://192.168.1.1#ou=People,dc=daedalus"
+#auth_uri="ldaps://ldap.pheme.uwa.edu.au#ou=Users,ou=UWA,dc=uwads,dc=uwa,dc=edu,dc=au" #UWA
#auth_uri="/etc/shadow"
#auth_uri="shadow"
-
-# Set to the dn of the LDAP server
-ldap_base_dn="ou=People,dc=daedalus" # Testing
-#ldap_base_dn="ou=Users,ou=UWA,dc=uwads,dc=uwa,dc=edu,dc=au" #UWA
+auth_uri="mysql://localhost#root,$(cat mysql_password)"
## OPTIONS TO BE PASSED TO SERVER; DO NOT EDIT
-parameters="-v $verbosity -p $pin_test"
-# -A $auth_uri -d $ldap_base_dn"
+parameters="-v $verbosity -p $pin_test -A $auth_uri"
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Account</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>\r
-Hey, $loggedInUser->displayname. This is an example secure page designed to demonstrate some of the basic features of UserCake. Just so you know, your title at the moment is $loggedInUser->title, and that can be changed in the admin panel. You registered this account on " . date("M d, Y", $loggedInUser->signupTimeStamp()) . ".\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php \r
-/*\r
-UserCake Version: 2.0.1\r
-http://usercake.com\r
-*/\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Get token param\r
-if(isset($_GET["token"]))\r
-{ \r
- $token = $_GET["token"]; \r
- if(!isset($token))\r
- {\r
- $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
- }\r
- else if(!validateActivationToken($token)) //Check for a valid token. Must exist and active must be = 0\r
- {\r
- $errors[] = lang("ACCOUNT_TOKEN_NOT_FOUND");\r
- }\r
- else\r
- {\r
- //Activate the users account\r
- if(!setUserActive($token))\r
- {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
-}\r
-else\r
-{\r
- $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
-}\r
-\r
-if(count($errors) == 0) {\r
- $successes[] = lang("ACCOUNT_ACTIVATION_COMPLETE");\r
-}\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Activate Account</h2>\r
-\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
$templates = getTemplateFiles(); //Retrieve list of template files\r
$permissionData = fetchAllPermissions(); //Retrieve list of all permission levels\r
require_once("models/header.php");\r
+startPage();\r
\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Configuration</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
+echo notificationBlock($errors,$successes);\r
\r
echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
+<div class='widget'><div class='title'>Site details</div>";\r
\r
echo "\r
<div id='regbox'>\r
<input type='submit' name='Submit' value='Submit' />\r
</form>\r
</div>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+</div>";\r
+\r
+finishPage();\r
\r
?>\r
http://usercake.com\r
*/\r
\r
+//what a bunch of spaghetti code\r
+\r
require_once("models/config.php");\r
if (!securePage($_SERVER['PHP_SELF'])){die();}\r
$pageId = $_GET['id'];\r
$permissionData = fetchAllPermissions();\r
\r
require_once("models/header.php");\r
+startPage();\r
\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Page</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
+echo notificationBlock($errors, $successes);\r
\r
-echo "\r
+echo '\r
+<div class="widget">\r
+<div class="right">\r
+ Page ID '.$pageDetails['id'].'\r
</div>\r
-<div id='main'>";\r
\r
-echo resultBlock($errors,$successes);\r
+<div class="title">Manage page "'.$pageDetails['page'].'"</div>\r
\r
+<div class="sub-title">Access control list</div>';\r
echo "\r
-<form name='adminPage' action='".$_SERVER['PHP_SELF']."?id=".$pageId."' method='post'>\r
+<form name='adminPage' class='nice clear' action='".$_SERVER['PHP_SELF']."?id=".$pageId."' method='post'>\r
<input type='hidden' name='process' value='1'>\r
-<table class='admin'>\r
-<tr><td>\r
-<h3>Page Information</h3>\r
-<div id='regbox'>\r
-<p>\r
-<label>ID:</label>\r
-".$pageDetails['id']."\r
-</p>\r
-<p>\r
-<label>Name:</label>\r
-".$pageDetails['page']."\r
-</p>\r
-<p>\r
-<label>Private:</label>";\r
+\r
+<table class='admin left lines'>\r
+<tr>\r
+ <th class=''>Swap</th>\r
+ <th class=''>Has access</th>\r
+ <th class=''>Does not have access</th>\r
+</tr>\r
+";\r
+\r
+foreach ($permissionData as $v) {\r
+ echo "<tr>";\r
+ if(isset($pagePermissions[$v['id']])) {\r
+ echo "<td><input type='checkbox' name='removePermission[".$v['id']."]' id='removePermission[".$v['id']."]' value='".$v['id']."'></td>";\r
+ echo "<td>".$v['name']."</td><td></td>";\r
+ } else {\r
+ echo "<td><input type='checkbox' name='addPermission[".$v['id']."]' id='addPermission[".$v['id']."]' value='".$v['id']."</td>'>";\r
+ echo "<td></td><td>".$v['name']."</td>";\r
+ }\r
+ \r
+ echo "</tr>";\r
+}\r
+\r
+echo "\r
+</table>\r
+\r
+<p class='left'>\r
+<label for='private'>Private page:</label>";\r
\r
//Display private checkbox\r
if ($pageDetails['private'] == 1){\r
\r
echo "\r
</p>\r
-</div></td><td>\r
-<h3>Page Access</h3>\r
-<div id='regbox'>\r
-<p>\r
-Remove Access:";\r
-\r
-//Display list of permission levels with access\r
-foreach ($permissionData as $v1) {\r
- if(isset($pagePermissions[$v1['id']])){\r
- echo "<br><input type='checkbox' name='removePermission[".$v1['id']."]' id='removePermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
- }\r
-}\r
-\r
-echo"\r
-</p><p>Add Access:";\r
\r
-//Display list of permission levels without access\r
-foreach ($permissionData as $v1) {\r
- if(!isset($pagePermissions[$v1['id']])){\r
- echo "<br><input type='checkbox' name='addPermission[".$v1['id']."]' id='addPermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
- }\r
-}\r
-\r
-echo"\r
-</p>\r
-</div>\r
-</td>\r
-</tr>\r
-</table>\r
-<p>\r
+<p class='right'>\r
<label> </label>\r
<input type='submit' value='Update' class='submit' />\r
</p>\r
</form>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+";\r
+\r
+echo "\r
+</div>";\r
+\r
+finishPage();\r
\r
?>\r
*/\r
\r
require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+if (!securePage($_SERVER['PHP_SELF'])){header("Location: login.php"); die();}\r
\r
$pages = getPageFiles(); //Retrieve list of pages in root usercake folder\r
