Subversion Repositories cheapmusic

Rev

Rev 35 | Rev 41 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
25 - 1
<?php
2
// Email sending functions
3
include_once 'includes/email_functions.php';
4
include_once 'includes/password.php';
5
 
31 - 6
// Include Session Handling
7
require_once('includes/session.php');
25 - 8
 
9
// Include config file
10
require_once 'includes/config.php';
11
 
12
// Load and initialize user class
13
require_once 'includes/User.class.php';
14
$user = new User();
15
 
16
if(isset($_POST['signupSubmit'])){
17
	$valErr = 0;
36 - 18
 
25 - 19
	// Store post data into session
20
	$_SESSION['signup_post_data'] = $_POST;
36 - 21
 
25 - 22
	// Get user inputs
36 - 23
	$first_name = sanitizeInput($_POST['first_name']);
24
	$last_name = sanitizeInput($_POST['last_name']);
25
	$email = sanitizeInput($_POST['email']);
26
	$zip = sanitizeInput($_POST['zip']);
27
	$password = sanitizeInput($_POST['password']);
28
	$confirm_password = sanitizeInput($_POST['confirm_password']);
29
 
25 - 30
	if(empty($first_name)){
31
		$valErr = 1;
32
		$sessData['field_error']['first_name'] = 'Please enter your first name.';
33
	}
31 - 34
/*
25 - 35
	if(empty($last_name)){
36
		$valErr = 1;
37
		$sessData['field_error']['last_name'] = 'Please enter your last name.';
38
	}
31 - 39
*/
25 - 40
	if(empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)){
41
		$valErr = 1;
42
		$sessData['field_error']['email'] = 'Please enter a valid email.';
43
	}
44
	if(empty($password)){
45
		$valErr = 1;
46
		$sessData['field_error']['password'] = 'Please enter account password.';
47
	}
48
	if(empty($confirm_password)){
49
		$valErr = 1;
50
		$sessData['field_error']['confirm_password'] = 'Please confirm your password.';
51
	}elseif($password !== $confirm_password){
52
		$valErr = 1;
53
		$sessData['field_error']['confirm_password'] = 'Confirm password does not match the password.';
54
	}
55
 
56
	if($valErr == 0){
57
		// Check whether user exists in the database
58
		$cond['where'] = array('email' => $email);
59
		$cond['return_type'] = 'count';
60
		$userCount = $user->getRows($cond);
61
		if($userCount > 0){
62
			$sessData['status']['type'] = 'error';
63
			$sessData['status']['msg'] = 'Email already exists, please use another email.';
64
		}else{
65
			// Email verification code
66
			$uniqidStr = md5(uniqid(mt_rand()));
36 - 67
 
25 - 68
			// Insert user data in the database
69
			$userData = array(
70
				'first_name' => $first_name,
71
				'last_name' => $last_name,
72
				'email' => $email,
73
				'password' => password_hash($password, PASSWORD_DEFAULT),
26 - 74
				'zip' => $zip,
25 - 75
				'activation_code' => $uniqidStr
76
			);
77
			$insert = $user->insert($userData);
36 - 78
 
25 - 79
			// Set status based on data insert
80
			if($insert){
81
				// Remove post data from session
82
				unset($_SESSION['signup_post_data']);
36 - 83
 
25 - 84
				// Send account verification email
85
				@emailVerification($userData);
36 - 86
 
25 - 87
				$sessData['status']['type'] = 'success';
88
				$sessData['status']['msg'] = 'Your registration was successful. Please check your email inbox to verify and activate your account.';
36 - 89
 
25 - 90
				// Remove post data from session
91
				unset($_SESSION['signup_post_data']);
92
			}else{
93
				$sessData['status']['type'] = 'error';
94
				$sessData['status']['msg'] = 'Some problem occurred, please try again.';
95
			}
96
		}
97
	}else{
98
        $sessData['status']['type'] = 'error';
36 - 99
        $sessData['status']['msg'] = 'Please fill all mandatory fields.';
25 - 100
    }
101
 
