Location: PHPKode > projects > Katyshop > katyshop_ro_0.3.2.1/web/formparser/user.php
<?php
/**
 * Product: Katyshop
 * @version 0.3.2.1
 * @author Catalin Hulea - hide@address.com
 * @copyright Copyright (C) 2007 Catalin Hulea
 * @license GNU General Public License version 3
 * 			You can find a copy of GNU GPL v3 at this path: /docs/LICENSE
 * @link https://sourceforge.net/projects/katyshop
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

require_once(dirname(dirname(__FILE__)) . "/init.php");

if(@$_GET["action"] == "register")
{
	$user = Application::getUser();
	if($user->isUserLoggedIn())
		Application::addError("Nu puteti folosi formularul de inregistrare deoarece sunteti autentificat");
	elseif(@$_POST["acc_type"] == "person")
		$registerUser = new UserPerson();
	elseif (@$_POST["acc_type"] == "company")
		$registerUser = new UserCompany();
	else
		Application::addError("Va rugam sa alegeti un tip valid de cont");

	if(array_key_exists("activation_code", @$_POST))
		Application::addError("Browserul dumneavoastra a trimis o cerere pe care serverul nostru nu a putut sa o inteleaga");
	if(is_a($registerUser, "User") && !Application::hasErrors())
	{
		$registerUser->copyFromArray(@$_POST);
		$registerUser->readDate("birth_date", @$_POST["birth_date"]);
		$registerUser->active = 0;
		$registerUser->login_code = "";
		if($registerUser->validateRegister(@$_POST["confirm_password"]))
		{
			$registerUser->password = md5($registerUser->password);
			$db = Application::getDb();
			$db->tbUser->insertObj($registerUser);

			$mailAgent = Application::getMailAgent();
			if(!$mailAgent->registrationMail($registerUser, @$_POST["password"]))
				Application::addError("Serveru nostru de mail nu functioneaza corect momentan, mailul cu codul de activare nu a putut fi trimis");

			Application::addMessage("Contul dumneavoastra a fost creat");
		}
	}

	if(Application::hasErrors())
	{
		SessionHandler::set("registerUser", $registerUser);
		Tools::redirect("../register.php");
	}
	else
	{
		SessionHandler::set("registerUser", "");
		Tools::redirect("../login.php");
	}
}
elseif (@$_GET["action"] == "login")
{
	$user = Application::getUser();
	if($user->isUserLoggedIn())
		Application::addError("Sunteti deja autentificat");
	else
		$user = Application::login(@$_POST["username"], @$_POST["password"], intval(@$_POST["remember_password"]));

	if($user->isUserLoggedIn())
	{
		Application::addMessage("V-ati autentificat");
		if(SessionHandler::get("login_return_to_cart") == "true")
		{
			Tools::redirect("../shopping_cart.php");
		}
		else
		{
			Tools::redirect("../profile.php");
		}
	}
	else
	{
		Application::addError("Autentificare esuata");
		Tools::redirect("../login.php");
	}
}
elseif (@$_GET["action"] == "logout")
{
	if(@$_POST["logout"] == 1)
		Application::logout();
	Tools::redirect("../index.php");
}
elseif (@$_GET["action"] == "profile")
{
	$db = Application::getDb();
	$user = Application::getUser();
	if(!$user->isUserLoggedIn())
		Tools::redirect("../login.php");

	// get the real class of user - UserPerson, UserCompany
	$updateUser = Factory::instantiateUser($user);

	// fill $updateUser with all data from $_POST. This is not secure yet,
	// because bogus data could be sent, such as ip, id, username, active... properties.
	$updateUser->copyFromArray($_POST);
	$updateUser->readDate("birth_date", @$_POST["birth_date"]);

	// protect sensitive data:
	$userData = new User();
	// copy from $user only the properties related to User class
	$userData->copyFromObject($user);
	// put back to $updateUser the real data from database,
	// properties from User class, that are not supposed to be edited from profile page.
	$updateUser->copyFromObject($userData);
	// at this moment, User class properties of $updateUser are secure, as they are in database,
	// and all data related to UserPerson and UserCompany is edited by user, as it was sent from $_POST.

	if($updateUser->validateUpdate(@$_POST["old_password"], @$_POST["password"], @$_POST["confirm_password"]))
	{
		if(!empty($_POST["password"]))
			$updateUser->password = md5($_POST["password"]);
		$db->tbUser->updateObj($updateUser);
		SessionHandler::set("Application_user", $updateUser);
		Application::addMessage("Profilul dumneavoastra a fost actualizat");
	}

	if(Application::hasErrors())
		SessionHandler::set("updateUser", $updateUser);
	else
		SessionHandler::set("updateUser", "");

		SessionHandler::set("updateUser", $updateUser);
	Tools::redirect("../profile.php");
}
elseif(@$_GET["action"] == "forgot_password")
{
	$db = Application::getDb();
	$u = $db->tbUser->getUserByUsername(@$_POST["username"]);
	$u = Factory::instantiateUser($u);
	if($u->id == 0)
	{
		Application::addError("Acest username nu exista");
	}
	elseif(empty($_POST["email"]))
	{
		Application::addError("Va rugam sa introduceti adresa de mail");
	}
	elseif($u->email != @$_POST["email"])
	{
		Application::addError("Adresa de email nu este corecta");
	}
	else
	{
		$newPass = Tools::getRandomChars(10);
		$u->password = md5($newPass);
		$db->tbUser->updateObj($u);
		Application::addMessage("O noua parola aleatoare a fost generata");
		$mailAgent = Application::getMailAgent();
		if($mailAgent->forgotPasswordMail($u, $newPass))
			Application::addMessage("Va rugam sa verificati adresa dumneavoastra de mail, veti putea folosi aceasta noua parola pentru a va autentifica.");
		else
			Application::addError("Serverul nostru de mail nu functioneaza corect, mailul cu parola aleatoare nu a putut fi trimis. Incercati va rugam putin mai tarziu.");
	}

	if(Application::hasErrors())
		Tools::redirect("../forgot_password.php");
	else
		Tools::redirect("../login.php");
}



?>
Return current item: Katyshop