$dbpages = fetchAllPages(); //Retrieve list of pages in pages table\r
$dbpages = fetchAllPages();\r
\r
require_once("models/header.php");\r
+startPage();\r
\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Pages</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>\r
-<table class='admin'>\r
-<tr><th>Id</th><th>Page</th><th>Access</th></tr>";\r
+echo '\r
+<div class="widget">\r
+<div class="title">Page visibilities</div>\r
+<table class="admin left lines">\r
+<tr><th>Id</th><th>Page</th><th>Visibility</th></tr>';\r
\r
//Display list of pages\r
foreach ($dbpages as $page){\r
\r
echo "\r
</table>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+</div>";\r
+\r
+finishPage();\r
\r
?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-$permissionId = $_GET['id'];\r
-\r
-//Check if selected permission level exists\r
-if(!permissionIdExists($permissionId)){\r
- header("Location: admin_permissions.php"); die(); \r
-}\r
-\r
-$permissionDetails = fetchPermissionDetails($permissionId); //Fetch information specific to permission level\r
-\r
-//Forms posted\r
-if(!empty($_POST)){\r
- \r
- //Delete selected permission level\r
- if(!empty($_POST['delete'])){\r
- $deletions = $_POST['delete'];\r
- if ($deletion_count = deletePermission($deletions)){\r
- $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR"); \r
- }\r
- }\r
- else\r
- {\r
- //Update permission level name\r
- if($permissionDetails['name'] != $_POST['name']) {\r
- $permission = trim($_POST['name']);\r
- \r
- //Validate new name\r
- if (permissionNameExists($permission)){\r
- $errors[] = lang("ACCOUNT_PERMISSIONNAME_IN_USE", array($permission));\r
- }\r
- elseif (minMaxRange(1, 50, $permission)){\r
- $errors[] = lang("ACCOUNT_PERMISSION_CHAR_LIMIT", array(1, 50)); \r
- }\r
- else {\r
- if (updatePermissionName($permissionId, $permission)){\r
- $successes[] = lang("PERMISSION_NAME_UPDATE", array($permission));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- }\r
- \r
- //Remove access to pages\r
- if(!empty($_POST['removePermission'])){\r
- $remove = $_POST['removePermission'];\r
- if ($deletion_count = removePermission($permissionId, $remove)) {\r
- $successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- \r
- //Add access to pages\r
- if(!empty($_POST['addPermission'])){\r
- $add = $_POST['addPermission'];\r
- if ($addition_count = addPermission($permissionId, $add)) {\r
- $successes[] = lang("PERMISSION_ADD_USERS", array($addition_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- \r
- //Remove access to pages\r
- if(!empty($_POST['removePage'])){\r
- $remove = $_POST['removePage'];\r
- if ($deletion_count = removePage($remove, $permissionId)) {\r
- $successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- \r
- //Add access to pages\r
- if(!empty($_POST['addPage'])){\r
- $add = $_POST['addPage'];\r
- if ($addition_count = addPage($add, $permissionId)) {\r
- $successes[] = lang("PERMISSION_ADD_PAGES", array($addition_count));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- $permissionDetails = fetchPermissionDetails($permissionId);\r
- }\r
-}\r
-\r
-$pagePermissions = fetchPermissionPages($permissionId); //Retrieve list of accessible pages\r
-$permissionUsers = fetchPermissionUsers($permissionId); //Retrieve list of users with membership\r
-$userData = fetchAllUsers(); //Fetch all users\r
-$pageData = fetchAllPages(); //Fetch all pages\r
-\r
-require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Permissions</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<form name='adminPermission' action='".$_SERVER['PHP_SELF']."?id=".$permissionId."' method='post'>\r
-<table class='admin'>\r
-<tr><td>\r
-<h3>Permission Information</h3>\r
-<div id='regbox'>\r
-<p>\r
-<label>ID:</label>\r
-".$permissionDetails['id']."\r
-</p>\r
-<p>\r
-<label>Name:</label>\r
-<input type='text' name='name' value='".$permissionDetails['name']."' />\r
-</p>\r
-<label>Delete:</label>\r
-<input type='checkbox' name='delete[".$permissionDetails['id']."]' id='delete[".$permissionDetails['id']."]' value='".$permissionDetails['id']."'>\r
-</p>\r
-</div></td><td>\r
-<h3>Permission Membership</h3>\r
-<div id='regbox'>\r
-<p>\r
-Remove Members:";\r
-\r
-//List users with permission level\r
-foreach ($userData as $v1) {\r
- if(isset($permissionUsers[$v1['id']])){\r
- echo "<br><input type='checkbox' name='removePermission[".$v1['id']."]' id='removePermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['display_name'];\r
- }\r
-}\r
-\r
-echo"\r
-</p><p>Add Members:";\r
-\r
-//List users without permission level\r
-foreach ($userData as $v1) {\r
- if(!isset($permissionUsers[$v1['id']])){\r
- echo "<br><input type='checkbox' name='addPermission[".$v1['id']."]' id='addPermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['display_name'];\r
- }\r
-}\r
-\r
-echo"\r
-</p>\r
-</div>\r
-</td>\r
-<td>\r
-<h3>Permission Access</h3>\r
-<div id='regbox'>\r
-<p>\r
-Public Access:";\r
-\r
-//List public pages\r
-foreach ($pageData as $v1) {\r
- if($v1['private'] != 1){\r
- echo "<br>".$v1['page'];\r
- }\r
-}\r
-\r
-echo"\r
-</p>\r
-<p>\r
-Remove Access:";\r
-\r
-//List pages accessible to permission level\r
-foreach ($pageData as $v1) {\r
- if(isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){\r
- echo "<br><input type='checkbox' name='removePage[".$v1['id']."]' id='removePage[".$v1['id']."]' value='".$v1['id']."'> ".$v1['page'];\r
- }\r
-}\r
-\r
-echo"\r
-</p><p>Add Access:";\r
-\r
-//List pages inaccessible to permission level\r
-foreach ($pageData as $v1) {\r
- if(!isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){\r
- echo "<br><input type='checkbox' name='addPage[".$v1['id']."]' id='addPage[".$v1['id']."]' value='".$v1['id']."'> ".$v1['page'];\r
- }\r
-}\r
-\r
-echo"\r
-</p>\r
-</div>\r
-</td>\r
-</tr>\r
-</table>\r
-<p>\r
-<label> </label>\r
-<input type='submit' value='Update' class='submit' />\r
-</p>\r
-</form>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Forms posted\r
