/** * Session.php * * * The Session class is meant to simplify the task of keeping * track of logged in users and also guests. * */ /* Error reporting */ ini_set('display_errors', 'off'); switch($_COOKIE['ctrl_errors']){ case 'off': ini_set('display_errors', 'off'); error_reporting(0); break; case 'on': ini_set('display_errors', 'on'); //E_ERROR | E_WARNING | E_PARSE //E_ALL error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING); break; /* Default */ default: //ini_set('display_errors', 'off'); //error_reporting(0); ini_set('display_errors', 'on'); //E_ERROR | E_WARNING | E_PARSE //E_ALL error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING); break; } include_once(str_replace('//','/',dirname(__FILE__).'/') .'config.php'); include_once(str_replace('//','/',dirname(__FILE__).'/') .PLUGIN_FOLDER.'/users/class.database.php'); include_once(str_replace('//','/',dirname(__FILE__).'/') .PLUGIN_FOLDER.'/users/class.mailer.php'); include_once(str_replace('//','/',dirname(__FILE__).'/') .SYSTEM_FOLDER.'/class.form.php'); include_once(str_replace('//','/',dirname(__FILE__).'/') .SYSTEM_FOLDER.'/Mobile_Detect.php'); $detect = new Mobile_Detect(); include_once(str_replace('//','/',dirname(__FILE__).'/') .SYSTEM_FOLDER.'/class.functions.php'); class Session { var $username; //Username given on sign-up var $user_id; //Random value generated on current login var $user_level; //The level to which the user pertains var $time; //Time user was last active (page loaded) var $logged_in; //True if user is logged in, false otherwise var $userinfo = array(); //The array holding all user info var $url; //The page url current being viewed var $referrer; //Last recorded site page viewed /** * Note: referrer should really only be considered the actual * page referrer in process.php, any other time it may be * inaccurate. */ /* Class constructor */ function Session(){ $this->time = time(); $this->startSession(); } /** * startSession - Performs all the actions necessary to * initialize this session object. Tries to determine if the * the user has logged in already, and sets the variables * accordingly. Also takes advantage of this page load to * update the active visitors tables. */ function startSession(){ global $database, $domain; //The database connection session_start(); //Tell PHP to start the session /* Determine if user is logged in */ $this->logged_in = $this->checkLogin(); /** * Set guest value to users not logged in, and update * active guests table accordingly. */ if(!$this->logged_in){ if($_SESSION['chat_username']){ $guest_name = $_SESSION['chat_username']; }else{ $guest_name = GUEST_NAME; } $this->username = $_SESSION['username'] = $guest_name; $this->user_level = GUEST_LEVEL; $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); } /* Update users last active timestamp */ else{ $database->addActiveUser($this->username, $this->time); } /* Remove inactive visitors from database */ $database->removeInactiveUsers(); $database->removeInactiveGuests(); /* Set referrer page */ if(isset($_SESSION['url'])){ $this->referrer = $_SESSION['url']; }else{ $this->referrer = "/"; } /* Set current url */ $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF']; /* Set referer */ $this->referer = $_SERVER['HTTP_REFERER'];//windows server /* Set environment */ $s = array(DIRECTORY,'/','.php'); $r = array('','','',); $this->env = str_replace($s, $r, $this->url); } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ global $database; //The database connection /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ $this->username = $_SESSION['username'] = $_COOKIE['cookname']; $this->user_id = $_SESSION['user_id'] = $_COOKIE['cookid']; } /* Username and user_id have been set and not guest */ if(isset($_SESSION['username']) && isset($_SESSION['user_id']) && $_SESSION['username'] != GUEST_NAME){ /* Confirm that user name and user_id are valid */ if($database->confirmUserID($_SESSION['username'], $_SESSION['user_id']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['user_id']); return false; } /* User is logged in, set class variables */ $this->userinfo = $database->getUserInfo($_SESSION['username']); $this->username = $this->userinfo['username']; $this->user_email = $this->userinfo['user_email']; $this->user_timestamp = $this->userinfo['user_timestamp']; $this->user_timestamp_registered = $this->userinfo['user_timestamp_registered']; $this->user_banned = $this->userinfo['user_banned']; $this->user_valid = $this->userinfo['user_valid']; $this->user_cont_main_cat_id = $this->userinfo['user_cont_main_cat_id']; $this->user_id = $this->userinfo['user_id']; $this->user_level = $this->userinfo['user_level']; /* Personalia */ $this->user_gender = $this->userinfo['user_gender']; $this->user_firstname = $this->userinfo['user_firstname']; $this->user_insertion = $this->userinfo['user_insertion']; $this->user_lastname = $this->userinfo['user_lastname']; $this->user_fullname = $this->userinfo['user_fullname']; $this->user_birthdate = $this->userinfo['user_birthdate']; $this->user_birthcity = $this->userinfo['user_birthcity']; $this->user_birthcountry = $this->userinfo['user_birthcountry']; $this->user_salutation = $this->userinfo['user_gender']; $this->user_image = $this->userinfo['user_image']; /* Work */ $this->user_company = $this->userinfo['user_company']; $this->user_function = $this->userinfo['user_function']; /* Address */ $this->user_address = $this->userinfo['user_address']; $this->user_zip = $this->userinfo['user_zip']; $this->user_city = $this->userinfo['user_city']; $this->user_state = $this->userinfo['user_state']; $this->user_country = $this->userinfo['user_country']; $this->user_latitude = $this->userinfo['user_latitude']; $this->user_longitude = $this->userinfo['user_longitude']; $this->user_phone = $this->userinfo['user_phone']; $this->user_mobile = $this->userinfo['user_mobile']; $this->user_fax = $this->userinfo['user_fax']; /* links */ $this->user_website = $this->userinfo['user_website']; $this->user_portfolio = $this->userinfo['user_portfolio']; $this->user_rssfeed = $this->userinfo['user_rssfeed']; $this->user_linkedin = $this->userinfo['user_linkedin']; $this->user_facebook = $this->userinfo['user_facebook']; $this->user_twitter = $this->userinfo['user_twitter']; $this->user_youtube = $this->userinfo['user_youtube']; $this->user_vimeo = $this->userinfo['user_vimeo']; /* 20 variables */ foreach(range(1,20) as $n){ $this->user_var_.$n = $this->userinfo['user_var_'.$n]; } $this->user_desc_l0 = $this->userinfo['user_desc_l0']; $this->user_desc_l1 = $this->userinfo['user_desc_l1']; $this->user_desc_l2 = $this->userinfo['user_desc_l2']; $this->user_desc_l3 = $this->userinfo['user_desc_l3']; $this->user_desc = $this->userinfo['user_desc_l'.$functions->lang_nr]; $this->user_cv_l0 = $this->userinfo['user_cv_l0']; $this->user_cv_l1 = $this->userinfo['user_cv_l1']; $this->user_cv_l2 = $this->userinfo['user_cv_l2']; $this->user_cv_l3 = $this->userinfo['user_cv_l3']; $this->user_cv = $this->userinfo['user_cv_l'.$functions->lang_nr]; return true; } /* User not logged in */ else{ return false; } } /** * login - The user has submitted his user name and password * through the login form, this function checks the authenticity * of that information in the database and creates the session. * Effectively logging in the user if all goes well. */ function login($subuser, $subpass, $subremember){ global $database, $form, $functions; //The database and form object /* Username error checking */ $field = "user_login"; //Use field name for user name if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, $functions->TR_("username not entered", 2)); } else{ /* Check if user name is not alphanumeric */ if(!preg_match("/^([0-9a-z])*$/i", $subuser)){ $form->setError($field, $functions->TR_("username not alphanumeric", 2)); } } /* Password error checking */ $field = "pass_login"; //Use field name for password if(!$subpass){ $form->setError($field, $functions->TR_("password not entered", 2)); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Checks that user name is in database and password is correct */ $subuser = stripslashes($subuser); $result = $database->confirmUserPass($subuser, md5($subpass)); /* Check error codes */ if($result == 1){ $field = "user_login"; $form->setError($field, $functions->TR_("username not found", 2)); } else if($result == 2){ $field = "pass_login"; $form->setError($field, $functions->TR_("invalid password", 2)); } /* Return if form errors exist */ if($form->num_errors > 0){ return false; } /* Username and password correct, register session variables */ $this->userinfo = $database->getUserInfo($subuser); $this->username = $_SESSION['username'] = $this->userinfo['username']; $this->user_id = $_SESSION['user_id'] = $this->generateRandID(); $this->user_level = $this->userinfo['user_level']; /* Insert user_id into database and update active users table */ $database->updateUserField($this->username, "user_id", $this->user_id); $database->addActiveUser($this->username, $this->time); $database->removeActiveGuest($_SERVER['REMOTE_ADDR']); /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his user name, * and one to hold his random value user_id. It expires by the time * specified in constants.php. Now, next time he comes to our site, we will * log him in automatically, but only if he didn't log out before he left. */ if($subremember){ setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", $this->user_id, time()+COOKIE_EXPIRE, COOKIE_PATH); }else{ setcookie('cookname','',time()-3600,COOKIE_PATH); setcookie('cookid','',time()-3600,COOKIE_PATH); } /* Login completed successfully */ return true; } /** * logout - Gets called when the user wants to be logged out of the * website. It deletes any cookies that were stored on the users * computer as a result of him wanting to be remembered, and also * unsets session variables and demotes his user level to guest. */ function logout(){ global $database; //The database connection /** * Delete cookies - the time must be in the past, * so just negate what you added when creating the * cookie. */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH); setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH); } /* Unset PHP session variables */ unset($_SESSION['username']); unset($_SESSION['user_id']); /* Reflect fact that user has logged out */ $this->logged_in = false; /** * Remove from active users table and add to * active guests tables. */ $database->removeActiveUser($this->username); $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); /* Set user level to guest */ $this->username = GUEST_NAME; $this->user_level = GUEST_LEVEL; } function user($uname, $uvalid, $ulevel, $uban, $ubirth){ global $session, $form, $database; $field = "user_valid"; if(!