Rev 25 | Rev 30 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed
<?php// Email sending functionsinclude_once 'includes/email_functions.php';include_once 'includes/password.php';// Start sessionif(!session_id()){session_start();}// Include config filerequire_once 'includes/config.php';// Load and initialize user classrequire_once 'includes/User.class.php';$user = new User();if(isset($_POST['signupSubmit'])){$valErr = 0;// Store post data into session$_SESSION['signup_post_data'] = $_POST;// Get user inputs$first_name = $_POST['first_name'];$last_name = $_POST['last_name'];$email = $_POST['email'];$zip = $_POST['zip'];$password = $_POST['password'];$confirm_password = $_POST['confirm_password'];if(empty($first_name)){$valErr = 1;$sessData['field_error']['first_name'] = 'Please enter your first name.';}if(empty($last_name)){$valErr = 1;$sessData['field_error']['last_name'] = 'Please enter your last name.';}if(empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)){$valErr = 1;$sessData['field_error']['email'] = 'Please enter a valid email.';}if(empty($password)){$valErr = 1;$sessData['field_error']['password'] = 'Please enter account password.';}if(empty($confirm_password)){$valErr = 1;$sessData['field_error']['confirm_password'] = 'Please confirm your password.';}elseif($password !== $confirm_password){$valErr = 1;$sessData['field_error']['confirm_password'] = 'Confirm password does not match the password.';}if($valErr == 0){// Check whether user exists in the database$cond['where'] = array('email' => $email);$cond['return_type'] = 'count';$userCount = $user->getRows($cond);if($userCount > 0){$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Email already exists, please use another email.';}else{// Email verification code$uniqidStr = md5(uniqid(mt_rand()));// Insert user data in the database$userData = array('first_name' => $first_name,'last_name' => $last_name,'email' => $email,'password' => password_hash($password, PASSWORD_DEFAULT),'zip' => $zip,'activation_code' => $uniqidStr);$insert = $user->insert($userData);// Set status based on data insertif($insert){// Remove post data from sessionunset($_SESSION['signup_post_data']);// Send account verification email@emailVerification($userData);$sessData['status']['type'] = 'success';$sessData['status']['msg'] = 'Your registration was successful. Please check your email inbox to verify and activate your account.';// Remove post data from sessionunset($_SESSION['signup_post_data']);}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Some problem occurred, please try again.';}}}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Please fill all mandatory fields.';}// Store signup status into the session$_SESSION['sessData'] = $sessData;$redirectURL = ($sessData['status']['type'] == 'success')?'login.php':'registration.php';// Redirect to the home/login pageheader("Location:".$redirectURL);exit;}elseif(isset($_POST['loginSubmit'])){// Get user inputs$email = $_POST['email'];$password = $_POST['password'];// Check whether login details are emptyif(!empty($email) && !empty($password)){// Get user data from user class$conditions['where'] = array('email' => $email,'status' => '1');$conditions['return_type'] = 'single';$userData = $user->getRows($conditions);if(!empty($userData) && password_verify($password, $userData['password'])){// Set user data and status based on login credentialsif($userData['activated'] == '0'){$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Your account activation is pending, please check your email inbox to verify and activate your account.';}else{// If remember me is checkedif (isset($_POST['rememberMe']) && $_POST['rememberMe'] == 1) {setcookie('rememberUserId', $userData['id'], time() + (86400));}$sessData['userLoggedIn'] = TRUE;$sessData['userID'] = $userData['id'];$sessData['status']['type'] = 'success';$sessData['status']['msg'] = 'Welcome '.$userData['first_name'].'