-if(!empty($_POST))\r
-{\r
- //Delete permission levels\r
- if(!empty($_POST['delete'])){\r
- $deletions = $_POST['delete'];\r
- if ($deletion_count = deletePermission($deletions)){\r
- $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));\r
- }\r
- }\r
- \r
- //Create new permission level\r
- if(!empty($_POST['newPermission'])) {\r
- $permission = trim($_POST['newPermission']);\r
- \r
- //Validate request\r
- if (permissionNameExists($permission)){\r
- $errors[] = lang("PERMISSION_NAME_IN_USE", array($permission));\r
- }\r
- elseif (minMaxRange(1, 50, $permission)){\r
- $errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50)); \r
- }\r
- else{\r
- if (createPermission($permission)) {\r
- $successes[] = lang("PERMISSION_CREATION_SUCCESSFUL", array($permission));\r
- }\r
- else {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- }\r
- }\r
-}\r
-\r
-$permissionData = fetchAllPermissions(); //Retrieve list of all permission levels\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Permissions</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<form name='adminPermissions' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<table class='admin'>\r
-<tr>\r
-<th>Delete</th><th>Permission Name</th>\r
-</tr>";\r
-\r
-//List each permission level\r
-foreach ($permissionData as $v1) {\r
- echo "\r
- <tr>\r
- <td><input type='checkbox' name='delete[".$v1['id']."]' id='delete[".$v1['id']."]' value='".$v1['id']."'></td>\r
- <td><a href='admin_permission.php?id=".$v1['id']."'>".$v1['name']."</a></td>\r
- </tr>";\r
-}\r
-\r
-echo "\r
-</table>\r
-<p>\r
-<label>Permission Name:</label>\r
-<input type='text' name='newPermission' />\r
-</p> \r
-<input type='submit' name='Submit' value='Submit' />\r
-</form>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
require_once("models/config.php");
if (!securePage($_SERVER['PHP_SELF'])){die();}
-require_once("models/header.php");
-
-$text_area="# Rows starting with '#' are ignored. Rows are of the form:\n# username, Full Name, email";
+$text_area="# Rows starting with '#' are ignored. Rows are of the form:\n# Username, Full Name, Email[, Title]";
$show_form = true;
}
else if ($_POST['action'] === "Upload") // Upload users in the text area
{
-
+\r
+ if ($_POST['upload_mode'] === "purge")\r
+ {\r
+ $to_delete = fetchAllUsersWithoutPerm("Administrator");\r
+ if (count($to_delete) > 0)\r
+ {\r
+ if ($deletion_count = deleteUsers($to_delete)) {\r
+ $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));\r
+ }\r
+ else {\r
+ $errors[] = lang("SQL_ERROR");\r
+ }\r
+ }\r
+ }\r
+
$text_area = $_POST['userUpload'];
-
// Iterate through each row
$all_rows=preg_split("/((\r?\n)|(\r\n?))/", $_POST['userUpload']);
-
-
-
foreach ($all_rows as $row)
{
if (empty($row) or $row[0] === '#')
continue;
- $errors = array();
-
- $fields = preg_split("/,/", $row);
-
- $user_name = trim($fields[0]);
- $display_name = trim($fields[1]);
- $email = trim($fields[2]);
+ $fields = preg_split("/,/", $row);\r
+ if(count($fields) < 3)\r
+ {\r
+ $errors[] = "Warning: Ignoring row not in correct format: ".htmlspecialchars($row);\r
+ continue;\r
+ }\r
+
+ $username = trim($fields[0]);
+ $displayname = trim($fields[1]);
+ $email = trim($fields[2]);\r
+ $title = trim($fields[3]);\r
+ \r
+ if(!isValidEmail($email))\r
+ {\r
+ $errors[] = "Enter a valid email for row: ".htmlspecialchars($row);\r
+ continue;\r
+ }\r
+
// generate the temporary password
$password = generatePassword();
-
- if(count($errors) == 0)
- {
- //Construct a user object
- $user = new User($username,$displayname,$password,$email);
-
- //Checking this flag tells us whether there were any errors such as possible data duplication occured
- if(!$user->status)
- {
- if($user->username_taken) $errors[] = lang("ACCOUNT_USERNAME_IN_USE",array($username));
- if($user->displayname_taken) $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname));
- if($user->email_taken) $errors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email));
- }
- else
- {
- //Attempt to add the user to the database, carry out finishing tasks like emailing the user (if required)
- if(!$user->userCakeAddUser())
- {
- if($user->mail_failure) $errors[] = lang("MAIL_ERROR");
- if($user->sql_failure) $errors[] = lang("SQL_ERROR");
- }
- }
+ //Construct a user object
+ $user = new User($username,$displayname,$password,$email);
+
+ //Checking this flag tells us whether there were any errors such as possible data duplication occured
+ if(!$user->status)
+ {
+ if($user->username_taken) $localerrors[] = lang("ACCOUNT_USERNAME_IN_USE",array($username));
+ if($user->displayname_taken) $localerrors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname));
+ if($user->email_taken) $localerrors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email));
}
- if(count($errors) == 0)
+ else
{
- $successes[] = $user->success;
+ //Attempt to add the user to the database, carry out finishing tasks like emailing the user (if required)
+ $user->userCakeAddUser(); //This doesn't return anything itself
+
+ if($user->mail_failure) $localerrors[] = lang("MAIL_ERROR");
+ if($user->sql_failure) $localerrors[] = lang("SQL_ERROR");
+ \r
+ if(strlen($title) >= 50)\r
+ {\r
+ $localerrors[] = "Warning: User".$username." added but failed to set title: ".lang("ACCOUNT_TITLE_CHAR_LIMIT",array(1,50));\r
+ }\r
+ else if (count($localerrors) == 0 && strlen($title) > 0)\r
+ {\r
+ $user_id = fetchUserId($username); //So stupid, when you create a user, it doesn't return the user id\r
+ if (!updateTitle($user_id, $title))\r
+ {\r
+ $localerrors[] = "Warning: User ".$username." added but failed to set title: ". lang("SQL_ERROR");\r
+ }\r
+ }
}
- echo resultBlock($errors,$successes);
- }
+ if(count($localerrors) == 0)
+ {\r
+ $users[] = [$username, $password]; //Push user onto array
+ //$successes[] = ($user->success);
+ }\r
+ else\r
+ {\r
+ $errors = array_merge($errors, $localerrors);\r
+ }
-
-
-
-
+ }
+ \r
+ if(count($users) > 0)\r
+ {\r
