| 25 |
- |
1 |
<?php
|
|
|
2 |
// Email sending functions
|
|
|
3 |
include_once 'includes/email_functions.php';
|
|
|
4 |
include_once 'includes/password.php';
|
|
|
5 |
|
| 122 |
- |
6 |
error_log(print_r($_POST, 1));
|
|
|
7 |
|
| 31 |
- |
8 |
// Include Session Handling
|
| 65 |
- |
9 |
require_once ('includes/session.php');
|
| 122 |
- |
10 |
global $systemConf;
|
|
|
11 |
if (empty($_POST["nonce"]) || NonceUtil::check($systemConf["nonce_secret"], $_POST["nonce"]) === false) {
|
|
|
12 |
// Redirect to the home page
|
|
|
13 |
MySessionHandler::commit(session_id());
|
|
|
14 |
header("Location:../index.php");
|
|
|
15 |
exit;
|
|
|
16 |
}
|
| 25 |
- |
17 |
|
|
|
18 |
// Include config file
|
|
|
19 |
require_once 'includes/config.php';
|
|
|
20 |
|
|
|
21 |
// Load and initialize user class
|
|
|
22 |
require_once 'includes/User.class.php';
|
|
|
23 |
$user = new User();
|
|
|
24 |
|
| 65 |
- |
25 |
if (isset($_POST['signupSubmit'])) {
|
|
|
26 |
$valErr = 0;
|
|
|
27 |
$captchaErr = 0;
|
| 36 |
- |
28 |
|
| 65 |
- |
29 |
// Store post data into session
|
|
|
30 |
$_SESSION['signup_post_data'] = $_POST;
|
| 36 |
- |
31 |
|
| 41 |
- |
32 |
if (!empty($_POST['g-recaptcha-response'])) {
|
|
|
33 |
$secretKey = GR_SECRET_KEY;
|
|
|
34 |
$ch = curl_init('https://www.google.com/recaptcha/api/siteverify?secret=' . $secretKey . '&response=' . $_POST['g-recaptcha-response']);
|
|
|
35 |
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
| 65 |
- |
36 |
$verifyResponse = curl_exec($ch);
|
| 41 |
- |
37 |
$responseData = json_decode($verifyResponse);
|
|
|
38 |
|
| 65 |
- |
39 |
if ($responseData->success) {
|
| 41 |
- |
40 |
if ($responseData->score < 0.6) {
|
| 65 |
- |
41 |
$captchaErr = 1;
|
| 41 |
- |
42 |
$sessData['status']['type'] = 'error';
|
|
|
43 |
$sessData['status']['msg'] = 'Robot verification failed, please try again.';
|
|
|
44 |
}
|
| 65 |
- |
45 |
}
|
|
|
46 |
else {
|
|
|
47 |
$captchaErr = 1;
|
| 41 |
- |
48 |
$sessData['status']['type'] = 'error';
|
|
|
49 |
$sessData['status']['msg'] = 'Robot verification failed, please try again.';
|
|
|
50 |
}
|
| 65 |
- |
51 |
}
|
|
|
52 |
else {
|
|
|
53 |
$captchaErr = 1;
|
| 41 |
- |
54 |
$sessData['status']['type'] = 'error';
|
|
|
55 |
$sessData['status']['msg'] = 'Robot verification failed, please try again.';
|
|
|
56 |
}
|
| 65 |
- |
57 |
|
| 41 |
- |
58 |
if ($captchaErr == 1) {
|
| 65 |
- |
59 |
// Redirect back to the registration page
|
| 41 |
- |
60 |
$_SESSION['sessData'] = $sessData;
|
|
|
61 |
MySessionHandler::commit(session_id());
|
|
|
62 |
header("Location:registration.php");
|
| 65 |
- |
63 |
exit;
|
| 41 |
- |
64 |
}
|
|
|
65 |
|
| 65 |
- |
66 |
// Get user inputs
|
|
|
67 |
$first_name = sanitizeInput($_POST['first_name']);
|
|
|
68 |
$last_name = sanitizeInput($_POST['last_name']);
|
|
|
69 |
$email = sanitizeInput($_POST['email']);
|
|
|
70 |
$zip = sanitizeInput($_POST['zip']);
|
|
|
71 |
$password = sanitizeInput($_POST['password']);
|
|
|
72 |
$confirm_password = sanitizeInput($_POST['confirm_password']);
|
| 36 |
- |
73 |
|
| 65 |
- |
74 |
if (empty($first_name)) {
|
|
|
75 |
$valErr = 1;
|
|
|
76 |
$sessData['field_error']['first_name'] = 'Please enter your first name.';
|
|
|
77 |
}
|
|
|
78 |
/*
|
|
|
79 |
if(empty($last_name)){
|
|
|
80 |
$valErr = 1;
|
|
|
81 |
$sessData['field_error']['last_name'] = 'Please enter your last name.';
|
|
|
82 |
}
|
|
|
83 |
*/
|
|
|
84 |
if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
|
85 |
$valErr = 1;
|
|
|
86 |