$uvalid){ $form->setError($field,'user has to be validated to make any changes'); } $cur_level = $database->getUserLevel($uname); if($cur_level == ADMIN_LEVEL && $ulevel == 1 && $uname == $session->username){ $field = "user_level"; $form->setError($field,"You can not lower your own level"); } if($uname == $session->username && $uban == 1){ $field = "user_banned"; $form->setError($field,"You can not ban yourself"); } if($ubirth){ $field = "user_birthdate"; $regex='/[0-9]{2}\-[0-9]{2}\-[0-9]{4}/'; if(!preg_match($regex,$ubirth)){ $form->setError($field,"date of birth not valid"); } } /* Errors exist, have user correct them */ if($form->num_errors > 0){ return 1; //Errors with form }else{ return 0; // No errors with form } } function userDelete($uname){ global $session, $form, $database; if($uname==$session->username){ $field = "row[".$session->username."]"; $form->setError($field,"You can not delete yourself"); } else if($database->getUserLevel($uname)==9){ $field = "row[".$uname."]"; $form->setError($field,"You can not delete administrators"); }else /* get user info */ $result = $database->getUserInfoByUsername($uname); /* count content */ $content_amount = count($result); if($content_amount>0){ $field = "row[".$uname."]"; $form->setError($field,"This user posted content. Delete this users content first"); } /* Errors exist, have user correct them */ if($form->num_errors > 0){ return 1; //Errors with form }else{ return 0; // No errors with form } } /** * register - Gets called when the user has just submitted the * registration form. Determines if there were any errors with * the entry fields, if so, it records the errors and returns * 1. If no errors were found, it registers the new user and * returns 0. Returns 2 if registration failed. */ function proc_handle_account( $subjoin, $subedit, $subuser, $subpass, $subconfirmpass, $subemail, $subvalid, $sublevel, $subcurpass, $subnewpass, $subconfnewpass, $subuser_fname, $subuser_insertion, $subuser_lname, $subuser_company, $subuser_function, $subuser_address, $subuser_zip, $subuser_city, $subuser_state, $subuser_country, $subuser_latitude, $subuser_longitude, $subuser_phone, $subuser_mobile, $subuser_fax, $subuser_bdate, $subuser_bcity, $subuser_bcountry, $subuser_gender, $subuser_mail, $website, $portfolio, $rssfeed , $linkedin, $facebook, $twitter, $youtube, $vimeo, $var_1, $var_2, $var_3, $var_4, $var_5, $var_6, $var_7, $var_8, $var_9, $var_10, $var_11, $var_12, $var_13, $var_14, $var_15, $var_16, $var_17, $var_18, $var_19, $var_20, $sub_desc_l0, $sub_desc_l1, $sub_desc_l2, $sub_desc_l3, $sub_cv_l0, $sub_cv_l1, $sub_cv_l2, $sub_cv_l3 ){ global $database, $form, $user_mailer, $functions, $control, $lang_arr; //The database, form and mailer object /* Register new account */ if($subjoin){ /* Username error checking */ $field = "user"; //Use field name for user name if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, $functions->TR_("username not entered",2)); } else{ /* Spruce up user name, check length */ $subuser = stripslashes($subuser); if(strlen($subuser) < 8){ $form->setError($field, $functions->TR_("username below 8 characters",2)); } else if(strlen($subuser) > 30){ $form->setError($field, $functions->TR_("username above 30 characters",2)); } /* Check if user name is not alphanumeric */ else if(!preg_match("/^([0-9a-z])+$/i", $subuser)){ $form->setError($field, $functions->TR_("username not alfanumeric",2)); } /* Check if user name is reserved */ else if(strcasecmp($subuser, GUEST_NAME) == 0){ $form->setError($field, $functions->TR_("username reserved word",2)); } /* Check if user name is already in use */ else if($database->usernameTaken($subuser)){ $form->setError($field, $functions->TR_("username already in use",2)); } /* Check if user name is banned */ else if($database->usernameBanned($subuser)){ $form->setError($field, $functions->TR_("username banned",2)); } } /* Password error checking */ $field = "pass"; //Use field name for password if(!$subpass){ $form->setError($field, $functions->TR_("password not entered",2)); } else{ /* Spruce up password and check length */ $subpass = stripslashes($subpass); if(strlen($subpass) < 8){ $form->setError($field, $functions->TR_("password below 8 characters",2)); } /* Check if password is not alphanumeric */ else if(!preg_match("/^([0-9a-z])+$/i", ($subpass = trim($subpass)))){ $form->setError($field, $functions->TR_("password not alphanumeric",2)); } /** * Note: I trimmed the password only after I checked the length * because if you fill the password field up with spaces * it looks like a lot more characters than 4, so it looks * kind of stupid to report "password too short". */ } /* confirm pass */ $field = "confirm_pass"; //Use field name for password confirmation if($_POST[$field] && !$subconfirmpass){ $form->setError($field, $functions->TR_("confirmation not entered",2)); } /* confirm pass */ else if($_POST[$field] && $subpass!=$subconfirmpass){ $form->setError($field, $functions->TR_("wrong password confirmation",2)); } /* Email error checking */ $field = "email"; //Use field name for email if(!