102
	// Store signup status into the session
103
    $_SESSION['sessData'] = $sessData;
30 - 104
    $redirectURL = ($sessData['status']['type'] == 'success')?'index.php':'registration.php';
36 - 105
 
25 - 106
	// Redirect to the home/login page
31 - 107
    MySessionHandler::commit(session_id());
25 - 108
    header("Location:".$redirectURL);
109
	exit;
110
}elseif(isset($_POST['loginSubmit'])){
111
	// Get user inputs
36 - 112
	$email = sanitizeInput($_POST['email']);
113
	$password = sanitizeInput($_POST['password']);
114
 
25 - 115
	// Check whether login details are empty
116
    if(!empty($email) && !empty($password)){
117
		// Get user data from user class
118
        $conditions['where'] = array(
119
            'email' => $email,
120
            'status' => '1'
121
        );
122
        $conditions['return_type'] = 'single';
123
        $userData = $user->getRows($conditions);
36 - 124
 
25 - 125
		if(!empty($userData) && password_verify($password, $userData['password'])){
126
			// Set user data and status based on login credentials
127
			if($userData['activated'] == '0'){
128
				$sessData['status']['type'] = 'error';
129
				$sessData['status']['msg'] = 'Your account activation is pending, please check your email inbox to verify and activate your account.';
130
			}else{
131
				// If remember me is checked
132
				if (isset($_POST['rememberMe']) && $_POST['rememberMe'] == 1) {
31 - 133
					setcookie('rememberUserId', $userData['id'], time() + (30 * 86400), "/");
134
					setcookie('hash', password_hash($userData['password'] . $userData['id'], PASSWORD_DEFAULT), time() + (30 * 86400), "/");
25 - 135
				}
36 - 136
 
35 - 137
				$sessData['userLoggedIn'] = true;
25 - 138
				$sessData['userID'] = $userData['id'];
139
				$sessData['status']['type'] = 'success';
140
				$sessData['status']['msg'] = 'Welcome '.$userData['first_name'].'!';
141
			}
142
		}else{
143
			$sessData['status']['type'] = 'error';
36 - 144
            $sessData['status']['msg'] = 'Wrong email or password, please try again.';
25 - 145
		}
146
    }else{
147
        $sessData['status']['type'] = 'error';
36 - 148
        $sessData['status']['msg'] = 'Enter email and password.';
25 - 149
    }
36 - 150
 
25 - 151
	// Store login status into the session
152
    $_SESSION['sessData'] = $sessData;
36 - 153
 
25 - 154
	// Redirect to the home page
31 - 155
    MySessionHandler::commit(session_id());
30 - 156
    header("Location:index.php");
25 - 157
	exit;
158
}elseif(isset($_POST['forgotSubmit'])){
159
	$frmDisplay = '';
36 - 160
 
25 - 161
	// Get user inputs
36 - 162
	$email = sanitizeInput($_POST['email']);
163
 
25 - 164
	// Check whether email is empty
165
    if(!empty($email)){
166
		// Check whether user exists in the database
167
		$cond['where'] = array('email' => $email);
168
		$cond['return_type'] = 'count';
169
		$userCount = $user->getRows($cond);
170
		if($userCount > 0){
171
			// Generat unique string
172
			$uniqidStr = md5(uniqid(mt_rand()));
36 - 173
 
25 - 174
			// Update data with forgot pass code
175
			$conditions = array(
176
				'email' => $email
177
			);
178
			$data = array(
179
				'forgot_pass_identity' => $uniqidStr
180
			);
181
			$update = $user->update($data, $conditions);
36 - 182
 
25 - 183
			if($update){
184
				// Get user details
185
				$con['where'] = array('email' => $email);
186
				$con['return_type'] = 'single';
187
				$userDetails = $user->getRows($con);
36 - 188
 