+ $successes[] = (count($users)." users created.");\r
+ $successes[] = ("The list of usernames and passwords follow. You must save this!");\r
+ foreach($users as $user)\r
+ {\r
+ $successes[] = $user[0].",".$user[1];\r
+ }\r
+ }
}
-}
+}\r
+\r
+require_once("models/header.php");\r
+startPage();\r
+\r
+echo notificationBlock($errors,$successes);\r
+\r
+echo '<div class="widget"><div class="title">Upload users</div>';
if ($show_form)
{
<input type=\"submit\" name=\"action\" value=\"Reset\"/>
<p> Enter or copy/paste user information below (resize the text area if necessary): </p>
<p>
- <textarea name=\"userUpload\" rows=\"50\" cols=\"100\">".$text_area."</textarea> </p>
+ <textarea name=\"userUpload\" rows=\"50\" cols=\"100\" style=\"width: 100%\">".$text_area."</textarea> </p>
</form>";
-}
+}\r
+\r
+echo '</div>';\r
+finishPage();
?>
$permissionData = fetchAllPermissions();\r
\r
require_once("models/header.php");\r
+startPage();\r
\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin User</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
+echo notificationBlock($errors,$successes);\r
\r
echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
+<div class='widget'><div class='title centre'>User administration</div>";\r
\r
echo "\r
<form name='adminUser' action='".$_SERVER['PHP_SELF']."?id=".$userId."' method='post'>\r
<table class='admin'><tr><td>\r
-<h3>User Information</h3>\r
<div id='regbox'>\r
<p>\r
<label>ID:</label>\r
<input type='text' name='email' value='".$userdetails['email']."' />\r
</p>\r
<p>\r
-<label>Active:</label>";\r
+<label>Active: </label>";\r
\r
//Display activation link, if account inactive\r
if ($userdetails['active'] == '1'){\r
".date("j M, Y", $userdetails['sign_up_stamp'])."\r
</p>\r
<p>\r
-<label>Last Sign In:</label>";\r
+<label>Last Sign In: </label>";\r
\r
//Last sign in, interpretation\r
if ($userdetails['last_sign_in_stamp'] == '0'){\r
</table>\r
</form>\r
</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+";\r
+\r
+finishPage();\r
\r
?>\r
$userData = fetchAllUsers(); //Fetch information for all users\r
\r
require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Users</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
+startPage();\r
\r
+echo notificationBlock($errors,$successes);\r
echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
+<div class='widget'><div class='title'>User list</div>";\r
\r
echo "\r
<form name='adminUsers' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<table class='admin'>\r
+<table class='admin left'>\r
<tr>\r
<th>Delete</th><th>Username</th><th>Display Name</th><th>Title</th><th>Last Sign In</th>\r
</tr>";\r
</table>\r
<input type='submit' name='Submit' value='Delete' />\r
</form>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+</div>";\r
+\r
+finishPage();\r
\r
?>\r
\r
require_once("models/config.php");\r
if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+if (isUserLoggedIn()){header("Location: index.php"); die();}\r
\r
//User has confirmed they want their password changed \r
if(!empty($_GET["confirm"]))\r
}\r
\r
require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Forgot Password</h2>\r
-<div id='left-nav'>";\r
+startPage();\r
\r
-include("left-nav.php");\r
+//echo notificationBlock($errors,$successes);\r
\r
echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
+<div id='login-container'>\r
+<div class='widget'><div class='title centre'>Forgot password</div>";\r
\r
echo "\r
<div id='regbox'>\r
<p>\r
<label> </label>\r
<input type='submit' value='Submit' class='submit' />\r
-</p>\r
+</p>";\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
</form>\r
</div>\r
</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+</div>";\r
+\r
+finishPage();\r
\r
?>\r
*/\r
\r
require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-require_once("models/header.php");\r
+if (!isUserLoggedIn()) { header("Location: login.php"); die();}\r
\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>2.00</h2>\r
-<div id='left-nav'>";\r
-include("left-nav.php");\r
+require_once("models/header.php");\r
+startPage();\r
+echo '\r
+ <div class="widget">\r
+ <div class="title centre">Welcome!</div>\r
+ <p>\r
+ This is the administration site for this site. Here, you can manage\r
+ the list of users who has access to this site.\r
+ </p>\r
+ <p>\r
+ <!-- blah blah blah -->\r
+ </p>\r
+ </div>\r
+';\r
\r
-echo "\r
-</div>\r
-<div id='main'>\r
-<p>Thank you for downloading UserCake. 100% Free and Opensource.</p>\r
-<p>Copyright (c) 2009-2012</p>\r
-<p>Permission is hereby granted, free of charge, to any person obtaining a copy\r
-of this software and associated documentation files (the 'Software'), to deal\r
-in the Software without restriction, including without limitation the rights\r
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\r
-copies of the Software, and to permit persons to whom the Software is\r
-furnished to do so, subject to the following conditions:</p>\r
-<p>The above copyright notice and this permission notice shall be included in\r
-all copies or substantial portions of the Software.</p>\r
-<p>THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\r
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\r
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\r
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\r
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\r
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\r
-THE SOFTWARE.</p>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+finishPage();\r
\r
?>\r
http://usercake.com\r
*/\r
\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+if (isUserLoggedIn()) {\r
\r
-//Links for logged in user\r
-if(isUserLoggedIn()) {\r
- echo "\r
- <ul>\r
- <li><a href='account.php'>Account Home</a></li>\r
- <li><a href='user_settings.php'>User Settings</a></li>\r
- <li><a href='logout.php'>Logout</a></li>\r
- </ul>";\r
- \r
- //Links for permission level 2 (default admin)\r
- if ($loggedInUser->checkPermission(array(2))){\r
- echo "\r
- <ul>\r