$subemail || strlen($subemail = trim($subemail)) == 0){ //$form->setError($field, $functions->TR_("email not entered",2)); } else{ /* Check if valid email address */ $regex = "/^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$/i"; if(!preg_match($regex,$subemail)){ $form->setError($field, $functions->TR_("email invalid",2)); } $subemail = stripslashes($subemail); } } /* Edit Account */ if($subedit){ if($subnewpass){ /* Current Password error checking */ $field = "acc_curpass"; //Use field name for current password if(!$subcurpass){ $form->setError($field, $functions->TR_("current password not entered", 2)); } else{ /* Check if password too short or is not alphanumeric */ $subcurpass = stripslashes($subcurpass); if(strlen($subcurpass) < 5 || !preg_match("/^([0-9a-z])+$/i", ($subcurpass = trim($subcurpass)))){ $form->setError($field, $functions->TR_("current password incorrect", 2)); } /* Password entered is incorrect */ if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){ $form->setError($field, $functions->TR_("current password incorrect", 2)); } } /* New Password error checking */ $field = "acc_newpass"; //Use field name for new password /* Spruce up password and check length*/ $subpass = stripslashes($subnewpass); if(strlen($subnewpass) < 8){ $form->setError($field, $functions->TR_("new password too short", 2)); } /* Check if password is not alphanumeric */ else if(!preg_match("/^([0-9a-z])+$/i", ($subnewpass = trim($subnewpass)))){ $form->setError($field, $functions->TR_("new password not alphanumeric", 2)); } $field = "acc_confnewpass"; if($_POST[$field] && $subnewpass != $subconfnewpass){ $form->setError($field, $functions->TR_("confirmation not matching", 2)); } } /* Change Password attempted */ else if($subcurpass){ /* New Password error reporting */ $field = "acc_newpass"; //Use field name for new password $form->setError($field, $functions->TR_("new password not entered", 2)); } /* Email error checking */ $field = "email"; //Use field name for email if(isset($_POST['email'])){ if(!$subemail || strlen($subemail = trim($subemail)) == 0){ $form->setError($field, $functions->TR_("email not entered",2)); } else{ /* Check if valid email address */ $regex = "/^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" ."\.([a-z]{2,}){1}$/i"; if(!preg_match($regex,$subemail)){ $form->setError($field, $functions->TR_("email invalid",2)); } $subuser_email = stripslashes($subemail); } } } /* */ $field = 'fname'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!$subuser_fname){ $form->setError($field, $functions->TR_("first name not entered",2)); } } /* */ $field = 'lname'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!$subuser_lname){ $form->setError($field, $functions->TR_("last name not entered",2)); } } /* */ $field = 'company'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!$subuser_company){ $form->setError($field, $functions->TR_("company name not entered",2)); } } /* */ $field = 'function'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!$subuser_function){ $form->setError($field, $functions->TR_("function not entered",2)); } } /* */ $field = 'address'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!$subuser_address){ $form->setError($field, $functions->TR_("address not entered",2)); } } /* */ $field = 'zip'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!$subuser_zip){ $form->setError($field, $functions->TR_("zip not entered",2)); } } /* */ $field = 'city'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!$subuser_city){ $form->setError($field, $functions->TR_("city not entered",2)); } } /* */ $field = 'state'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!$subuser_state){ $form->setError($field, $functions->TR_("state not entered",2)); } } /* */ $field = 'country'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!$subuser_country){ $form->setError($field, $functions->TR_("country not selected",2)); } } /* */ $field = 'latitude'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!trim($subuser_latitude)){ $form->setError($field, $functions->TR_("latitude not entered",2)); } } // if($_POST[$field] && !is_numeric($_POST[$field])){ $form->setError($field, $functions->TR_("wrong format",2)); } /* */ $field = 'longitude'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!trim($subuser_longitude)){ $form->setError($field, $functions->TR_("longitude not entered",2)); } } // if($_POST[$field] && !is_numeric($_POST[$field])){ $form->setError($field, $functions->TR_("wrong format",2)); } /* */ $field = 'phone'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!$subuser_phone){ $form->setError($field, $functions->TR_("phone number not entered",2)); }else if(strlen($subuser_phone) < 8 || !preg_match("/^([0-9+() ])+$/i", $subuser_phone)){ $form->setError($field, $functions->TR_("phone number not valid",2)); } } /* */ $field = 'mobile'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!$subuser_mobile){ $form->setError($field, $functions->TR_("phone number not entered",2)); }else if(strlen($subuser_mobile) < 8 || !preg_match("/^([0-9+() ])+$/i", $subuser_mobile)){ $form->setError($field, $functions->TR_("mobile number not valid",2)); } } /* */ $field = 'fax'; if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!