$sessData['field_error']['email'] = 'Please enter a valid email.';
|
|
|
87 |
}
|
|
|
88 |
if (empty($password)) {
|
|
|
89 |
$valErr = 1;
|
|
|
90 |
$sessData['field_error']['password'] = 'Please enter account password.';
|
|
|
91 |
}
|
|
|
92 |
if (empty($confirm_password)) {
|
|
|
93 |
$valErr = 1;
|
|
|
94 |
$sessData['field_error']['confirm_password'] = 'Please confirm your password.';
|
|
|
95 |
}
|
|
|
96 |
elseif ($password !== $confirm_password) {
|
|
|
97 |
$valErr = 1;
|
|
|
98 |
$sessData['field_error']['confirm_password'] = 'Confirm password does not match the password.';
|
|
|
99 |
}
|
| 25 |
- |
100 |
|
| 65 |
- |
101 |
if ($valErr == 0) {
|
|
|
102 |
// Check whether user exists in the database
|
|
|
103 |
$cond['where'] = array(
|
|
|
104 |
'email' => $email
|
|
|
105 |
);
|
|
|
106 |
$cond['return_type'] = 'count';
|
|
|
107 |
$userCount = $user->getRows($cond);
|
|
|
108 |
if ($userCount > 0) {
|
|
|
109 |
$sessData['status']['type'] = 'error';
|
|
|
110 |
$sessData['status']['msg'] = 'Email already exists, please use another email.';
|
|
|
111 |
}
|
|
|
112 |
else {
|
|
|
113 |
// Email verification code
|
|
|
114 |
$uniqidStr = md5(uniqid(mt_rand()));
|
| 36 |
- |
115 |
|
| 65 |
- |
116 |
// Insert user data in the database
|
|
|
117 |
$userData = array(
|
|
|
118 |
'first_name' => $first_name,
|
|
|
119 |
'last_name' => $last_name,
|
|
|
120 |
'email' => $email,
|
|
|
121 |
'password' => password_hash($password, PASSWORD_DEFAULT) ,
|
|
|
122 |
'zip' => $zip,
|
|
|
123 |
'activation_code' => $uniqidStr
|
|
|
124 |
);
|
|
|
125 |
$insert = $user->insert($userData);
|
| 36 |
- |
126 |
|
| 65 |
- |
127 |
// Set status based on data insert
|
|
|
128 |
if ($insert) {
|
|
|
129 |
// Remove post data from session
|
|
|
130 |
unset($_SESSION['signup_post_data']);
|
| 36 |
- |
131 |
|
| 65 |
- |
132 |
// Send account verification email
|
|
|
133 |
@emailVerification($userData);
|
| 36 |
- |
134 |
|
| 65 |
- |
135 |
$sessData['status']['type'] = 'success';
|
| 74 |
- |
136 |
$sessData['status']['msg'] = 'Your registration was successful. Please check your email inbox (and spam folder) to verify and activate your account.';
|
| 36 |
- |
137 |
|
| 65 |
- |
138 |
// Remove post data from session
|
|
|
139 |
unset($_SESSION['signup_post_data']);
|
|
|
140 |
}
|
|
|
141 |
else {
|
|
|
142 |
$sessData['status']['type'] = 'error';
|
|
|
143 |
$sessData['status']['msg'] = 'Some problem occurred, please try again.';
|
|
|
144 |
}
|
|
|
145 |
}
|
|
|
146 |
}
|
|
|
147 |
else {
|
| 25 |
- |
148 |
$sessData['status']['type'] = 'error';
|
| 36 |
- |
149 |
$sessData['status']['msg'] = 'Please fill all mandatory fields.';
|
| 25 |
- |
150 |
}
|
|
|
151 |
|
| 65 |
- |
152 |
// Store signup status into the session
|
| 25 |
- |
153 |
$_SESSION['sessData'] = $sessData;
|
| 65 |
- |
154 |
$redirectURL = ($sessData['status']['type'] == 'success') ? 'index.php' : 'registration.php';
|
| 36 |
- |
155 |
|
| 65 |
- |
156 |
// Redirect to the home/login page
|
| 31 |
- |
157 |
MySessionHandler::commit(session_id());
|
| 65 |
- |
158 |
header("Location:" . $redirectURL);
|
|
|
159 |
exit;
|
|
|
160 |
}
|
|
|
161 |
elseif (isset($_POST['loginSubmit'])) {
|
|
|
162 |
// Get user inputs
|
|
|
163 |
$email = sanitizeInput($_POST['email']);
|
|
|
164 |
$password = sanitizeInput($_POST['password']);
|
| 36 |
- |
165 |
|
| 65 |
- |
166 |
// Check whether login details are empty
|
|
|
167 |
if (!empty($email) && !empty($password)) {
|
|
|
168 |
// Get user data from user class
|
| 25 |
- |
169 |