- <li><a href='admin_configuration.php'>Admin Configuration</a></li>\r
- <li><a href='admin_users.php'>Admin Users</a></li>\r
- <li><a href='admin_permissions.php'>Admin Permissions</a></li>\r
- <li><a href='admin_pages.php'>Admin Pages</a></li>\r
- </ul>";\r
- }\r
-} \r
-//Links for users not logged in\r
-else {\r
- echo "\r
- <ul>\r
- <li><a href='index.php'>Home</a></li>\r
- <li><a href='login.php'>Login</a></li>\r
- <li><a href='register.php'>Register</a></li>\r
- <li><a href='forgot-password.php'>Forgot Password</a></li>";\r
- if ($emailActivation)\r
- {\r
- echo "<li><a href='resend-activation.php'>Resend Activation Email</a></li>";\r
- }\r
- echo "</ul>";\r
+echo '\r
+ <div id="sidebar">\r
+ ';\r
+\r
+ //Is admin\r
+if ($loggedInUser->checkPermission(array(2))){\r
+ echo '\r
+ <div class="widget">\r
+ <div class="title">Site Administration</div>\r
+ <div id="sidebar-menu" class="nav-menu">\r
+ <ul>\r
+ <li><a href="index.php"><span>Home</span></a></li>\r
+ <li><a href="admin_users.php"><span>Manage user list</span></a></li>\r
+ <li><a href="admin_upload_users.php"><span>Upload new users</span></a></li>\r
+ <li><a href="admin_pages.php"><span>Manage visible pages</span></a></li>\r
+ <li><a href="admin_configuration.php"><span>Manage site details</span></a></li>\r
+ <li><a href="user_change_details.php"><span>Change your password</span></a></li>\r
+ </ul>\r
+ </div>\r
+ </div>\r
+ ';\r
}\r
\r
+\r
+echo $custom_sidebar.'\r
+ </div>\r
+ <!-- End sidebar -->\r
+';\r
+\r
+}\r
?>\r
if (!securePage($_SERVER['PHP_SELF'])){die();}\r
\r
//Prevent the user visiting the logged in page if he/she is already logged in\r
-if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
+if(isUserLoggedIn()) { header("Location: index.php"); die(); }\r
\r
//Forms posted\r
if(!empty($_POST))\r
//Hash the password and use the salt from the database to compare the password.\r
$entered_pass = generateHash($password,$userdetails["password"]);\r
\r
- echo "".$userdetails["password"];\r
+ //echo "".$userdetails["password"]; //Wut is dis\r
\r
if($entered_pass != $userdetails["password"])\r
{\r
$loggedInUser->displayname = $userdetails["display_name"];\r
$loggedInUser->username = $userdetails["user_name"];\r
\r
- //Update last sign in\r
- $loggedInUser->updateLastSignIn();\r
- $_SESSION["userCakeUser"] = $loggedInUser;\r
- \r
- //Redirect to user account page\r
- header("Location: account.php");\r
- die();\r
+ //Only allow login to admins\r
+ if ($loggedInUser->checkPermission(array(2)))\r
+ {\r
+ //Update last sign in\r
+ $loggedInUser->updateLastSignIn();\r
+ \r
+ $_SESSION["userCakeUser"] = $loggedInUser;\r
+ \r
+ //Redirect to user account page\r
+ header("Location: index.php");\r
+ die();\r
+ }\r
+ else\r
+ {\r
+ $errors[] = ("You are no admin :(");\r
+ }\r
}\r
}\r
}\r
}\r
\r
require_once("models/header.php");\r
+startPage();\r
\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Login</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
+echo '\r
+ <div id="login-container">\r
+ <div class="widget">\r
+ <div class="title">Notice</div>\r
+ This is the login page for site administration.<br>If you wish to log in\r
+ to the main web-site, see <a href="..">here instead</a>.\r
+ </div>\r
+ <div class="widget">\r
+ <form id="login" name="login" action="'.$_SERVER["PHP_SELF"].'" method="post">\r
+ <p>\r
+ <label>\r
+ Username<br>\r
+ <input name="username" type="text">\r
+ </label>\r
+ </p>\r
+ <p>\r
+ <label>\r
+ Password<br>\r
+ <input name="password" type="password">\r
+ </label> \r
+ </p>\r
+ <p style="float:left; margin:0;">\r
+ <a href="forgot-password.php">Forgotten password?</a><br>\r
+ <a href="register.php">Register</a>\r
+ </p>\r
+ <p style="float:right; margin:0;">\r
+ <input type="submit" value="Log In">\r
+ </p>\r
+';\r
echo resultBlock($errors,$successes);\r
+echo '\r
+ </form>\r
+ </div>\r
+ </div>\r
+ ';\r
\r
-echo "\r
-<div id='regbox'>\r
-<form name='login' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<p>\r
-<label>Username:</label>\r
-<input type='text' name='username' />\r
-</p>\r
-<p>\r
-<label>Password:</label>\r
-<input type='password' name='password' />\r
-</p>\r
-<p>\r
-<label> </label>\r
-<input type='submit' value='Login' class='submit' />\r
-</p>\r
-</form>\r
-</div>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+finishPage();\r
\r
?>\r
$loggedInUser->userLogOut();\r
}\r
\r
+/*\r
if(!empty($websiteUrl)) \r
{\r
$add_http = "";\r
die();\r
}\r
else\r
-{\r
- header("Location: http://".$_SERVER['HTTP_HOST']);\r
+{*/\r
+ header("Location: login.php");//http://".$_SERVER['HTTP_HOST']);\r
die();\r
-} \r
+/*}*/ \r
\r
?>\r
\r
//Error block\r
if(count($errors) > 0)\r
{\r
- echo "<div id='error'>\r
- <a href='#' onclick=\"showHide('error');\">[X]</a>\r
- <ul>";\r
+ echo "<div id='result' class='fail'>";\r
+ \r
foreach($errors as $error)\r
{\r
- echo "<li>".$error."</li>";\r
+ echo "<p>".$error."</p>";\r
}\r
- echo "</ul>";\r
echo "</div>";\r
}\r
//Success block\r
if(count($successes) > 0)\r
{\r
- echo "<div id='success'>\r
- <a href='#' onclick=\"showHide('success');\">[X]</a>\r
- <ul>";\r
+ echo "<div id='success'>";\r
foreach($successes as $success)\r
{\r
- echo "<li>".$success."</li>";\r
+ echo "<p>".$success."</li>";\r
}\r
- echo "</ul>";\r
echo "</div>";\r
}\r
}\r
\r
+function notificationBlock($errors, $successes) {\r
+ if (count($errors) > 0 || count($successes) > 0)\r
+ {\r
+ echo '\r
+ <div class="widget dismiss-container">\r
+ <div class="dismiss right">\r
+ <a href="#">Dismiss</a>\r
+ </div>\r
+ \r
+ <div class="title large">Notifications</div>\r
+ ';\r
+ \r
+ foreach ($errors as $error)\r
+ {\r
+ echo '<p class="fail">'.$error.'</p>';\r
+ }\r
+ \r
+ foreach ($successes as $success)\r
+ {\r
+ echo '<p>'.$success.'</p>';\r
+ }\r
+ \r
+ echo '\r
+ </div>\r
+ <script type="text/javascript">\r
+ $(".dismiss").click(function() {\r
+ $(".dismiss-container").css("display", "none");\r
+ })\r
+ </script>\r
+ ';\r
+ }\r
+}\r
+\r
//Completely sanitizes text\r
function sanitize($str)\r