$subuser_fax){ $form->setError($field, $functions->TR_("phone number not entered",2)); }else if(strlen($subuser_fax) < 8 || !preg_match("/^([0-9+() ])+$/i", $subuser_fax)){ $form->setError($field, $functions->TR_("mobile number not valid",2)); } } /* */ $field = "bdate"; //Use field date if(isset($_POST[$field]) && $_POST[$field.'_required']){ if(!$subuser_bdate || strlen($subuser_bdate = trim($subuser_bdate)) == 0 ){ $form->setError($field,$functions->TR_("date of birth not entered", 2)); }else{ $regex='/[0-9]{2}\/[0-9]{2}\/[0-9]{4}/'; if(!preg_match($regex,$subuser_bdate)){ $form->setError($field,$functions->TR_("date of birth not valid",2)); } } } /* */ $field = 'gender'; if($_POST[$field.'_required']){ if(!$subuser_gender){ $form->setError($field, $functions->TR_("salutation not selected",2)); } } /* */ $field = 'mail'; if($_POST[$field.'_required']){ if(!$subuser_mail){ $form->setError($field, $functions->TR_("mail not selected",2)); } } /* Website */ $field = 'website'; if($_POST[$field.'_required']){ if(!$_POST[$field]){ $form->setError($field, $functions->TR_("url not entered",2)); } } if(isset($_POST[$field]) && $_POST[$field]){ $regex = "/^(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?$/"; if(!preg_match($regex, $website)){ $form->setError($field, $functions->TR_("url not valid ",2)); } $parse = parse_url($website); if($parse['scheme'] != 'http'){ //$form->setError($field, $functions->TR_("url has to start with http",2)); } } /* * Description */ $desc_min_length = 10; $desc_max_length = 500; if($_POST['user_desc_l_required']){ foreach($lang_arr as $key => $user_desc){ if(!$_POST['user_desc_l'.$key]){ $form->setError('user_desc_l'.$key, $functions->TR_("description not entered", 2)); }else if(strlen($_POST["user_desc_l".$key]) < $desc_min_length){ $form->setError( 'user_desc_l'.$key, $functions->TR_("description too short", 2).'. min. '.$desc_min_length ); }else if(strlen($_POST["user_desc_l".$key])>$desc_max_length){ $form->setError( 'user_desc_l'.$key, $functions->TR_("description too long", 2).'. max. '. $desc_max_length ); } } } /* * Vars */ $var_arr = range(1,20); //echo $_POST['user_var_7']; foreach($var_arr as $nr){ if($_POST['user_var_'.$nr.'_required']){ if(!$_POST['user_var_'.$nr] || strlen(strip_tags($_POST['user_var_'.$nr])) == ''){ $form->setError('user_var_'.$nr, $functions->TR_('',2).' '.$functions->TR_("required",2) ); } } } if($subedit){ /* echo '
'; print_r($_POST); echo ''; */ /* Update level anyway */ if(isset($_POST['valid'])) $database->updateUserField($this->username, 'user_valid', $subvalid); if(isset($_POST['level'])) $database->updateUserField($this->username, 'user_level', $sublevel); /* Update vars anyway */ if(isset($_POST['user_var_1']) || isset($_POST['check_present_user_var_1'])) $database->updateUserField($this->username, 'user_var_1', $var_1); if(isset($_POST['user_var_2']) || isset($_POST['check_present_user_var_2'])) $database->updateUserField($this->username, 'user_var_2', $var_2); if(isset($_POST['user_var_3']) || isset($_POST['check_present_user_var_3'])) $database->updateUserField($this->username, 'user_var_3', $var_3); if(isset($_POST['user_var_4']) || isset($_POST['check_present_user_var_4'])) $database->updateUserField($this->username, 'user_var_4', $var_4); if(isset($_POST['user_var_5']) || isset($_POST['check_present_user_var_5'])) $database->updateUserField($this->username, 'user_var_5', $var_5); if(isset($_POST['user_var_6']) || isset($_POST['check_present_user_var_6'])) $database->updateUserField($this->username, 'user_var_6', $var_6); if(isset($_POST['user_var_7']) || isset($_POST['check_present_user_var_7'])) $database->updateUserField($this->username, 'user_var_7', $var_7); if(isset($_POST['user_var_8']) || isset($_POST['check_present_user_var_8'])) $database->updateUserField($this->username, 'user_var_8', $var_8); if(isset($_POST['user_var_9']) || isset($_POST['check_present_user_var_9'])) $database->updateUserField($this->username, 'user_var_9', $var_9); if(isset($_POST['user_var_10']) || isset($_POST['check_present_user_var_10'])) $database->updateUserField($this->username, 'user_var_10', $var_10); if(isset($_POST['user_var_11']) || isset($_POST['check_present_user_var_11'])) $database->updateUserField($this->username, 'user_var_11', $var_11); if(isset($_POST['user_var_12']) || isset($_POST['check_present_user_var_12'])) $database->updateUserField($this->username, 'user_var_12', $var_12); if(isset($_POST['user_var_13']) || isset($_POST['check_present_user_var_13'])) $database->updateUserField($this->username, 'user_var_13', $var_13); if(isset($_POST['user_var_14']) || isset($_POST['check_present_user_var_14'])) $database->updateUserField($this->username, 'user_var_14', $var_14); if(isset($_POST['user_var_15']) || isset($_POST['check_present_user_var_15'])) $database->updateUserField($this->username, 'user_var_15', $var_15); if(isset($_POST['user_var_16']) || isset($_POST['check_present_user_var_16'])) $database->updateUserField($this->username, 'user_var_16', $var_16); if(isset($_POST['user_var_17']) || isset($_POST['check_present_user_var_17'])) $database->updateUserField($this->username, 'user_var_17', $var_17); if(isset($_POST['user_var_18']) || isset($_POST['check_present_user_var_18'])) $database->updateUserField($this->username, 'user_var_18', $var_18); if(isset($_POST['user_var_19']) || isset($_POST['check_present_user_var_19'])) $database->updateUserField($this->username, 