$conditions['where'] = array(
|
|
|
170 |
'email' => $email,
|
|
|
171 |
'status' => '1'
|
|
|
172 |
);
|
|
|
173 |
$conditions['return_type'] = 'single';
|
|
|
174 |
$userData = $user->getRows($conditions);
|
| 36 |
- |
175 |
|
| 65 |
- |
176 |
if (!empty($userData) && password_verify($password, $userData['password'])) {
|
|
|
177 |
// Set user data and status based on login credentials
|
|
|
178 |
if ($userData['activated'] == '0') {
|
|
|
179 |
$sessData['status']['type'] = 'error';
|
|
|
180 |
$sessData['status']['msg'] = 'Your account activation is pending, please check your email inbox to verify and activate your account.';
|
|
|
181 |
}
|
|
|
182 |
else {
|
|
|
183 |
// If remember me is checked
|
|
|
184 |
if (isset($_POST['rememberMe']) && $_POST['rememberMe'] == 1) {
|
|
|
185 |
setcookie('rememberUserId', $userData['id'], time() + (30 * 86400) , "/");
|
|
|
186 |
setcookie('hash', password_hash($userData['password'] . $userData['id'], PASSWORD_DEFAULT) , time() + (30 * 86400) , "/");
|
|
|
187 |
}
|
| 36 |
- |
188 |
|
| 65 |
- |
189 |
$sessData['userLoggedIn'] = true;
|
|
|
190 |
$sessData['userID'] = $userData['id'];
|
|
|
191 |
$sessData['status']['type'] = 'success';
|
|
|
192 |
$sessData['status']['msg'] = 'Welcome ' . $userData['first_name'] . '!';
|
|
|
193 |
}
|
|
|
194 |
}
|
|
|
195 |
else {
|
|
|
196 |
$sessData['status']['type'] = 'error';
|
| 36 |
- |
197 |
$sessData['status']['msg'] = 'Wrong email or password, please try again.';
|
| 65 |
- |
198 |
}
|
|
|
199 |
}
|
|
|
200 |
else {
|
| 25 |
- |
201 |
$sessData['status']['type'] = 'error';
|
| 36 |
- |
202 |
$sessData['status']['msg'] = 'Enter email and password.';
|
| 25 |
- |
203 |
}
|
| 36 |
- |
204 |
|
| 65 |
- |
205 |
// Store login status into the session
|
| 25 |
- |
206 |
$_SESSION['sessData'] = $sessData;
|
| 36 |
- |
207 |
|
| 65 |
- |
208 |
// Redirect to the home page
|
| 31 |
- |
209 |
MySessionHandler::commit(session_id());
|
| 30 |
- |
210 |
header("Location:index.php");
|
| 65 |
- |
211 |
exit;
|
|
|
212 |
}
|
|
|
213 |
elseif (isset($_POST['forgotSubmit'])) {
|
|
|
214 |
$frmDisplay = '';
|
| 36 |
- |
215 |
|
| 65 |
- |
216 |
// Get user inputs
|
|
|
217 |
$email = sanitizeInput($_POST['email']);
|
| 36 |
- |
218 |
|
| 65 |
- |
219 |
// Check whether email is empty
|
|
|
220 |
if (!empty($email)) {
|
|
|
221 |
// Check whether user exists in the database
|
|
|
222 |
$cond['where'] = array(
|
|
|
223 |
'email' => $email
|
|
|
224 |
);
|
|
|
225 |
$cond['return_type'] = 'count';
|
|
|
226 |
$userCount = $user->getRows($cond);
|
|
|
227 |
if ($userCount > 0) {
|
|
|
228 |
// Generat unique string
|
|
|
229 |
$uniqidStr = md5(uniqid(mt_rand()));
|
| 36 |
- |
230 |
|
| 65 |
- |
231 |
// Update data with forgot pass code
|
|
|
232 |
$conditions = array(
|
|
|
233 |
'email' => $email
|
|
|
234 |
);
|
|
|
235 |
$data = array(
|
|
|
236 |
'forgot_pass_identity' => $uniqidStr
|
|
|
237 |
);
|
|
|
238 |
$update = $user->update($data, $conditions);
|
| 36 |
- |
239 |
|
| 65 |
- |
240 |
if ($update) {
|
|
|
241 |
// Get user details
|
|
|
242 |
$con['where'] = array(
|
|
|
243 |
'email' => $email
|
|
|
244 |
);
|
|
|
245 |
$con['return_type'] = 'single';
|
|
|
246 |
$userDetails = $user->getRows($con);
|
| 36 |
- |
247 |
|
| 65 |
- |
248 |
// Send reset password email
|
| 25 |
- |
249 |
@forgotPassEmail($userDetails);
|
| 36 |
- |
250 |
|
| 65 |
- |
251 |
$sessData['status']['type'] = 'success';
|
| 74 |
- |
252 |