25 - 189
				// Send reset password email
190
                @forgotPassEmail($userDetails);
36 - 191
 
25 - 192
				$sessData['status']['type'] = 'success';
193
				$sessData['status']['msg'] = 'Please check your email inbox, we have sent a password reset link to your registered email.';
194
				$frmDisplay = '?frmDis=0';
195
			}else{
196
				$sessData['status']['type'] = 'error';
197
				$sessData['status']['msg'] = 'Some problem occurred, please try again.';
198
			}
199
		}else{
200
			$sessData['status']['type'] = 'error';
36 - 201
			$sessData['status']['msg'] = 'Given email is not associated with any account.';
25 - 202
		}
36 - 203
 
25 - 204
    }else{
205
        $sessData['status']['type'] = 'error';
36 - 206
        $sessData['status']['msg'] = 'Enter email to create a new password for your account.';
25 - 207
    }
36 - 208
 
25 - 209
	// Store reset password status into the session
210
    $_SESSION['sessData'] = $sessData;
36 - 211
 
25 - 212
	// Redirect to the forgot pasword page
31 - 213
    MySessionHandler::commit(session_id());
25 - 214
    header("Location:forgotPassword.php".$frmDisplay);
215
}elseif(isset($_POST['resetSubmit'])){
36 - 216
	$fp_code = sanitizeInput($_POST['fp_code']);
217
 
25 - 218
	// Get user inputs
36 - 219
	$password = sanitizeInput($_POST['password']);
220
	$confirm_password = sanitizeInput($_POST['confirm_password']);
221
 
25 - 222
	if(!empty($password) && !empty($confirm_password) && !empty($fp_code)){
223
		// Password and confirm password comparison
224
        if($password !== $confirm_password){
225
            $sessData['status']['type'] = 'error';
226
            $sessData['status']['msg'] = 'Confirm password does not match the password.';
227
        }else{
228
			//check whether identity code exists in the database
229
            $cond['where'] = array('forgot_pass_identity' => $fp_code);
230
            $cond['return_type'] = 'count';
231
            $userCount = $user->getRows($cond);
232
            if($userCount > 0){
233
				// Update data with new password
234
				$conditions = array(
235
					'forgot_pass_identity' => $fp_code
236
				);
237
				$data = array(
238
					'password' => password_hash($password, PASSWORD_DEFAULT)
239
				);
240
				$update = $user->update($data, $conditions);
241
				if($update){
242
					$sessData['status']['type'] = 'success';
243
                    $sessData['status']['msg'] = 'Your account password has been reset successfully. Please login with your new password.';
244
				}else{
245
					$sessData['status']['type'] = 'error';
246
					$sessData['status']['msg'] = 'Some problem occurred, please try again.';
247
				}
248
            }else{
249
                $sessData['status']['type'] = 'error';
250
                $sessData['status']['msg'] = 'You are not authorized to reset the password for this account.';
251
            }
252
        }
253
    }else{
254
        $sessData['status']['type'] = 'error';
36 - 255
        $sessData['status']['msg'] = 'All fields are mandatory, please fill all the fields.';
25 - 256
    }
36 - 257
 
25 - 258
	// Store reset password status into the session
259
    $_SESSION['sessData'] = $sessData;
30 - 260
    $redirectURL = ($sessData['status']['type'] == 'success')?'index.php':'resetPassword.php?fp_code='.$fp_code;
36 - 261
 
25 - 262
	// Redirect to the login/reset pasword page
31 - 263
    MySessionHandler::commit(session_id());
25 - 264
    header("Location:".$redirectURL);
265
	exit;
266
}elseif(isset($_REQUEST['verifyEmail']) && $_REQUEST['verifyEmail'] == 1){
267
	$ac_code = $_REQUEST['ac_code'];
268
 