'user_var_19', $var_19); if(isset($_POST['user_var_20']) || isset($_POST['check_present_user_var_20'])) $database->updateUserField($this->username, 'user_var_20', $var_20); } /* Errors exist, have user correct them */ if($form->num_errors > 0){ return 1; //Errors with form } /* No errors, continue */ else{ if($subjoin){ /* This returns 1 if ok */ if($database->addNewUser($subuser, md5($subpass), $subemail)){ $_SESSION['new_user'] = $subuser; if(EMAIL_WELCOME){ $user_mailer->sendWelcome($subuser,$subemail,$subpass); } /* Update other fields */ $database->updateUserField($subuser, 'user_firstname', $subuser_fname); $database->updateUserField($subuser, 'user_insertion', $subuser_insertion); $database->updateUserField($subuser, 'user_lastname', $subuser_lname); $database->updateUserField($subuser, 'user_company', $subuser_company); $database->updateUserField($subuser, 'user_function', $subuser_function); $database->updateUserField($subuser, 'user_address', $subuser_address); $database->updateUserField($subuser, 'user_zip', $subuser_zip); $database->updateUserField($subuser, 'user_city', $subuser_city); $database->updateUserField($subuser, 'user_state', $subuser_state); $database->updateUserField($subuser, 'user_country', $subuser_country); $database->updateUserField($subuser, 'user_latitude', $subuser_latitude); $database->updateUserField($subuser, 'user_longitude', $subuser_longitude); $database->updateUserField($subuser, 'user_phone', $subuser_phone); $database->updateUserField($subuser, 'user_mobile', $subuser_mobile); $database->updateUserField($subuser, 'user_fax', $subuser_fax); $database->updateUserField($subuser, 'user_birthdate', $subuser_bdate); $database->updateUserField($subuser, 'user_birthcity', $subuser_bcity); $database->updateUserField($subuser, 'user_birthcountry', $subuser_bcountry); $database->updateUserField($subuser, 'user_gender', $subuser_gender); $database->updateUserField($subuser, 'user_mail', $subuser_mail); $database->updateUserField($subuser, 'user_website', $website); $database->updateUserField($subuser, 'user_portfolio', $portfolio); $database->updateUserField($subuser, 'user_rssfeed', $rssfeed); $database->updateUserField($subuser, 'user_linkedin', $linkedin); $database->updateUserField($subuser, 'user_facebook', $facebook); $database->updateUserField($subuser, 'user_twitter', $twitter); $database->updateUserField($subuser, 'user_youtube', $youtube); $database->updateUserField($subuser, 'user_vimeo', $vimeo); $database->updateUserField($subuser, 'user_var_1', $var_1); $database->updateUserField($subuser, 'user_var_2', $var_2); $database->updateUserField($subuser, 'user_var_3', $var_3); $database->updateUserField($subuser, 'user_var_4', $var_4); $database->updateUserField($subuser, 'user_var_5', $var_5); $database->updateUserField($subuser, 'user_var_6', $var_6); $database->updateUserField($subuser, 'user_var_7', $var_7); $database->updateUserField($subuser, 'user_var_8', $var_8); $database->updateUserField($subuser, 'user_var_9', $var_9); $database->updateUserField($subuser, 'user_var_10', $var_10); $database->updateUserField($subuser, 'user_var_11', $var_11); $database->updateUserField($subuser, 'user_var_12', $var_12); $database->updateUserField($subuser, 'user_var_13', $var_13); $database->updateUserField($subuser, 'user_var_14', $var_14); $database->updateUserField($subuser, 'user_var_15', $var_15); $database->updateUserField($subuser, 'user_var_16', $var_16); $database->updateUserField($subuser, 'user_var_17', $var_17); $database->updateUserField($subuser, 'user_var_18', $var_18); $database->updateUserField($subuser, 'user_var_19', $var_19); $database->updateUserField($subuser, 'user_var_20', $var_20); $database->updateUserField($subuser, 'user_desc_l0', $sub_desc_l0); $database->updateUserField($subuser, 'user_desc_l1', $sub_desc_l1); $database->updateUserField($subuser, 'user_desc_l2', $sub_desc_l2); $database->updateUserField($subuser, 'user_desc_l3', $sub_desc_l3); $database->updateUserField($subuser, 'user_cv_l0', $sub_cv_l0); $database->updateUserField($subuser, 'user_cv_l1', $sub_cv_l1); $database->updateUserField($subuser, 'user_cv_l2', $sub_cv_l2); $database->updateUserField($subuser, 'user_cv_l3', $sub_cv_l3); $database->updateUserField( $subuser, 'user_fullname', $subuser_fname.' '.$subuser_insertion.' '.$subuser_lname ); /* Username and password correct, register session variables */ $this->userinfo = $database->getUserInfo($subuser); $this->username = $_SESSION['username'] = $this->userinfo['username']; $this->user_id = $_SESSION['user_id'] = $this->generateRandID(); $this->user_level = $this->userinfo['user_level']; /* Insert user_id into database and update active users table */ $database->updateUserField($this->username, "user_id", $this->user_id); $database->addActiveUser($this->username, $this->time); $database->removeActiveGuest($_SERVER['REMOTE_ADDR']); return 0; //New user added succesfully } else{ return 2; //Registration or edit attempt failed } } if($subedit){ /* echo '