$sessData['status']['msg'] = 'Please check your email inbox (and spam folder), we have sent a password reset link to your registered email.';
|
| 65 |
- |
253 |
$frmDisplay = '?frmDis=0';
|
|
|
254 |
}
|
|
|
255 |
else {
|
|
|
256 |
$sessData['status']['type'] = 'error';
|
|
|
257 |
$sessData['status']['msg'] = 'Some problem occurred, please try again.';
|
|
|
258 |
}
|
|
|
259 |
}
|
|
|
260 |
else {
|
|
|
261 |
$sessData['status']['type'] = 'error';
|
|
|
262 |
$sessData['status']['msg'] = 'Given email is not associated with any account.';
|
|
|
263 |
}
|
| 36 |
- |
264 |
|
| 65 |
- |
265 |
}
|
|
|
266 |
else {
|
| 25 |
- |
267 |
$sessData['status']['type'] = 'error';
|
| 36 |
- |
268 |
$sessData['status']['msg'] = 'Enter email to create a new password for your account.';
|
| 25 |
- |
269 |
}
|
| 36 |
- |
270 |
|
| 65 |
- |
271 |
// Store reset password status into the session
|
| 25 |
- |
272 |
$_SESSION['sessData'] = $sessData;
|
| 36 |
- |
273 |
|
| 65 |
- |
274 |
// Redirect to the forgot pasword page
|
| 31 |
- |
275 |
MySessionHandler::commit(session_id());
|
| 65 |
- |
276 |
header("Location:forgotPassword.php" . $frmDisplay);
|
|
|
277 |
}
|
|
|
278 |
elseif (isset($_POST['resetSubmit'])) {
|
|
|
279 |
$fp_code = sanitizeInput($_POST['fp_code']);
|
| 36 |
- |
280 |
|
| 65 |
- |
281 |
// Get user inputs
|
|
|
282 |
$password = sanitizeInput($_POST['password']);
|
|
|
283 |
$confirm_password = sanitizeInput($_POST['confirm_password']);
|
| 36 |
- |
284 |
|
| 65 |
- |
285 |
if (!empty($password) && !empty($confirm_password) && !empty($fp_code)) {
|
|
|
286 |
// Password and confirm password comparison
|
|
|
287 |
if ($password !== $confirm_password) {
|
| 25 |
- |
288 |
$sessData['status']['type'] = 'error';
|
|
|
289 |
$sessData['status']['msg'] = 'Confirm password does not match the password.';
|
| 65 |
- |
290 |
}
|
|
|
291 |
else {
|
|
|
292 |
//check whether identity code exists in the database
|
|
|
293 |
$cond['where'] = array(
|
|
|
294 |
'forgot_pass_identity' => $fp_code
|
|
|
295 |
);
|
| 25 |
- |
296 |
$cond['return_type'] = 'count';
|
|
|
297 |
$userCount = $user->getRows($cond);
|
| 65 |
- |
298 |
if ($userCount > 0) {
|
|
|
299 |
// Update data with new password
|
|
|
300 |
$conditions = array(
|
|
|
301 |
'forgot_pass_identity' => $fp_code
|
|
|
302 |
);
|
|
|
303 |
$data = array(
|
|
|
304 |
'password' => password_hash($password, PASSWORD_DEFAULT)
|
|
|
305 |
);
|
|
|
306 |
$update = $user->update($data, $conditions);
|
|
|
307 |
if ($update) {
|
|
|
308 |
$sessData['status']['type'] = 'success';
|
| 43 |
- |
309 |
$sessData['status']['msg'] = 'Your account password has been reset. Please login with your new password.';
|
| 65 |
- |
310 |
}
|
|
|
311 |
else {
|
|
|
312 |
$sessData['status']['type'] = 'error';
|
|
|
313 |
$sessData['status']['msg'] = 'Some problem occurred, please try again.';
|
|
|
314 |
}
|
|
|
315 |
}
|
|
|
316 |
else {
|
| 25 |
- |
317 |
$sessData['status']['type'] = 'error';
|
|
|
318 |
$sessData['status']['msg'] = 'You are not authorized to reset the password for this account.';
|
|
|
319 |
}
|
|
|
320 |
}
|
| 65 |
- |
321 |
}
|
|
|
322 |
else {
|
| 25 |
- |
323 |
$sessData['status']['type'] = 'error';
|
| 36 |
- |
324 |
$sessData['status']['msg'] = 'All fields are mandatory, please fill all the fields.';
|
| 25 |
- |
325 |
}
|
| 36 |
- |
326 |
|
| 65 |
- |
327 |
// Store reset password status into the session
|
| 25 |
- |
328 |
$_SESSION['sessData'] = $sessData;
|
| 65 |
- |
329 |
$redirectURL = ($sessData['status']['type'] == 'success') ? 'index.php' : 'resetPassword.php?fp_code=' . $fp_code;