269
	// Check whether activation code exists in the database
270
	$cond['where'] = array('activation_code' => $ac_code);
271
	$cond['return_type'] = 'count';
272
	$userCount = $user->getRows($cond);
273
	if($userCount > 0){
274
		// Update data with new password
275
		$conditions = array(
276
			'activation_code' => $ac_code
277
		);
278
		$data = array(
279
			'activated' => '1'
280
		);
281
		$update = $user->update($data, $conditions);
282
		if($update){
283
			$sessData['status']['type'] = 'success';
284
			$sessData['status']['msg'] = 'Email verification for your account was successful. Please login to your account.';
285
		}else{
286
			$sessData['status']['type'] = 'error';
287
			$sessData['status']['msg'] = 'Some problem occurred, please try again.';
288
		}
289
	}else{
290
		$sessData['status']['type'] = 'error';
291
		$sessData['status']['msg'] = 'You have used the wrong verification link, please check your email inbox and try again.';
292
	}
36 - 293
 
25 - 294
	// Store account activation status into the session
295
    $_SESSION['sessData'] = $sessData;
30 - 296
    $redirectURL = 'index.php';
36 - 297
 
31 - 298
	// Redirect to the login page
299
    MySessionHandler::commit(session_id());
25 - 300
    header("Location:".$redirectURL);
301
	exit;
302
}elseif(isset($_POST['updateProfile']) && !empty($_SESSION['sessData']['userID'])){
303
	$valErr = 0;
36 - 304
 
25 - 305
	$sessData = $_SESSION['sessData'];
36 - 306
	unset($sessData['field_error']);
307
	unset($sessData['status']);
25 - 308
	$sessUserId = $sessData['userID'];
36 - 309
 
25 - 310
	// Get user inputs
36 - 311
	$first_name = sanitizeInput($_POST['first_name']);
312
	$last_name = sanitizeInput($_POST['last_name']);
313
	$email = sanitizeInput($_POST['email']);
314
	$zip = sanitizeInput($_POST['zip']);
315
 
25 - 316
	if(empty($first_name)){
317
		$valErr = 1;
318
		$sessData['field_error']['first_name'] = 'Please enter your first name.';
319
	}
31 - 320
/*
25 - 321
	if(empty($last_name)){
322
		$valErr = 1;
323
		$sessData['field_error']['last_name'] = 'Please enter your last name.';
324
	}
31 - 325
*/
25 - 326
	if(empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)){
327
		$valErr = 1;
328
		$sessData['field_error']['email'] = 'Please enter a valid email.';
329
	}
330
 
331
	if($valErr == 0){
332
		// Check whether user exists in the database
333
		$cond['where'] = array('email' => $email);
334
		$cond['where_not'] = array('id' => $sessUserId);
335
		$cond['return_type'] = 'count';
336
		$userCount = $user->getRows($cond);
337
		if($userCount > 0){
338
			$sessData['status']['type'] = 'error';
339
			$sessData['status']['msg'] = 'Email already exists, please use another email.';
340
		}else{
341
			// Get user information
342
			$conditions['where'] = array(
343
				'id' => $sessData['userID'],
344
			);
345
			$conditions['return_type'] = 'single';
346
			$userData = $user->getRows($conditions);
347
			$prevPicture = $userData['picture'];
36 - 348
 
349
			// Prepare user data
25 - 350
			$userData = array(
351
				'first_name' => $first_name,
352
				'last_name' => $last_name,
353
				'email' => $email,
26 - 354
				'zip' => $zip
25 - 355
			);
36 - 356
 