'; print_r($_POST); echo ''; */ /* Update Password since there were no errors */ if($subcurpass && $subnewpass){ $database->updateUserField($this->username,"user_password",md5($subnewpass)); } if(isset($_POST['email'])) $database->updateUserField($this->username, 'user_email', $subuser_email); /* Update other fields */ if(isset($_POST['fname'])) $database->updateUserField($this->username, 'user_firstname', $subuser_fname); if(isset($_POST['insertion'])) $database->updateUserField($this->username, 'user_insertion', $subuser_insertion); if(isset($_POST['lname'])) $database->updateUserField($this->username, 'user_lastname', $subuser_lname); if(isset($_POST['company'])){ $database->updateUserField($this->username, 'user_company', $subuser_company); $database->manage_user_categorie($this->username); } if(isset($_POST['function'])) $database->updateUserField($this->username, 'user_function', $subuser_function); if(isset($_POST['address'])) $database->updateUserField($this->username, 'user_address', $subuser_address); if(isset($_POST['zip'])) $database->updateUserField($this->username, 'user_zip', $subuser_zip); if(isset($_POST['city'])) $database->updateUserField($this->username, 'user_city', $subuser_city); if(isset($_POST['state'])) $database->updateUserField($this->username, 'user_state', $subuser_state); if(isset($_POST['country'])) $database->updateUserField($this->username, 'user_country', $subuser_country); if(isset($_POST['latitude'])) $database->updateUserField($this->username, 'user_latitude', $subuser_latitude); if(isset($_POST['longitude'])) $database->updateUserField($this->username, 'user_longitude', $subuser_longitude); if(isset($_POST['phone'])) $database->updateUserField($this->username, 'user_phone', $subuser_phone); if(isset($_POST['mobile'])) $database->updateUserField($this->username, 'user_mobile', $subuser_mobile); if(isset($_POST['fax'])) $database->updateUserField($this->username, 'user_fax', $subuser_fax); if(isset($_POST['birthdate'])) $database->updateUserField($this->username, 'user_birthdate', $subuser_bdate); if(isset($_POST['birthcity'])) $database->updateUserField($this->username, 'user_birthcity', $subuser_bcity); if(isset($_POST['birthcountry'])) $database->updateUserField($this->username, 'user_birthcountry', $subuser_bcountry); if(isset($_POST['gender'])) $database->updateUserField($this->username, 'user_gender', $subuser_gender); if(isset($_POST['mail'])) $database->updateUserField($this->username, 'user_mail', $subuser_mail); if(isset($_POST['website'])) $database->updateUserField($this->username, 'user_website', $website); if(isset($_POST['portfolio'])) $database->updateUserField($this->username, 'user_portfolio', $portfolio); if(isset($_POST['rssfeed'])) $database->updateUserField($this->username, 'user_rssfeed', $rssfeed); if(isset($_POST['linkedin'])) $database->updateUserField($this->username, 'user_linkedin', $linkedin); if(isset($_POST['facebook'])) $database->updateUserField($this->username, 'user_facebook', $facebook); if(isset($_POST['twitter'])) $database->updateUserField($this->username, 'user_twitter', $twitter); if(isset($_POST['youtube'])) $database->updateUserField($this->username, 'user_youtube', $youtube); if(isset($_POST['vimeo'])) $database->updateUserField($this->username, 'user_vimeo', $vimeo); if(isset($_POST['user_var_1']) || isset($_POST['check_present_user_var_1'])) $database->updateUserField($this->username, 'user_var_1', $var_1); if(isset($_POST['user_var_2']) || isset($_POST['check_present_user_var_2'])) $database->updateUserField($this->username, 'user_var_2', $var_2); if(isset($_POST['user_var_3']) || isset($_POST['check_present_user_var_3'])) $database->updateUserField($this->username, 'user_var_3', $var_3); if(isset($_POST['user_var_4']) || isset($_POST['check_present_user_var_4'])) $database->updateUserField($this->username, 'user_var_4', $var_4); if(isset($_POST['user_var_5']) || isset($_POST['check_present_user_var_5'])) $database->updateUserField($this->username, 'user_var_5', $var_5); if(isset($_POST['user_var_6']) || isset($_POST['check_present_user_var_6'])) $database->updateUserField($this->username, 'user_var_6', $var_6); if(isset($_POST['user_var_7']) || isset($_POST['check_present_user_var_7'])) $database->updateUserField($this->username, 'user_var_7', $var_7); if(isset($_POST['user_var_8']) || isset($_POST['check_present_user_var_8'])) $database->updateUserField($this->username, 'user_var_8', $var_8); if(isset($_POST['user_var_9']) || isset($_POST['check_present_user_var_9'])) $database->updateUserField($this->username, 'user_var_9', $var_9); if(isset($_POST['user_var_10']) || isset($_POST['check_present_user_var_10'])) $database->updateUserField($this->username, 'user_var_10', $var_10); if(isset($_POST['user_var_11']) || isset($_POST['check_present_user_var_11'])) $database->updateUserField($this->username, 'user_var_11', $var_11); if(isset($_POST['user_var_12']) || isset($_POST['check_present_user_var_12'])) $database->updateUserField($this->username, 'user_var_12', $var_12); if(isset($_POST['user_var_13']) || isset($_POST['check_present_user_var_13'])) $database->updateUserField($this->username, 'user_var_13', $var_13); if(isset($_POST['user_var_14']) || isset($_POST['check_present_user_var_14'])) $database->updateUserField($this->username, 'user_var_14', $var_14); if(isset($_POST['user_var_15']) || isset($_POST['check_present_user_var_15'])) $database->updateUserField($this->username, 'user_var_15', $var_15); if(isset($_POST['user_var_16']) || isset($_POST['check_present_user_var_16'])) $database->updateUserField($this->username, 