|
| 36 |
- |
330 |
|
| 65 |
- |
331 |
// Redirect to the login/reset pasword page
|
| 31 |
- |
332 |
MySessionHandler::commit(session_id());
|
| 65 |
- |
333 |
header("Location:" . $redirectURL);
|
|
|
334 |
exit;
|
|
|
335 |
}
|
|
|
336 |
elseif (isset($_REQUEST['verifyEmail']) && $_REQUEST['verifyEmail'] == 1) {
|
|
|
337 |
$ac_code = $_REQUEST['ac_code'];
|
| 25 |
- |
338 |
|
| 65 |
- |
339 |
// Check whether activation code exists in the database
|
|
|
340 |
$cond['where'] = array(
|
|
|
341 |
'activation_code' => $ac_code
|
|
|
342 |
);
|
|
|
343 |
$cond['return_type'] = 'count';
|
|
|
344 |
$userCount = $user->getRows($cond);
|
|
|
345 |
if ($userCount > 0) {
|
|
|
346 |
// Update data with new password
|
|
|
347 |
$conditions = array(
|
|
|
348 |
'activation_code' => $ac_code
|
|
|
349 |
);
|
|
|
350 |
$data = array(
|
|
|
351 |
'activated' => '1'
|
|
|
352 |
);
|
|
|
353 |
$update = $user->update($data, $conditions);
|
|
|
354 |
if ($update) {
|
|
|
355 |
$sessData['status']['type'] = 'success';
|
|
|
356 |
$sessData['status']['msg'] = 'Email verification for your account was successful. Please login to your account.';
|
|
|
357 |
}
|
|
|
358 |
else {
|
|
|
359 |
$sessData['status']['type'] = 'error';
|
|
|
360 |
$sessData['status']['msg'] = 'Some problem occurred, please try again.';
|
|
|
361 |
}
|
|
|
362 |
}
|
|
|
363 |
else {
|
|
|
364 |
$sessData['status']['type'] = 'error';
|
|
|
365 |
$sessData['status']['msg'] = 'You have used the wrong verification link, please check your email inbox and try again.';
|
|
|
366 |
}
|
| 36 |
- |
367 |
|
| 65 |
- |
368 |
// Store account activation status into the session
|
| 25 |
- |
369 |
$_SESSION['sessData'] = $sessData;
|
| 30 |
- |
370 |
$redirectURL = 'index.php';
|
| 36 |
- |
371 |
|
| 65 |
- |
372 |
// Redirect to the login page
|
| 31 |
- |
373 |
MySessionHandler::commit(session_id());
|
| 65 |
- |
374 |
header("Location:" . $redirectURL);
|
|
|
375 |
exit;
|
|
|
376 |
}
|
|
|
377 |
elseif (isset($_POST['updateProfile']) && !empty($_SESSION['sessData']['userID'])) {
|
|
|
378 |
$valErr = 0;
|
| 36 |
- |
379 |
|
| 65 |
- |
380 |
$sessData = $_SESSION['sessData'];
|
|
|
381 |
unset($sessData['field_error']);
|
|
|
382 |
unset($sessData['status']);
|
|
|
383 |
$sessUserId = $sessData['userID'];
|
| 36 |
- |
384 |
|
| 65 |
- |
385 |
//echo "<pre>", print_r($_POST, 1), "</pre>";
|
|
|
386 |
//exit;
|
|
|
387 |
// Get user inputs
|
|
|
388 |
$first_name = sanitizeInput($_POST['first_name']);
|
|
|
389 |
$last_name = sanitizeInput($_POST['last_name']);
|
|
|
390 |
$email = sanitizeInput($_POST['email']);
|
|
|
391 |
$zip = sanitizeInput($_POST['zip']);
|
|
|
392 |
$theme = strtolower(sanitizeInput($_POST['theme']));
|
| 59 |
- |
393 |
$cardView = $_POST['cardView'];
|
| 65 |
- |
394 |
$conditionNew = isset($_POST['filterConditionNew']) ? 1 : 0;
|
|
|
395 |
$conditionUsed = isset($_POST['filterConditionUsed']) ? 1 : 0;
|
|
|
396 |
$mediaCD = isset($_POST['filterMediaTypeCD']) ? 1 : 0;
|
|
|
397 |
$mediaRecord = isset($_POST['filterMediaTypeRecord']) ? 1 : 0;
|
|
|
398 |
$mediaDigital = isset($_POST['filterMediaTypeDigital']) ? 1 : 0;
|
|
|
399 |
$mediaBook = isset($_POST['filterMediaTypeBook']) ? 1 : 0;
|
| 71 |
- |
400 |
$wlEmail = $_POST['wlEmail'];
|
|
|
401 |
$wlFreq = $_POST['wlFreq'];
|
| 36 |
- |
402 |
|
| 65 |
- |
403 |
if (empty($first_name)) {
|
|
|
404 |
$valErr = 1;
|
|
|
405 |
$sessData['field_error']['first_name'] = 'Please enter your first name.';
|
|
|
406 |
}
|
|
|
407 |
/*
|
|
|