!';}}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Wrong email or password, please try again.';}}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Enter email and password.';}// Store login status into the session$_SESSION['sessData'] = $sessData;// Redirect to the home pageheader("Location:login.php");exit;}elseif(isset($_POST['forgotSubmit'])){$frmDisplay = '';// Get user inputs$email = $_POST['email'];// Check whether email is emptyif(!empty($email)){// Check whether user exists in the database$cond['where'] = array('email' => $email);$cond['return_type'] = 'count';$userCount = $user->getRows($cond);if($userCount > 0){// Generat unique string$uniqidStr = md5(uniqid(mt_rand()));// Update data with forgot pass code$conditions = array('email' => $email);$data = array('forgot_pass_identity' => $uniqidStr);$update = $user->update($data, $conditions);if($update){// Get user details$con['where'] = array('email' => $email);$con['return_type'] = 'single';$userDetails = $user->getRows($con);// Send reset password email@forgotPassEmail($userDetails);$sessData['status']['type'] = 'success';$sessData['status']['msg'] = 'Please check your email inbox, we have sent a password reset link to your registered email.';$frmDisplay = '?frmDis=0';}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Some problem occurred, please try again.';}}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Given email is not associated with any account.';}}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Enter email to create a new password for your account.';}// Store reset password status into the session$_SESSION['sessData'] = $sessData;// Redirect to the forgot pasword pageheader("Location:forgotPassword.php".$frmDisplay);}elseif(isset($_POST['resetSubmit'])){$fp_code = $_POST['fp_code'];// Get user inputs$password = $_POST['password'];$confirm_password = $_POST['confirm_password'];if(!empty($password) && !empty($confirm_password) && !empty($fp_code)){// Password and confirm password comparisonif($password !== $confirm_password){$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Confirm password does not match the password.';}else{//check whether identity code exists in the database$cond['where'] = array('forgot_pass_identity' => $fp_code);$cond['return_type'] = 'count';$userCount = $user->getRows($cond);if($userCount > 0){// Update data with new password$conditions = array('forgot_pass_identity' => $fp_code);$data = array('password' => password_hash($password, PASSWORD_DEFAULT));$update = $user->update($data, $conditions);if($update){$sessData['status']['type'] = 'success';$sessData['status']['msg'] = 'Your account password has been reset successfully. Please login with your new password.';}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Some problem occurred, please try again.';}}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'You are not authorized to reset the password for this account.';}}}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'All fields are mandatory, please fill all the fields.';}// Store reset password status into the session$_SESSION['sessData'] = $sessData;$redirectURL = ($sessData['status']['type'] == 'success')?'login.php':'resetPassword.php?fp_code='.$fp_code;// Redirect to the login/reset pasword pageheader("Location:".$redirectURL);exit;}elseif(isset($_REQUEST['verifyEmail']) && $_REQUEST['verifyEmail'] == 1){$ac_code = $_REQUEST['ac_code'];// Check whether activation code exists in the database$cond['where'] = array('activation_code' => $ac_code);$cond['return_type'] = 'count';$userCount = $user->getRows($cond);if($userCount > 0){// Update data with new password$conditions = array('activation_code' => $ac_code);$data = array('activated' => '1');$update = $user->update($data, $conditions);if($update){$sessData['status']['type'] = 'success';$sessData['status']['msg'] = 'Email verification for your account was successful. Please login to your account.';}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Some problem occurred, please try again.';}}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'You have used the wrong verification link, please check your email inbox and try again.';}// Store account activation status into the session$_SESSION['sessData'] = $sessData;$redirectURL = 'login.php';//Redirect to the login pageheader("Location:".$redirectURL);exit;}elseif(isset($_POST['updateProfile']) && !empty($_SESSION['sessData']['userID'])){$valErr = 0;$sessData = $_SESSION['sessData'];$sessUserId = $sessData['userID'];// Get user inputs$first_name = $_POST['first_name'];$last_name = $_POST['last_name'];$email = $_POST['email'];$zip = $_POST['zip'];if(empty($first_name)){$valErr = 1;$sessData['field_error']['first_name'] = 'Please enter your first name.';}if(empty($last_name)){$valErr = 1;$sessData['field_error']['last_name'] = 'Please enter your last name.';}if(empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)){$valErr = 1;$sessData['field_error']['email'] = 'Please enter a valid email.';}if($valErr == 0){// Check whether user exists in the database$cond['where'] = array('email' => $email);$cond['where_not'] = array('id' => $sessUserId);$cond['return_type'] = 'count';$userCount = $user->getRows($cond);if($userCount > 0){$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Email already exists, please use another email.';}else{// Get user information$conditions['where'] = array('id' => $sessData['userID'],);$conditions['return_type'] = 'single';$userData = $user->getRows($conditions);$prevPicture = $userData['picture'];// Prepare user data$userData = array('first_name' => $first_name,'last_name' => $last_name,'email' => $email,'zip' => $zip);// Profile picture upload$fileErr = 0;if(isset($_FILES['picture']['name']) && $_FILES['picture']['name'] != ""){$targetDir = UPLOAD_PATH.'profile_picture/';$fileName = time().'