'user_var_16', $var_16); if(isset($_POST['user_var_17']) || isset($_POST['check_present_user_var_17'])) $database->updateUserField($this->username, 'user_var_17', $var_17); if(isset($_POST['user_var_18']) || isset($_POST['check_present_user_var_18'])) $database->updateUserField($this->username, 'user_var_18', $var_18); if(isset($_POST['user_var_19']) || isset($_POST['check_present_user_var_19'])) $database->updateUserField($this->username, 'user_var_19', $var_19); if(isset($_POST['user_var_20']) || isset($_POST['check_present_user_var_20'])) $database->updateUserField($this->username, 'user_var_20', $var_20); $database->updateUserField($this->username, 'user_desc_l0', $sub_desc_l0); $database->updateUserField($this->username, 'user_desc_l1', $sub_desc_l1); $database->updateUserField($this->username, 'user_desc_l2', $sub_desc_l2); $database->updateUserField($this->username, 'user_desc_l3', $sub_desc_l3); $database->updateUserField($this->username, 'user_cv_l0', $sub_cv_l0); $database->updateUserField($this->username, 'user_cv_l1', $sub_cv_l1); $database->updateUserField($this->username, 'user_cv_l2', $sub_cv_l2); $database->updateUserField($this->username, 'user_cv_l3', $sub_cv_l3); $subuser_fullname = $subuser_fname.' '.$subuser_insertion.' '.$subuser_lname; $database->updateUserField($this->username, 'user_fullname', $subuser_fullname); return 0; //New user added succesfully } } } /** * editPass - Attempts to edit the user's password information * which it first makes sure is correct * if entered, if so and the new password is in the right * format, the change is made. All other fields are changed * automatically. */ function editPass($subcurpass, $subnewpass, $subconfnewpass){ global $database, $form, $control, $functions; //The database and form object if($subnewpass){ /* Current Password error checking */ $field = "curpass"; //Use field name for current password if(!$subcurpass){ $form->setError($field, $functions->TR_("current password not entered", 2)); } else{ /* Check if password too short or is not alphanumeric */ $subcurpass = stripslashes($subcurpass); if(strlen($subcurpass) < 8 || !preg_match("/^([0-9a-z])+$/i", ($subcurpass = trim($subcurpass)))){ $form->setError($field, $functions->TR_("current password incorrect", 2)); } /* Password entered is incorrect */ if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){ $form->setError($field, $functions->TR_("current password incorrect", 2)); } } /* New Password error checking */ $field = "newpass"; //Use field name for new password /* Spruce up password and check length*/ $subpass = stripslashes($subnewpass); if(strlen($subnewpass) < 8){ $form->setError($field, $functions->TR_("new password too short", 2)); } /* Check if password is not alphanumeric */ else if(!preg_match("/^([0-9a-z])+$/i", ($subnewpass = trim($subnewpass)))){ $form->setError($field, $functions->TR_("new password not alphanumeric", 2)); } $field = "confnewpass"; if($subnewpass != $subconfnewpass){ $form->setError($field, $functions->TR_("confirmation not matching", 2)); } } /* Change Password attempted */ else if($subcurpass){ /* New Password error reporting */ $field = "newpass"; //Use field name for new password $form->setError($field, $functions->TR_("new password not entered", 2)); } /* New password entered */ $field = "curpass"; if(!$subcurpass){ $form->setError($field, $functions->TR_("current password not entered", 2)); } $field = "newpass"; if(!$subnewpass){ $form->setError($field, $functions->TR_("new password not entered", 2)); } /* Errors exist, have user correct them */ if($form->num_errors > 0){ return false; //Errors with form } /* Update Password since there were no errors */ if($subcurpass && $subnewpass){ $database->updateUserField($this->username,"user_password",md5($subnewpass)); } /* Success! */ return true; } /** * isAdmin - Returns true if currently logged in user is * an administrator, false otherwise. */ function isAdmin(){ return ($this->user_level == ADMIN_LEVEL || $this->username == ADMIN_NAME); } /** * isAuthor - Returns true if currently logged in user is * an administrator, false otherwise. */ function isAuthor(){ return ($this->user_level == AUTHOR_LEVEL || $this->username == AUTHOR_NAME); } /** * generateRandID - Generates a string made up of randomized * letters (lower and upper case) and digits and returns * the md5 hash of it to be used as a user_id. */ function generateRandID(){ return md5($this->generateRandStr(16)); } /** * generateRandStr - Generates a string made up of randomized * letters (lower and upper case) and digits, the length * is a specified parameter. */ function generateRandStr($length){ $randstr = ""; for($i=0; $i<$length; $i++){ $randnum = mt_rand(0,61); if($randnum < 10){ $randstr .= chr($randnum+48); }else if($randnum < 36){ $randstr .= chr($randnum+55); }else{ $randstr .= chr($randnum+61); } } return $randstr; } }; /** * Initialize session object - This must be initialized before * the form object because the form uses session variables, * which cannot be accessed unless the session has started. */ $session = new Session; /* Initialize form object */ $form = new Form; include_once(str_replace('//','/',dirname(__FILE__).'/') .SYSTEM_FOLDER.'/loader_basic.php'); ?>