Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- class MembersController extends AppController
- {
- var $name = 'Members';
- var $uses = array("Member", "Group", "Guest", "Profile");
- var $helpers = array('Form', 'Html', 'Time');
- var $validate = array(
- );
- var $paginate = array(
- 'Member' => array(
- 'limit' => 20,
- 'order' => array(
- 'Member.lastaction' => 'desc'
- )
- )
- );
- var $components = array('DarkAuth', 'CaptchaMaker', 'AuthEmailSender');
- function index(){
- //$this->DarkAuth->requiresAuth('Member');
- $data = $this->paginate('Member');
- $this->set(compact('data'));
- }
- function logout($redirect=true){
- $this->DarkAuth->logout($redirect);
- }
- function emailauth($id){
- $data = $this->Member->findById($id);
- if ($data['Member']['sendEmail'] == 0){
- $this->set("memberdata", $data['Member']);
- $this->AuthEmailSender->sendAuthEmail($data['Member']['authKey'], $data['Member']['email'], $data['Member']['username'], $_SERVER['REMOTE_ADDR']);
- $this->Member->id = $id;
- $this->Member->saveField('sendEmail', 1);
- } else {
- $this->redirect("/");
- }
- }
- function reg_complete($id){
- if($this->referer() == "/members/register"){
- $data = $this->Member->findById($id);
- $this->set("memberdata", $data['Member']);
- $this->AuthEmailSender->sendAuthEmail($data['Member']['authKey'], $data['Member']['email'], $data['Member']['username'], $_SERVER['REMOTE_ADDR']);
- mysql_query('OPTIMIZE TABLE `_members`');
- } else {
- $this->redirect("/");
- }
- }
- function reset_complete($id){
- if($this->referer() == "/members/resetpass"){
- $data = $this->Member->findById($id);
- $this->set("memberdata", $data['Member']);
- mysql_query('OPTIMIZE TABLE `_members`');
- } else {
- $this->redirect("/");
- }
- }
- function authenticate($auth){
- $data = $this->Member->findByAuthkey($auth);
- if(is_array($data)){
- $newData['auth'] = 1;
- $newData['id'] = $data['Member']['id'];
- $newData['authKey'] = '';
- $newData['sendEmail'] = 1;
- $this->Member->save($newData);
- $this->set("memberdata", $data['Member']);
- } else {
- $this->redirect('/');
- }
- }
- function resetpass(){
- if($this->data){
- $post = $this->data['Member'];
- $error = array();
- $query = mysql_query("SELECT `id`, `username`, `answer` FROM `_members` WHERE `email`=\"".$post['email']."\"");
- $query = mysql_fetch_array($query);
- if($query['answer'] == $post['answer']){
- $newpassword = strtoupper(substr(md5(rand(10, 1643)), 0, 8));
- $password_temp = md5($newpassword);
- $newData['id'] = $query['id'];
- mysql_query("UPDATE `_members` SET `password_temp` = '$password_temp' WHERE `id`='".$query['id']."'") or die(mysql_error());
- $this->AuthEmailSender->sendPassEmail($newpassword, $post['email'], $query['username'], $_SERVER['REMOTE_ADDR']);
- $this->redirect("/members/reset_complete/".$query['id']);
- } else {
- $this->set("error", array("answer" => "The security answer provided was incorrect! Please try again."));
- }
- }
- }
- function register(){
- if($this->data){
- $post = $this->data['Member'];
- $error = array();
- if(preg_match("/^[a-zA-Z0-9_]{5,15}$/", $post['username']) < 1){
- $error['username'] = "Username must be 5-15 alphanumeric characters.";
- } else if($this->checkExists('username', $post['username'], true) == 1){
- $error['username'] = "That username is not available.";
- }
- if(preg_match("/^[a-z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/", $post['email']) < 1){
- $error['email'] = "Invalid email address provided.";
- } else if($this->checkExists('email', $post['email'], true) == 1){
- $error['email'] = "That email address is already in use.";
- }
- if (preg_match("/^[^ ]{3,20}$/", $post['password']) < 1){
- $error['password'] = "Password must be 3-20 non-space characters.";
- } else if($post['password'] != $post['passwordCheck']){
- $error['password'] = "The passwords provided do not match.";
- }
- if(preg_match("/[a-zA-Z0-9]+/", $post['question']) < 1){
- $error['question'] = "Security question can not be blank.";
- }
- if(preg_match("/[a-zA-Z0-9]+/", $post['answer']) < 1){
- $error['answer'] = "Security answer can not be blank.";
- }
- $checkCaptcha = mysql_query('SELECT * FROM `_captcha` WHERE `id` = "'.$post['captchaValue'].'" LIMIT 1');
- $checkCaptcha = mysql_fetch_array($checkCaptcha);
- if($checkCaptcha){
- if($checkCaptcha['msg'] != $post['captcha']){
- $error['captcha'] = "Please try again.";
- }
- } else {
- $error['captcha'] = "Time out, try again.";
- }
- if($post['toa'] != 1){
- $error['toa'] = "You must agree to these terms!";
- }
- if(count($error) == 0){