_'.basename($_FILES["picture"]["name"]);$targetFilePath = $targetDir. $fileName;$fileType = pathinfo($targetFilePath,PATHINFO_EXTENSION);$allowTypes = array('jpg','png','jpeg','gif');if(in_array($fileType, $allowTypes)){if(move_uploaded_file($_FILES["picture"]["tmp_name"], $targetFilePath)){$userData['picture'] = $fileName;// Delete previous profile picture@unlink(UPLOAD_PATH.'profile_picture/'.$prevPicture);}}else{$fileErr = 1;$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Please select only jpg/png/gif files.';}}if($fileErr == 0){// Update user data in the database$conditions = array('id' => $sessUserId);$update = $user->update($userData, $conditions);// Set status based on data insertif($update){$sessData['status']['type'] = 'success';$sessData['status']['msg'] = 'Your profile information has been updated.';}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Some problem occurred, please try again.';}}}}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Please fill all mandatory fields.';}// Store signup status into the session$_SESSION['sessData'] = $sessData;$redirectURL = 'editAccount.php';//redirect to the profile pageheader("Location:".$redirectURL);exit;}elseif(isset($_POST['updatePassword']) && !empty($_SESSION['sessData']['userID'])){$sessData = $_SESSION['sessData'];$sessUserId = $sessData['userID'];// Get user inputs$old_password = $_POST['old_password'];$password = $_POST['password'];$confirm_password = $_POST['confirm_password'];if(!empty($password) && !empty($confirm_password)){// Password and confirm password comparisonif($password !== $confirm_password){$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Confirm password does not match the password.';}else{// Check whether identity code exists in the database$cond['where'] = array('id' => $sessUserId);$cond['return_type'] = 'single';$userData = $user->getRows($cond);if((!empty($userData) && !empty($sessData['loginType']) && $sessData['loginType'] == 'social') || (!empty($userData) && password_verify($old_password, $userData['password']))){// Update data with new password$conditions = array('id' => $sessUserId);$data = array('password' => password_hash($password, PASSWORD_DEFAULT));$update = $user->update($data, $conditions);if($update){$sessData['status']['type'] = 'success';$sessData['status']['msg'] = 'Your account password has been updated successfully.';}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Some problem occurred, please try again.';}}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'The given old password does not match your current account password.';}}}else{$sessData['status']['type'] = 'error';$sessData['status']['msg'] = 'Please fill all mandatory fields.';}// Store reset password status into the session$_SESSION['sessData'] = $sessData;$redirectURL = 'changePassword.php';// Redirect to the pasword settings pageheader("Location:".$redirectURL);exit;}elseif(!empty($_REQUEST['logoutSubmit'])){// Include social login handlerif(!empty($_SESSION['sessData']['loginType']) && ($_SESSION['sessData']['loginType'] == 'social') && !empty($_SESSION['google_access_token'])){require_once 'includes/socialLogin.php';}// Remove cookie datasetcookie("rememberUserId", "", time() - 3600);// Remove session dataunset($_SESSION['facebook_access_token']);unset($_SESSION['FBRLH_state']);if(isset($_SESSION['google_access_token'])){// Reset OAuth access token$gClient->revokeToken();}unset($_SESSION['google_access_token']);unset($_SESSION['twitter_access_token']);unset($_SESSION['twitter_token_secret']);unset($_SESSION['sessData']);session_destroy();// Store logout status into the ession$sessData['status']['type'] = 'success';$sessData['status']['msg'] = 'You have logged off your account.';$_SESSION['sessData'] = $sessData;// Redirect to the home pageheader("Location:login.php");exit;}else{// Redirect to the home pageheader("Location:login.php");exit;}