408 |
if(empty($last_name)){
|
|
|
409 |
$valErr = 1;
|
|
|
410 |
$sessData['field_error']['last_name'] = 'Please enter your last name.';
|
|
|
411 |
}
|
|
|
412 |
*/
|
|
|
413 |
if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
|
414 |
$valErr = 1;
|
|
|
415 |
$sessData['field_error']['email'] = 'Please enter a valid email.';
|
|
|
416 |
}
|
| 25 |
- |
417 |
|
| 65 |
- |
418 |
if ($valErr == 0) {
|
|
|
419 |
// Check whether user exists in the database
|
|
|
420 |
$cond['where'] = array(
|
|
|
421 |
'email' => $email
|
|
|
422 |
);
|
|
|
423 |
$cond['where_not'] = array(
|
|
|
424 |
'id' => $sessUserId
|
|
|
425 |
);
|
|
|
426 |
$cond['return_type'] = 'count';
|
|
|
427 |
$userCount = $user->getRows($cond);
|
|
|
428 |
if ($userCount > 0) {
|
|
|
429 |
$sessData['status']['type'] = 'error';
|
|
|
430 |
$sessData['status']['msg'] = 'Email already exists, please use another email.';
|
|
|
431 |
}
|
|
|
432 |
else {
|
|
|
433 |
// Get user information
|
|
|
434 |
$conditions['where'] = array(
|
|
|
435 |
'id' => $sessData['userID'],
|
|
|
436 |
);
|
|
|
437 |
$conditions['return_type'] = 'single';
|
|
|
438 |
$userData = $user->getRows($conditions);
|
|
|
439 |
$prevPicture = $userData['picture'];
|
| 36 |
- |
440 |
|
| 65 |
- |
441 |
// Prepare user data
|
|
|
442 |
$userData = array(
|
|
|
443 |
'first_name' => $first_name,
|
|
|
444 |
'last_name' => $last_name,
|
|
|
445 |
'email' => $email,
|
|
|
446 |
'zip' => $zip,
|
|
|
447 |
'conditionNew' => $conditionNew,
|
|
|
448 |
'conditionUsed' => $conditionUsed,
|
|
|
449 |
'mediaCD' => $mediaCD,
|
|
|
450 |
'mediaRecord' => $mediaRecord,
|
|
|
451 |
'mediaDigital' => $mediaDigital,
|
|
|
452 |
'mediaBook' => $mediaBook,
|
| 59 |
- |
453 |
'theme' => $theme,
|
| 71 |
- |
454 |
'cardView' => $cardView,
|
|
|
455 |
'wlEmailFlag' => $wlEmail,
|
|
|
456 |
'wlFreq' => $wlFreq
|
| 65 |
- |
457 |
);
|
| 36 |
- |
458 |
|
| 65 |
- |
459 |
// Profile picture upload
|
|
|
460 |
$fileErr = 0;
|
|
|
461 |
if (!empty($_FILES['picture']['name'])) {
|
|
|
462 |
$targetDir = UPLOAD_PATH . 'profile_picture/';
|
|
|
463 |
$fileName = time() . '_' . basename($_FILES["picture"]["tmp_name"]);
|
|
|
464 |
$targetFilePath = $targetDir . $fileName;
|
|
|
465 |
$fileType = strtolower(pathinfo($_FILES["picture"]["name"], PATHINFO_EXTENSION));
|
|
|
466 |
$allowTypes = array(
|
|
|
467 |
'jpg',
|
|
|
468 |
'png',
|
|
|
469 |
'jpeg',
|
|
|
470 |
'gif'
|
|
|
471 |
);
|
|
|
472 |
if (in_array($fileType, $allowTypes)) {
|
| 36 |
- |
473 |
if ($_FILES["picture"]["size"] > 500000) {
|
| 65 |
- |
474 |
$fileErr = 1;
|
|
|
475 |
$sessData['status']['type'] = 'error';
|
|
|
476 |
$sessData['status']['msg'] = 'Please upload a smaller image file.';
|
|
|
477 |
}
|
|
|
478 |
else {
|
| 36 |
- |
479 |
$check = getimagesize($_FILES["picture"]["tmp_name"]);
|
|
|
480 |
if ($check === false) {
|
| 65 |
- |
481 |
$fileErr = 1;
|
|
|
482 |
$sessData['status']['type'] = 'error';
|
|
|
483 |
$sessData['status']['msg'] = 'Please upload only gif/jpg/png files.';
|
| 36 |
- |
484 |
}
|
|
|
485 |
}
|
|
|
486 |
}
|
| 65 |
- |
487 |
else {
|
|
|
488 |
$fileErr = 1;
|
|
|
489 |
$sessData['status']['type'] = 'error';
|
|
|
490 |
$sessData['status']['msg'] = 'Please upload only gif/jpg/png files.';
|
|
|
491 |
}
|
| 36 |
- |
492 |
|
| 65 |
- |
493 |
if ($fileErr == 0) {
|
|
|
494 |
if (move_uploaded_file($_FILES["picture"]["tmp_name"], $targetFilePath)) {
|
|
|
495 |
$userData['picture'] = $fileName;
|
| 36 |
- |
496 |
|
| 65 |
- |
497 |
// Delete previous profile picture