{\r
}\r
}\r
\r
+function permissionNameToId($permission)\r
+{\r
+ global $mysqli,$db_table_prefix;\r
+ $stmt = $mysqli->prepare("SELECT id\r
+ FROM ".$db_table_prefix."permissions\r
+ WHERE\r
+ name = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("s", $permission); \r
+ $stmt->execute();\r
+ $stmt->bind_result($id);\r
+ \r
+ while ($stmt->fetch()){\r
+ $perm_id = $id;\r
+ }\r
+ $stmt->close();\r
+ \r
+ return $perm_id;\r
+}\r
+\r
+function fetchAllUsersWithPerm($perm_name)\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ \r
+ $perm_id = permissionNameToId($perm_name);\r
+ $stmt = $mysqli->prepare("SELECT \r
+ p1.id\r
+ FROM ".$db_table_prefix."users p1\r
+ WHERE EXISTS (SELECT * FROM ".$db_table_prefix."user_permission_matches\r
+ WHERE user_id=p1.id AND permission_id=?)"\r
+ );\r
+ $stmt->bind_param("i", $perm_id); \r
+ $stmt->execute();\r
+ $stmt->bind_result($id);\r
+ \r
+ while ($stmt->fetch()){\r
+ $row[] = $id;\r
+ }\r
+ $stmt->close();\r
+ return ($row);\r
+}\r
+\r
+function fetchAllUsersWithoutPerm($perm_name)\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ \r
+ $perm_id = permissionNameToId($perm_name);\r
+ $stmt = $mysqli->prepare("SELECT \r
+ p1.id\r
+ FROM ".$db_table_prefix."users p1\r
+ WHERE NOT EXISTS (SELECT * FROM ".$db_table_prefix."user_permission_matches\r
+ WHERE user_id=p1.id AND permission_id=?)"\r
+ );\r
+ $stmt->bind_param("i", $perm_id); \r
+ $stmt->execute();\r
+ $stmt->bind_result($id);\r
+ \r
+ while ($stmt->fetch()){\r
+ $row[] = $id;\r
+ }\r
+ $stmt->close();\r
+ return ($row);\r
+}\r
+\r
//Retrieve information for all users\r
function fetchAllUsers()\r
{\r
return ($row);\r
}\r
\r
+//Yeah usercake... Fetches the user id from username\r
+function fetchUserId($username)\r
+{\r
+ global $mysqli,$db_table_prefix; \r
+ $stmt = $mysqli->prepare("SELECT \r
+ id\r
+ FROM ".$db_table_prefix."users\r
+ WHERE\r
+ user_name = ?\r
+ LIMIT 1");\r
+ $stmt->bind_param("s", $username);\r
+ \r
+ $stmt->execute();\r
+ $stmt->bind_result($id);\r
+ while ($stmt->fetch()){\r
+ $user_id = $id;\r
+ }\r
+ $stmt->close();\r
+ return $user_id;\r
+}\r
+\r
//Retrieve complete user information by username, token or ID\r
function fetchUserDetails($username=NULL,$token=NULL, $id=NULL)\r
{\r
return true;\r
}\r
else {\r
- header("Location: account.php");\r
+ header("Location: index.php");\r
return false; \r
}\r
}\r
UserCake Version: 2.0.2\r
http://usercake.com\r
*/\r
-echo "\r
- <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>\r
- <html xmlns='http://www.w3.org/1999/xhtml'>\r
+\r
+//Variables to set:\r
+//$custom_header_scripts\r
+//$custom_sidebar\r
+\r
+function startPage() {\r
+global $loggedInUser;\r
+\r
+echo '\r
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">\r
+<html>\r
<head>\r
- <meta http-equiv='Content-Type' content='text/html; charset=utf-8' />\r
- <title>".$websiteName."</title>\r
- <link href='".$template."' rel='stylesheet' type='text/css' />\r
- <script src='models/funcs.js' type='text/javascript'>\r
- </script>\r
+ <title>MCTX3420 Web Interface</title>\r
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">\r
+ <link rel="stylesheet" type="text/css" href="../static/style.css">\r
+ <link rel="stylesheet" type="text/css" href="../static/nav-menu.css">\r
+ \r
+ <script type="text/javascript" src="../static/jquery-1.10.1.min.js"></script>\r
+ \r
+ '.$custom_header_scripts.'\r
</head>\r
- <body>";\r
-\r
-/**\r
- * Make the remainder of the page\r
- */\r
-function createPage($title)\r
-{\r
- echo "\r
- <div id='wrapper'>\r
- <div id='top'><div id='logo'></div></div>\r
- <div id='content'>\r
- <h1>User Managment</h1>\r
- <h2>$title</h2>\r
- <div id='left-nav'>";\r
-\r
- include("left-nav.php");\r
-\r
- echo "\r
- </div>\r
- <div id='main'>";\r
+ \r
+ <body>\r
+ <div id="header-wrap">\r
+ <div id="header">\r
+ <div id="leftnav">\r
+ <a href="http://www.uwa.edu.au/" target="_blank">\r
+ <img alt = "The University of Western Australia"\r
+ src="../static/uwacrest-text.png">\r
+ </a>\r
+ <span id="title">Site Administration</span>\r
+ </div>\r
+ <div id="rightnav">\r
+ ';\r
+ if (isUserLoggedIn()) {\r
+echo '\r
+ <span id="welcome-container">\r
+ Welcome, '.$loggedInUser->displayname.'\r
+ </span>\r
+';\r
+}\r
+echo '\r
+ <span id="date">'.date("D d M Y").'\r
+ </span>\r
+';\r
+\r
+if(isUserLoggedIn()) {\r
+ echo '\r
+ <div id="users-logout-container">\r
+ <form action="logout.php">\r
+ <div>\r
+ <input type="submit" id="logout-users" value="Logout">\r
+ </div>\r
+ </form>\r
+ </div>\r
+ ';\r
+}\r
+\r
+echo '\r
+ </div>\r
+ <div class="clear"></div>\r
+ </div>\r
+ </div>\r
+ <!-- End header -->\r
+ \r
+ <div id="content-wrap">\r
+ <noscript>\r
+ <div class="widget centre">\r
+ <div class="title">JavaScript required</div>\r
+ This website requires JavaScript to function correctly.\r
+ Please enable JavaScript to use this site.\r
+ </div>\r
+ </noscript>\r
+\r
+ <div id="content">\r
+ ';\r
+ \r
+ require_once("left-nav.php");\r
+ if (isUserLoggedIn()) {\r
+ echo '\r
+ <div id="main">\r
+';\r
}\r
\r
+} //function startPage()\r
+\r
+\r
+function finishPage() {\r
+if (isUserLoggedIn()) {\r
+echo '\r
+ </div>\r
+ <!-- End main content -->\r
+';\r
+}\r
+\r
+echo '\r
+ </div>\r
+ </div>\r
+ </body>\r
+</html>\r
+';\r
+}\r
+\r
+\r
?>\r
if(!ctype_alnum($displayname)){\r
$errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");\r
}\r
- if(minMaxRange(8,50,$password) && minMaxRange(8,50,$confirm_pass))\r
+ if(minMaxRange(6,50,$password) && minMaxRange(6,50,$confirm_pass))\r
{\r
- $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT",array(8,50));\r
+ $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT",array(6,50));\r
}\r
else if($password != $confirm_pass)\r
{\r
}\r
\r
require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Register</h2>\r
+startPage();\r
\r
-<div id='left-nav'>";\r
-include("left-nav.php");\r
echo "\r
-</div>\r
-\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