25 - 357
			// Profile picture upload
358
			$fileErr = 0;
36 - 359
			if(!empty($_FILES['picture']['name'])){
25 - 360
				$targetDir = UPLOAD_PATH.'profile_picture/';
36 - 361
				$fileName = time() . '_'.basename($_FILES["picture"]["tmp_name"]);
362
				$targetFilePath = $targetDir . $fileName;
363
				$fileType = strtolower(pathinfo($_FILES["picture"]["name"], PATHINFO_EXTENSION));
25 - 364
				$allowTypes = array('jpg','png','jpeg','gif');
36 - 365
				if (in_array($fileType, $allowTypes)) {
366
                    if ($_FILES["picture"]["size"] > 500000) {
367
    					$fileErr = 1;
368
	    				$sessData['status']['type'] = 'error';
369
		    			$sessData['status']['msg'] = 'Please upload a smaller image file.';
370
                    } else {
371
                        $check = getimagesize($_FILES["picture"]["tmp_name"]);
372
                        if ($check === false) {
373
        					$fileErr = 1;
374
	        				$sessData['status']['type'] = 'error';
375
		        			$sessData['status']['msg'] = 'Please upload only gif/jpg/png files.';
376
                        }
377
                    }
378
                } else {
379
	    			$fileErr = 1;
380
		    		$sessData['status']['type'] = 'error';
381
			    	$sessData['status']['msg'] = 'Please upload only gif/jpg/png files.';
382
                }
383
 
384
    			if($fileErr == 0) {
385
	    			if(move_uploaded_file($_FILES["picture"]["tmp_name"], $targetFilePath)){
386
		    			$userData['picture'] = $fileName;
387
 
388
			    		// Delete previous profile picture
389
				    	@unlink(UPLOAD_PATH.'profile_picture/'.$prevPicture);
390
        			} else {
391
                        $fileErr = 1;
392
    		    		$sessData['status']['type'] = 'error';
393
	    		    	$sessData['status']['msg'] = 'Could not upload picture.';
394
    			    	@unlink($_FILES["picture"]["tmp_name"]);
395
        			}
396
    		    } else {
397
			    	@unlink($_FILES["picture"]["tmp_name"]);
398
    			}
399
	    	}
400
 
401
   			if($fileErr == 0) {
402
       		    // Update user data in the database
403
   	    		$conditions = array(
404
   		    		'id' => $sessUserId
405
   			    );
406
 
407
   				$update = $user->update($userData, $conditions);
408
 
409
       			// Set status based on data insert
410
       			if($update){
411
   	    			$sessData['status']['type'] = 'success';
412
   		    		$sessData['status']['msg'] = 'Your profile information has been updated.';
413
   			    }else{
414
   				   	$sessData['status']['type'] = 'error';
415
   				    $sessData['status']['msg'] = 'Some problem occurred, please try again.';
416
       			}
417
            }
25 - 418
		}
419
    }else{
420
        $sessData['status']['type'] = 'error';
36 - 421
        $sessData['status']['msg'] = 'Please fill all mandatory fields.';
25 - 422
    }
36 - 423
 
25 - 424
	// Store signup status into the session
425
    $_SESSION['sessData'] = $sessData;
26 - 426
	$redirectURL = 'editAccount.php';
36 - 427
 
31 - 428
	// Redirect to the profile page
429
    MySessionHandler::commit(session_id());
25 - 430
    header("Location:".$redirectURL);
431
	exit;
432
}elseif(isset($_POST['updatePassword']) && !empty($_SESSION['sessData']['userID'])){
433
	$sessData = $_SESSION['sessData'];
36 - 434
	unset($sessData['field_error']);
435
	unset($sessData['status']);
25 - 436
	$sessUserId = $sessData['userID'];
36 - 437
 
25 - 438
	// Get user inputs
36 - 439
	$old_password = sanitizeInput($_POST['old_password']);
440
	$password = sanitizeInput($_POST['password']);
441
	$confirm_password = sanitizeInput($_POST['confirm_password']);
442
 
25 - 443
	if(!empty($password) && !empty($confirm_password)){
444
		// Password and confirm password comparison
445
        if($password !== $confirm_password){
446
            $sessData['status']['type'] = 'error';
447
            $sessData['status']['msg'] = 'Confirm password does not match the password.';
448
        }else{
449
			// Check whether identity code exists in the database
450
			$cond['where'] = array('id' => $sessUserId);
451
            $cond['return_type'] = 'single';
452
            $userData = $user->getRows($cond);
36 - 453
 