|
|
|
498 |
@unlink(UPLOAD_PATH . 'profile_picture/' . $prevPicture);
|
|
|
499 |
}
|
|
|
500 |
else {
|
| 36 |
- |
501 |
$fileErr = 1;
|
| 65 |
- |
502 |
$sessData['status']['type'] = 'error';
|
|
|
503 |
$sessData['status']['msg'] = 'Could not upload picture.';
|
|
|
504 |
@unlink($_FILES["picture"]["tmp_name"]);
|
|
|
505 |
}
|
|
|
506 |
}
|
|
|
507 |
else {
|
|
|
508 |
@unlink($_FILES["picture"]["tmp_name"]);
|
|
|
509 |
}
|
|
|
510 |
}
|
| 36 |
- |
511 |
|
| 65 |
- |
512 |
if ($fileErr == 0) {
|
|
|
513 |
// Update user data in the database
|
|
|
514 |
$conditions = array(
|
|
|
515 |
'id' => $sessUserId
|
|
|
516 |
);
|
| 36 |
- |
517 |
|
| 65 |
- |
518 |
$update = $user->update($userData, $conditions);
|
| 36 |
- |
519 |
|
| 65 |
- |
520 |
// Set status based on data insert
|
|
|
521 |
if ($update) {
|
|
|
522 |
$sessData['status']['type'] = 'success';
|
|
|
523 |
$sessData['status']['msg'] = 'Your profile information has been updated.';
|
|
|
524 |
}
|
|
|
525 |
else {
|
|
|
526 |
$sessData['status']['type'] = 'error';
|
|
|
527 |
$sessData['status']['msg'] = 'Some problem occurred, please try again.';
|
|
|
528 |
}
|
| 36 |
- |
529 |
}
|
| 65 |
- |
530 |
}
|
|
|
531 |
}
|
|
|
532 |
else {
|
| 25 |
- |
533 |
$sessData['status']['type'] = 'error';
|
| 36 |
- |
534 |
$sessData['status']['msg'] = 'Please fill all mandatory fields.';
|
| 25 |
- |
535 |
}
|
| 36 |
- |
536 |
|
| 65 |
- |
537 |
// Store signup status into the session
|
| 25 |
- |
538 |
$_SESSION['sessData'] = $sessData;
|
| 65 |
- |
539 |
$redirectURL = 'editAccount.php';
|
| 36 |
- |
540 |
|
| 65 |
- |
541 |
// Redirect to the profile page
|
| 31 |
- |
542 |
MySessionHandler::commit(session_id());
|
| 65 |
- |
543 |
header("Location:" . $redirectURL);
|
|
|
544 |
exit;
|
|
|
545 |
}
|
|
|
546 |
elseif (isset($_POST['updatePassword']) && !empty($_SESSION['sessData']['userID'])) {
|
|
|
547 |
$sessData = $_SESSION['sessData'];
|
|
|
548 |
unset($sessData['field_error']);
|
|
|
549 |
unset($sessData['status']);
|
|
|
550 |
$sessUserId = $sessData['userID'];
|
| 36 |
- |
551 |
|
| 65 |
- |
552 |
// Get user inputs
|
|
|
553 |
$old_password = sanitizeInput($_POST['old_password']);
|
|
|
554 |
$password = sanitizeInput($_POST['password']);
|
|
|
555 |
$confirm_password = sanitizeInput($_POST['confirm_password']);
|
| 36 |
- |
556 |
|
| 65 |
- |
557 |
if (!empty($password) && !empty($confirm_password)) {
|
|
|
558 |
// Password and confirm password comparison
|
|
|
559 |
if ($password !== $confirm_password) {
|
| 25 |
- |
560 |
$sessData['status']['type'] = 'error';
|
|
|
561 |
$sessData['status']['msg'] = 'Confirm password does not match the password.';
|
| 65 |
- |
562 |
}
|
|
|
563 |
else {
|
|
|
564 |
// Check whether identity code exists in the database
|
|
|
565 |
$cond['where'] = array(
|
|
|
566 |
'id' => $sessUserId
|
|
|
567 |
);
|
| 25 |
- |
568 |
$cond['return_type'] = 'single';
|
|
|
569 |
$userData = $user->getRows($cond);
|
| 36 |
- |
570 |
|
| 65 |
- |
571 |
if ((!empty($userData) && !empty($sessData['loginType']) && $sessData['loginType'] == 'social') || (!empty($userData) && password_verify($old_password, $userData['password']))) {
|
|
|
572 |
// Update data with new password
|
|
|
573 |
$conditions = array(
|
|
|
574 |
'id' => $sessUserId
|
|
|
575 |
);
|
|
|
576 |
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
|
|
|
577 |
$data = array(
|
|
|
578 |
'password' => $passwordHash
|
|
|
579 |
);
|
|
|
580 |
$update = $user->update($data, $conditions);
|
|
|
581 |