+<div class='widget' id='login-container'><div class='title centre'>User registration</div>";\r
\r
echo "\r
-<div id='regbox'>\r
+<div id=''>\r
<form name='newUser' action='".$_SERVER['PHP_SELF']."' method='post'>\r
\r
<p>\r
<label>Email:</label>\r
<input type='text' name='email' />\r
</p>\r
+\r
<p>\r
<label>Security Code:</label>\r
<img src='models/captcha.php'>\r
</p>\r
+<p>\r
<label>Enter Security Code:</label>\r
<input name='captcha' type='text'>\r
</p>\r
-<label> <br>\r
+<p class='right'>\r
+<label> </label>\r
<input type='submit' value='Register'/>\r
-</p>\r
+</p>";\r
\r
+echo resultBlock($errors,$successes);\r
+echo "\r
</form>\r
</div>\r
\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+</div>";\r
+\r
+finishPage();\r
?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Forms posted\r
-if(!empty($_POST) && $emailActivation)\r
-{\r
- $email = $_POST["email"];\r
- $username = $_POST["username"];\r
- \r
- //Perform some validation\r
- //Feel free to edit / change as required\r
- if(trim($email) == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");\r
- }\r
- //Check to ensure email is in the correct format / in the db\r
- else if(!isValidEmail($email) || !emailExists($email))\r
- {\r
- $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
- }\r
- \r
- if(trim($username) == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
- }\r
- else if(!usernameExists($username))\r
- {\r
- $errors[] = lang("ACCOUNT_INVALID_USERNAME");\r
- }\r
- \r
- if(count($errors) == 0)\r
- {\r
- //Check that the username / email are associated to the same account\r
- if(!emailUsernameLinked($email,$username))\r
- {\r
- $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");\r
- }\r
- else\r
- {\r
- $userdetails = fetchUserDetails($username);\r
- \r
- //See if the user's account is activation\r
- if($userdetails["active"]==1)\r
- {\r
- $errors[] = lang("ACCOUNT_ALREADY_ACTIVE");\r
- }\r
- else\r
- {\r
- if ($resend_activation_threshold == 0) {\r
- $hours_diff = 0;\r
- }\r
- else {\r
- $last_request = $userdetails["last_activation_request"];\r
- $hours_diff = round((time()-$last_request) / (3600*$resend_activation_threshold),0);\r
- }\r
- \r
- if($resend_activation_threshold!=0 && $hours_diff <= $resend_activation_threshold)\r
- {\r
- $errors[] = lang("ACCOUNT_LINK_ALREADY_SENT",array($resend_activation_threshold));\r
- }\r
- else\r
- {\r
- //For security create a new activation url;\r
- $new_activation_token = generateActivationToken();\r
- \r
- if(!updateLastActivationRequest($new_activation_token,$username,$email))\r
- {\r
- $errors[] = lang("SQL_ERROR");\r
- }\r
- else\r
- {\r
- $mail = new userCakeMail();\r
- \r
- $activation_url = $websiteUrl."activate-account.php?token=".$new_activation_token;\r
- \r
- //Setup our custom hooks\r
- $hooks = array(\r
- "searchStrs" => array("#ACTIVATION-URL","#USERNAME#"),\r
- "subjectStrs" => array($activation_url,$userdetails["display_name"])\r
- );\r
- \r
- if(!$mail->newTemplateMsg("resend-activation.txt",$hooks))\r
- {\r
- $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");\r
- }\r
- else\r
- {\r
- if(!$mail->sendMail($userdetails["email"],"Activate your ".$websiteName." Account"))\r
- {\r
- $errors[] = lang("MAIL_ERROR");\r
- }\r
- else\r
- {\r
- //Success, user details have been updated in the db now mail this information out.\r
- $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT");\r
- }\r
- }\r
- }\r
- }\r
- }\r
- }\r
- }\r
-}\r
-\r
-//Prevent the user visiting the logged in page if he/she is already logged in\r
-if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Resend Activation</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "<div id='regbox'>";\r
-\r
-//Show disabled if email activation not required\r
-if(!$emailActivation)\r
-{ \r
- echo lang("FEATURE_DISABLED");\r
-}\r
-else\r
-{\r
- echo "<form name='resendActivation' action='".$_SERVER['PHP_SELF']."' method='post'>\r
- <p>\r
- <label>Username:</label>\r
- <input type='text' name='username' />\r
- </p> \r
- <p>\r
- <label>Email:</label>\r
- <input type='text' name='email' />\r
- </p> \r
- <p>\r
- <label> </label>\r
- <input type='submit' value='Submit' class='submit' />\r
- </p>\r
- </form>";\r
-}\r
-\r
-echo "\r
-</div> \r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r
--- /dev/null
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Forms posted\r
+if(!empty($_POST))\r
+{\r
+ $errors = array();\r
+ $username = sanitize(trim($_POST["username"]));\r
+ $password = trim($_POST["password"]);\r
+ $password_new = trim($_POST["password_new"]);\r
+ $password_confirm = trim($_POST["password_confirm"]);\r
+ \r
+ //Perform some validation\r
+ //Feel free to edit / change as required\r
+ if($username == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
+ }\r
+ if($password == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
+ }\r
+\r
+ if(count($errors) == 0)\r
+ {\r
+ //A security note here, never tell the user which credential was incorrect\r
+ if(!usernameExists($username))\r
+ {\r
+ $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
+ }\r
+ else\r
+ {\r
+ $userdetails = fetchUserDetails($username);\r
+ //See if the user's account is activated\r
+ if($userdetails["active"]==0)\r
+ {\r
+ $errors[] = lang("ACCOUNT_INACTIVE");\r
+ }\r
+ else\r
+ {\r
+ //Hash the password and use the salt from the database to compare the password.\r
+ $entered_pass = generateHash($password,$userdetails["password"]);\r
+\r
+ //echo "".$userdetails["password"]; //Wut is dis\r
+ \r
+ if($entered_pass != $userdetails["password"])\r
+ {\r
+ //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing\r
+ $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
+ }\r
+ else\r
+ {\r
+ //Passwords match! we're good to go'\r
+ \r
+ //Construct a new logged in user object\r
+ //Transfer some db data to the session object\r
+ $loggedInUser = new loggedInUser();\r
+ $loggedInUser->email = $userdetails["email"];\r
+ $loggedInUser->user_id = $userdetails["id"];\r
+ $loggedInUser->hash_pw = $userdetails["password"];\r
