From 828cdbf49f52572e93c5c5a48e05277525a4055f Mon Sep 17 00:00:00 2001
From: Jeremy Tan <jeremy@jx.tan.fake>
Date: Mon, 28 Oct 2013 20:59:13 +0800
Subject: [PATCH] Nicen the rego form and add back the change password form

---
 .../MCTXWeb/public_html/users/left-nav.php    |   1 +
 testing/MCTXWeb/public_html/users/login.php   |   3 +-
 .../public_html/users/models/funcs.php        |   7 +-
 .../MCTXWeb/public_html/users/register.php    |  39 ++--
 .../public_html/users/user_change_details.php | 169 ++++++++++++++++++
 5 files changed, 189 insertions(+), 30 deletions(-)
 create mode 100644 testing/MCTXWeb/public_html/users/user_change_details.php

diff --git a/testing/MCTXWeb/public_html/users/left-nav.php b/testing/MCTXWeb/public_html/users/left-nav.php
index bb56d73..addc4c4 100644
--- a/testing/MCTXWeb/public_html/users/left-nav.php
+++ b/testing/MCTXWeb/public_html/users/left-nav.php
@@ -22,6 +22,7 @@ if ($loggedInUser->checkPermission(array(2))){
                 <li><a href="admin_upload_users.php"><span>Upload new users</span></a></li>
                 <li><a href="admin_pages.php"><span>Manage visible pages</span></a></li>
                 <li><a href="admin_configuration.php"><span>Manage site details</span></a></li>
+                <li><a href="user_change_details.php"><span>Change your password</span></a></li>
               </ul>
             </div>
           </div>
diff --git a/testing/MCTXWeb/public_html/users/login.php b/testing/MCTXWeb/public_html/users/login.php
index 257fa4d..95b22a4 100644
--- a/testing/MCTXWeb/public_html/users/login.php
+++ b/testing/MCTXWeb/public_html/users/login.php
@@ -116,7 +116,8 @@ echo '
                </label>             
              </p>
              <p style="float:left; margin:0;">
-               <a href="forgot-password.php">Forgotten password?</a>
+               <a href="forgot-password.php">Forgotten password?</a><br>
+               <a href="register.php">Register</a>
              </p>
              <p style="float:right; margin:0;">
                <input type="submit" value="Log In">
diff --git a/testing/MCTXWeb/public_html/users/models/funcs.php b/testing/MCTXWeb/public_html/users/models/funcs.php
index 9eb69b8..a3a9928 100644
--- a/testing/MCTXWeb/public_html/users/models/funcs.php
+++ b/testing/MCTXWeb/public_html/users/models/funcs.php
@@ -165,14 +165,11 @@ function resultBlock($errors,$successes){
 	//Success block
 	if(count($successes) > 0)
 	{
-		echo "<div id='success'>
-		<a href='#' onclick=\"showHide('success');\">[X]</a>
-		<ul>";
+		echo "<div id='success'>";
 		foreach($successes as $success)
 		{
-			echo "<li>".$success."</li>";
+      echo "<p>".$success."</li>";
 		}
-		echo "</ul>";
 		echo "</div>";
 	}
 }
diff --git a/testing/MCTXWeb/public_html/users/register.php b/testing/MCTXWeb/public_html/users/register.php
index 32f1ae1..8a0d6e6 100644
--- a/testing/MCTXWeb/public_html/users/register.php
+++ b/testing/MCTXWeb/public_html/users/register.php
@@ -40,9 +40,9 @@ if(!empty($_POST))
 	if(!ctype_alnum($displayname)){
 		$errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");
 	}
-	if(minMaxRange(8,50,$password) && minMaxRange(8,50,$confirm_pass))
+	if(minMaxRange(6,50,$password) && minMaxRange(6,50,$confirm_pass))
 	{
-		$errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT",array(8,50));
+		$errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT",array(6,50));
 	}
 	else if($password != $confirm_pass)
 	{
@@ -81,25 +81,13 @@ if(!empty($_POST))
 }
 
 require_once("models/header.php");
-echo "
-<body>
-<div id='wrapper'>
-<div id='top'><div id='logo'></div></div>
-<div id='content'>
-<h1>UserCake</h1>
-<h2>Register</h2>
+startPage();
 
-<div id='left-nav'>";
-include("left-nav.php");
 echo "
-</div>
-
-<div id='main'>";
-
-echo resultBlock($errors,$successes);
+<div class='widget' id='login-container'><div class='title centre'>User registration</div>";
 
 echo "
-<div id='regbox'>
+<div id=''>
 <form name='newUser' action='".$_SERVER['PHP_SELF']."' method='post'>
 
 <p>
@@ -122,23 +110,26 @@ echo "
 <label>Email:</label>
 <input type='text' name='email' />
 </p>
+
 <p>
 <label>Security Code:</label>
 <img src='models/captcha.php'>
 </p>
+<p>
 <label>Enter Security Code:</label>
 <input name='captcha' type='text'>
 </p>
-<label>&nbsp;<br>
+<p class='right'>
+<label>&nbsp;</label>
 <input type='submit' value='Register'/>
-</p>
+</p>";
 