25 - 454
			if((!empty($userData) && !empty($sessData['loginType']) && $sessData['loginType'] == 'social') || (!empty($userData) && password_verify($old_password, $userData['password']))){
455
				// Update data with new password
456
				$conditions = array(
457
					'id' => $sessUserId
458
				);
31 - 459
				$passwordHash = password_hash($password, PASSWORD_DEFAULT);
25 - 460
				$data = array(
31 - 461
					'password' => $passwordHash
25 - 462
				);
463
				$update = $user->update($data, $conditions);
464
				if($update){
31 - 465
                    if (!empty($_COOKIE['rememberUserId'])){
466
    					setcookie('hash', password_hash($passwordHash . $sessUserId, PASSWORD_DEFAULT), time() + (30 * 86400), "/");
467
    				}
25 - 468
					$sessData['status']['type'] = 'success';
469
                    $sessData['status']['msg'] = 'Your account password has been updated successfully.';
470
				}else{
471
					$sessData['status']['type'] = 'error';
472
					$sessData['status']['msg'] = 'Some problem occurred, please try again.';
473
				}
474
            }else{
475
                $sessData['status']['type'] = 'error';
476
                $sessData['status']['msg'] = 'The given old password does not match your current account password.';
477
            }
478
        }
479
    }else{
480
        $sessData['status']['type'] = 'error';
36 - 481
        $sessData['status']['msg'] = 'Please fill all mandatory fields.';
25 - 482
    }
36 - 483
 
25 - 484
	// Store reset password status into the session
485
    $_SESSION['sessData'] = $sessData;
26 - 486
    $redirectURL = 'changePassword.php';
36 - 487
 
25 - 488
	// Redirect to the pasword settings page
31 - 489
    MySessionHandler::commit(session_id());
25 - 490
    header("Location:".$redirectURL);
491
	exit;
492
}elseif(!empty($_REQUEST['logoutSubmit'])){
493
	// Include social login handler
494
	if(!empty($_SESSION['sessData']['loginType']) && ($_SESSION['sessData']['loginType'] == 'social') && !empty($_SESSION['google_access_token'])){
495
		require_once 'includes/socialLogin.php';
496
	}
36 - 497
 
25 - 498
	// Remove cookie data
31 - 499
	setcookie("rememberUserId", "", time() - 3600, "/");
500
	setcookie("hash", "", time() - 3600, "/");
501
    unset($_COOKIE['rememberUserId']);
502
    unset($_COOKIE['hash']);
36 - 503
 
25 - 504
	// Remove session data
505
	unset($_SESSION['facebook_access_token']);
506
	unset($_SESSION['FBRLH_state']);
507
	if(isset($_SESSION['google_access_token'])){
508
		// Reset OAuth access token
509
		$gClient->revokeToken();
510
	}
511
	unset($_SESSION['google_access_token']);
512
	unset($_SESSION['twitter_access_token']);
513
	unset($_SESSION['twitter_token_secret']);
514
    unset($_SESSION['sessData']);
515
    session_destroy();
36 - 516
 
31 - 517
	// Store logout status into the session
25 - 518
    $sessData['status']['type'] = 'success';
519
    $sessData['status']['msg'] = 'You have logged off your account.';
520
    $_SESSION['sessData'] = $sessData;
36 - 521
 
25 - 522
	// Redirect to the home page
31 - 523
    MySessionHandler::commit(session_id());
524
    header("Location:../index.php");
25 - 525
	exit;
526
}else{
527
	// Redirect to the home page
31 - 528
    MySessionHandler::commit(session_id());
529
    header("Location:../index.php");
25 - 530
	exit;
531
}
36 - 532
 
533
// sanitize user input
534
function sanitizeInput($data) {
535
    $data = trim(preg_replace('/[\t\n\r\s]+/', ' ', $data));
536
    $data = stripslashes($data);
537
    $data = htmlspecialchars($data);
538
    return $data;
539
}