+ $loggedInUser->title = $userdetails["title"];\r
+ $loggedInUser->displayname = $userdetails["display_name"];\r
+ $loggedInUser->username = $userdetails["user_name"];\r
+ \r
+ if(trim($password_new) == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");\r
+ }\r
+ else if(trim($password_confirm) == "")\r
+ {\r
+ $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");\r
+ }\r
+ else if(minMaxRange(6,50,$password_new))\r
+ { \r
+ $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(6,50));\r
+ }\r
+ else if($password_new != $password_confirm)\r
+ {\r
+ $errors[] = lang("ACCOUNT_PASS_MISMATCH");\r
+ }\r
+ \r
+ //End data validation\r
+ if(count($errors) == 0)\r
+ {\r
+ //Also prevent updating if someone attempts to update with the same password\r
+ $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw);\r
+ \r
+ if($entered_pass_new == $loggedInUser->hash_pw)\r
+ {\r
+ //Don't update, this fool is trying to update with the same password ¬¬\r
+ $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");\r
+ }\r
+ else\r
+ {\r
+ //This function will create the new hash and update the hash_pw property.\r
+ $loggedInUser->updatePassword($password_new);\r
+ $successes[] = lang("ACCOUNT_PASSWORD_UPDATED");\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+ }\r
+}\r
+\r
+if (isUserLoggedIn())\r
+{\r
+ //If not admin, log them out after pw change\r
+ if (!$loggedInUser->checkPermission(array(2)))\r
+ {\r
+ $loggedInUser->userLogOut();\r
+ }\r
+}\r
+\r
+require_once("models/header.php");\r
+startPage();\r
+\r
+echo '\r
+ <div id="login-container">\r
+ <div class="widget">\r
+ <div class="title centre">Change of password</div>\r
+ <form id="login-update" class="clear" name="login-update" action="'.$_SERVER["PHP_SELF"].'" method="post">\r
+ <p>\r
+ <label>\r
+ Username<br>\r
+ <input name="username" type="text">\r
+ </label>\r
+ </p>\r
+ <p>\r
+ <label>\r
+ Password<br>\r
+ <input name="password" type="password">\r
+ </label> \r
+ </p>\r
+ <p>\r
+ <label>\r
+ New password<br>\r
+ <input name="password_new" type="password">\r
+ </label> \r
+ </p>\r
+ <p>\r
+ <label>\r
+ Confirm password<br>\r
+ <input name="password_confirm" type="password">\r
+ </label> \r
+ </p>\r
+ <p style="float:left; margin:0;">\r
+ <a href="forgot-password.php">Forgotten password?</a>\r
+ </p>\r
+ <p style="float:right; margin:0;">\r
+ <input type="submit" value="Update">\r
+ </p>\r
+ </form>';\r
+ \r
+echo resultBlock($errors,$successes); \r
+echo '\r
+ </div>\r
+ </div>\r
+ ';\r
+\r
+finishPage();\r
+\r
+?>\r
+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Prevent the user visiting the logged in page if he is not logged in\r
-if(!isUserLoggedIn()) { header("Location: login.php"); die(); }\r
-\r
-if(!empty($_POST))\r
-{\r
- $errors = array();\r
- $successes = array();\r
- $password = $_POST["password"];\r
- $password_new = $_POST["passwordc"];\r
- $password_confirm = $_POST["passwordcheck"];\r
- \r
- $errors = array();\r
- $email = $_POST["email"];\r
- \r
- //Perform some validation\r
- //Feel free to edit / change as required\r
- \r
- //Confirm the hashes match before updating a users password\r
- $entered_pass = generateHash($password,$loggedInUser->hash_pw);\r
- \r
- if (trim($password) == ""){\r
- $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
- }\r
- else if($entered_pass != $loggedInUser->hash_pw)\r
- {\r
- //No match\r
- $errors[] = lang("ACCOUNT_PASSWORD_INVALID");\r
- } \r
- if($email != $loggedInUser->email)\r
- {\r
- if(trim($email) == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");\r
- }\r
- else if(!isValidEmail($email))\r
- {\r
- $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
- }\r
- else if(emailExists($email))\r
- {\r
- $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); \r
- }\r
- \r
- //End data validation\r
- if(count($errors) == 0)\r
- {\r
- $loggedInUser->updateEmail($email);\r
- $successes[] = lang("ACCOUNT_EMAIL_UPDATED");\r
- }\r
- }\r
- \r
- if ($password_new != "" OR $password_confirm != "")\r
- {\r
- if(trim($password_new) == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");\r
- }\r
- else if(trim($password_confirm) == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");\r
- }\r
- else if(minMaxRange(8,50,$password_new))\r
- { \r
- $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(8,50));\r
- }\r
- else if($password_new != $password_confirm)\r
- {\r
- $errors[] = lang("ACCOUNT_PASS_MISMATCH");\r
- }\r
- \r
- //End data validation\r
- if(count($errors) == 0)\r
- {\r
- //Also prevent updating if someone attempts to update with the same password\r
- $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw);\r
- \r
- if($entered_pass_new == $loggedInUser->hash_pw)\r
- {\r
- //Don't update, this fool is trying to update with the same password ¬¬\r
- $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");\r
- }\r
- else\r
- {\r
- //This function will create the new hash and update the hash_pw property.\r
- $loggedInUser->updatePassword($password_new);\r
- $successes[] = lang("ACCOUNT_PASSWORD_UPDATED");\r
- }\r
- }\r
- }\r
- if(count($errors) == 0 AND count($successes) == 0){\r
- $errors[] = lang("NOTHING_TO_UPDATE");\r
- }\r
-}\r
-\r
-require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>User Settings</h2>\r
-<div id='left-nav'>";\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<div id='regbox'>\r
-<form name='updateAccount' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<p>\r
-<label>Password:</label>\r
-<input type='password' name='password' />\r
-</p>\r
-<p>\r
-<label>Email:</label>\r
-<input type='text' name='email' value='".$loggedInUser->email."' />\r
-</p>\r
-<p>\r
-<label>New Pass:</label>\r
-<input type='password' name='passwordc' />\r
-</p>\r
-<p>\r
-<label>Confirm Pass:</label>\r
-<input type='password' name='passwordcheck' />\r
-</p>\r
-<p>\r
-<label> </label>\r
-<input type='submit' value='Update' class='submit' />\r
-</p>\r
-</form>\r
-</div>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r