+echo resultBlock($errors,$successes);
+echo "
 </form>
 </div>
 
-</div>
-<div id='bottom'></div>
-</div>
-</body>
-</html>";
+</div>";
+
+finishPage();
 ?>
diff --git a/testing/MCTXWeb/public_html/users/user_change_details.php b/testing/MCTXWeb/public_html/users/user_change_details.php
new file mode 100644
index 0000000..16c4532
--- /dev/null
+++ b/testing/MCTXWeb/public_html/users/user_change_details.php
@@ -0,0 +1,169 @@
+<?php
+/*
+UserCake Version: 2.0.2
+http://usercake.com
+*/
+
+require_once("models/config.php");
+if (!securePage($_SERVER['PHP_SELF'])){die();}
+
+//Forms posted
+if(!empty($_POST))
+{
+	$errors = array();
+	$username = sanitize(trim($_POST["username"]));
+	$password = trim($_POST["password"]);
+  $password_new = trim($_POST["password_new"]);
+  $password_confirm = trim($_POST["password_confirm"]);
+	
+	//Perform some validation
+	//Feel free to edit / change as required
+	if($username == "")
+	{
+		$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
+	}
+	if($password == "")
+	{
+		$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
+	}
+
+	if(count($errors) == 0)
+	{
+		//A security note here, never tell the user which credential was incorrect
+		if(!usernameExists($username))
+		{
+			$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
+		}
+		else
+		{
+			$userdetails = fetchUserDetails($username);
+			//See if the user's account is activated
+			if($userdetails["active"]==0)
+			{
+				$errors[] = lang("ACCOUNT_INACTIVE");
+			}
+			else
+			{
+				//Hash the password and use the salt from the database to compare the password.
+				$entered_pass = generateHash($password,$userdetails["password"]);
+
+				//echo "".$userdetails["password"]; //Wut is dis
+				
+				if($entered_pass != $userdetails["password"])
+				{
+					//Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
+					$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
+				}
+				else
+				{
+					//Passwords match! we're good to go'
+					
+					//Construct a new logged in user object
+					//Transfer some db data to the session object
+					$loggedInUser = new loggedInUser();
+					$loggedInUser->email = $userdetails["email"];
+					$loggedInUser->user_id = $userdetails["id"];
+					$loggedInUser->hash_pw = $userdetails["password"];
+					$loggedInUser->title = $userdetails["title"];
+					$loggedInUser->displayname = $userdetails["display_name"];
+					$loggedInUser->username = $userdetails["user_name"];
+					
+          if(trim($password_new) == "")
+          {
+            $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");
+          }
+          else if(trim($password_confirm) == "")
+          {
+            $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");
+          }
+          else if(minMaxRange(6,50,$password_new))
+          {	
+            $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(6,50));
+          }
+          else if($password_new != $password_confirm)
+          {
+            $errors[] = lang("ACCOUNT_PASS_MISMATCH");
+          }
+          
+          //End data validation
+          if(count($errors) == 0)
+          {
+            //Also prevent updating if someone attempts to update with the same password
+            $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw);
+            
+            if($entered_pass_new == $loggedInUser->hash_pw)
+            {
+              //Don't update, this fool is trying to update with the same password ¬¬
+              $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");
+            }
+            else
+            {
+              //This function will create the new hash and update the hash_pw property.
+              $loggedInUser->updatePassword($password_new);
+              $successes[] = lang("ACCOUNT_PASSWORD_UPDATED");
+            }
+          }
+				}
+			}
+		}
+	}
+}
+
+if (isUserLoggedIn())
+{
+  //If not admin, log them out after pw change
+  if (!$loggedInUser->checkPermission(array(2)))
+  {
+    $loggedInUser->userLogOut();
+  }
+}
+
+require_once("models/header.php");
+startPage();
+
+echo '
+      <div id="login-container">
+       <div class="widget">
+          <div class="title centre">Change of password</div>
+           <form id="login-update" class="clear" name="login-update" action="'.$_SERVER["PHP_SELF"].'" method="post">
+             <p>
+               <label>
+                 Username<br>
+                 <input name="username" type="text">
+               </label>
+             </p>
+             <p>
+               <label>
+                 Password<br>
+                 <input name="password" type="password">
+               </label>             
+             </p>
+             <p>
+               <label>
+                 New password<br>
+                 <input name="password_new" type="password">
+               </label>             
+             </p>
+             <p>
+               <label>
+                 Confirm password<br>
+                 <input name="password_confirm" type="password">
+               </label>             
+             </p>
+             <p style="float:left; margin:0;">
+               <a href="forgot-password.php">Forgotten password?</a>
+             </p>
+             <p style="float:right; margin:0;">
+               <input type="submit" value="Update">
+             </p>
+            </form>';
+            
+echo resultBlock($errors,$successes);            
+echo '
+       </div>
+      </div>
+ ';
+
+finishPage();
+
+?>
-- 
2.20.1