if ($update) {
|
|
|
582 |
if (!empty($_COOKIE['rememberUserId'])) {
|
|
|
583 |
setcookie('hash', password_hash($passwordHash . $sessUserId, PASSWORD_DEFAULT) , time() + (30 * 86400) , "/");
|
|
|
584 |
}
|
|
|
585 |
$sessData['status']['type'] = 'success';
|
| 43 |
- |
586 |
$sessData['status']['msg'] = 'Your account password has been updated.';
|
| 65 |
- |
587 |
}
|
|
|
588 |
else {
|
|
|
589 |
$sessData['status']['type'] = 'error';
|
|
|
590 |
$sessData['status']['msg'] = 'Some problem occurred, please try again.';
|
|
|
591 |
}
|
|
|
592 |
}
|
|
|
593 |
else {
|
| 25 |
- |
594 |
$sessData['status']['type'] = 'error';
|
|
|
595 |
$sessData['status']['msg'] = 'The given old password does not match your current account password.';
|
|
|
596 |
}
|
|
|
597 |
}
|
| 65 |
- |
598 |
}
|
|
|
599 |
else {
|
| 25 |
- |
600 |
$sessData['status']['type'] = 'error';
|
| 36 |
- |
601 |
$sessData['status']['msg'] = 'Please fill all mandatory fields.';
|
| 25 |
- |
602 |
}
|
| 36 |
- |
603 |
|
| 65 |
- |
604 |
// Store reset password status into the session
|
| 25 |
- |
605 |
$_SESSION['sessData'] = $sessData;
|
| 26 |
- |
606 |
$redirectURL = 'changePassword.php';
|
| 36 |
- |
607 |
|
| 65 |
- |
608 |
// Redirect to the pasword settings page
|
| 31 |
- |
609 |
MySessionHandler::commit(session_id());
|
| 65 |
- |
610 |
header("Location:" . $redirectURL);
|
|
|
611 |
exit;
|
|
|
612 |
}
|
|
|
613 |
elseif (!empty($_REQUEST['logoutSubmit'])) {
|
|
|
614 |
// Include social login handler
|
|
|
615 |
if (!empty($_SESSION['sessData']['loginType']) && ($_SESSION['sessData']['loginType'] == 'social') && !empty($_SESSION['google_access_token'])) {
|
|
|
616 |
require_once 'includes/socialLogin.php';
|
|
|
617 |
}
|
| 36 |
- |
618 |
|
| 65 |
- |
619 |
// Remove cookie data
|
|
|
620 |
setcookie("rememberUserId", "", time() - 3600, "/");
|
|
|
621 |
setcookie("hash", "", time() - 3600, "/");
|
| 31 |
- |
622 |
unset($_COOKIE['rememberUserId']);
|
|
|
623 |
unset($_COOKIE['hash']);
|
| 36 |
- |
624 |
|
| 65 |
- |
625 |
// Remove session data
|
|
|
626 |
unset($_SESSION['facebook_access_token']);
|
|
|
627 |
unset($_SESSION['FBRLH_state']);
|
|
|
628 |
if (isset($_SESSION['google_access_token'])) {
|
|
|
629 |
// Reset OAuth access token
|
|
|
630 |
$gClient->revokeToken();
|
|
|
631 |
}
|
|
|
632 |
unset($_SESSION['google_access_token']);
|
|
|
633 |
unset($_SESSION['twitter_access_token']);
|
|
|
634 |
unset($_SESSION['twitter_token_secret']);
|
| 25 |
- |
635 |
unset($_SESSION['sessData']);
|
|
|
636 |
session_destroy();
|
| 36 |
- |
637 |
|
| 65 |
- |
638 |
// Store logout status into the session
|
| 25 |
- |
639 |
$sessData['status']['type'] = 'success';
|
|
|
640 |
$sessData['status']['msg'] = 'You have logged off your account.';
|
|
|
641 |
$_SESSION['sessData'] = $sessData;
|
| 36 |
- |
642 |
|
| 65 |
- |
643 |
// Redirect to the home page
|
| 31 |
- |
644 |
MySessionHandler::commit(session_id());
|
|
|
645 |
header("Location:../index.php");
|
| 65 |
- |
646 |
exit;
|
|
|
647 |
}
|
|
|
648 |
else {
|
|
|
649 |
// Redirect to the home page
|
| 31 |
- |
650 |
MySessionHandler::commit(session_id());
|
|
|
651 |
header("Location:../index.php");
|
| 65 |
- |
652 |
exit;
|
| 25 |
- |
653 |
}
|
| 36 |
- |
654 |
|
|
|
655 |
// sanitize user input
|
|
|
656 |
function sanitizeInput($data) {
|
|
|
657 |
$data = trim(preg_replace('/[\t\n\r\s]+/', ' ', $data));
|
|
|
658 |
$data = stripslashes($data);
|
|
|
659 |
$data = htmlspecialchars($data);
|
|
|
660 |
return $data;
|
|
|
661 |
}
|