- /* NO ERRORS! */
- $newMember = array();
- $newMember['username'] = $post['username'];
- $newMember['email'] = $post['email'];
- $newMember['password'] = md5($post['password']);
- $newMember['authKey'] = md5($post['username'].$post['captchaValue']);
- $newMember['ipaddress'] = $_SERVER['REMOTE_ADDR'];
- $newMember['joindate'] = time();
- $newMember['lastaction'] = 0;
- $newMember['lastonline'] = 0;
- $newMember['question'] = $post['question'];
- $newMember['answer'] = $post['answer'];
- $this->Member->save($newMember);
- $newId = $this->Member->id;
- $this->redirect("/members/reg_complete/".$newId);
- } else {
- $error['captcha'] = "Please type again.";
- $this->set('error', $error);
- }
- }
- $captcha = $this->CaptchaMaker->makeNewCaptcha();
- $this->set('captcha', $captcha);
- }
- function showCaptcha($id){
- $this->CaptchaMaker->buildCaptchaImage($id);
- }
- function gSQ($email){
- if($email){
- $query = mysql_query("SELECT `question` FROM `_members` WHERE `email` = \"$email\"");
- $this->view = "empty";
- while($row = mysql_fetch_array($query)) echo $row['question'];
- }
- }
- function checkExists($field, $data, $return = false) {
- $exists = 0;
- if($data == ""){ $exists = 1; }
- $query = mysql_query("SELECT * FROM `_members` WHERE `$field` = \"$data\"");
- if (mysql_fetch_array($query)){ $exists = 1; }
- ob_get_clean();
- if($return) return $exists;
- else {echo $exists;
- die();}
- }
- function profile_edit($thing){
- $this->DarkAuth->requiresAuth('Member');
- switch($thing){
- case "avatar":
- if (isset($_POST["upload_thumbnail"])) {
- //Get the new coordinates to crop the image.
- $start_width = $_POST["x1"];
- $start_height = $_POST["y1"];
- $x2 = $_POST["x2"];
- $y2 = $_POST["y2"];
- $width = $_POST["w"];
- $height = $_POST["h"];
- //Scale the image to the thumb_width set above
- $scale = 50/$width;
- $newImageWidth = ceil($width * $scale);
- $newImageHeight = ceil($height * $scale);
- $newImage = imagecreatetruecolor(50,50);
- $source = imagecreatefromjpeg("thumbcache/avatars/tmp/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg");
- imagecopyresampled($newImage,$source,0,0,$start_width,$start_height,$newImageWidth,$newImageHeight,$width,$height);
- imagejpeg($newImage,"thumbcache/avatars/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg",90);
- $this->set("finished", true);
- }
- if(!$_POST['automatic'] && !$this->viewVars['finished']){
- // submitting a file
- $file_type = $_FILES['userfile']['type'];
- $file_name = $_FILES['userfile']['name'];
- $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));
- if (!in_array($file_type, array('image/jpeg','image/jpg')) && !in_array($file_ext, array('.jpg','.jpeg','.JPG','.JPEG')) ){
- $this->set("filewarning", "Uploaded image is not a .jpg or .png!");
- } else if ( $_FILES['userfile']['size'] > 2000000){$this->set("filewarning", "Uploaded image is over 1.9MB!");
- } else {
- $temp_name = $_FILES['userfile']['tmp_name'];
- $file_name = md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).$file_ext;
- $file_path = "thumbcache/avatars/tmp/".$file_name;
- if(is_uploaded_file($temp_name)){
- $result = move_uploaded_file($temp_name, $file_path);
- }
- if($result){
- $this->set("uploaded", $file_path);
- }
- }
- } else if (!$this->viewVars['finished']) {
- // automatic!
- if(file_exists("thumbcache/avatars/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg")){
- unlink("thumbcache/avatars/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg");
- }
- if(file_exists("thumbcache/avatars/tmp/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg")){
- unlink("thumbcache/avatars/tmp/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg");
- }
- } else {
- if(file_exists("thumbcache/avatars/tmp/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg")){
- unlink("thumbcache/avatars/tmp/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg");
- }
- }
- break;
- case "password":
- if(isset($_POST['changepass'])){
- // change the password!
- $error = array();
- if(md5($this->data['Member']['password']) == $this->viewVars["_DarkAuth"]['User']['password']){
- if($this->data['Member']['passwordNew1'] == $this->data['Member']['passwordNew2'] && !(preg_match("/^[^ ]{3,20}$/", $this->data['Member']['passwordNew1']) < 1)){
- // correcto!
- mysql_query("UPDATE `_members` SET `password_temp` = '".md5($this->data['Member']['passwordNew1'])."' WHERE `id`=".$this->viewVars["_DarkAuth"]['User']['id']) or die(mysql_error());
- $error["success"] = "<strong>Your password was successfully changed!</strong>";
- } else if (preg_match("/^[^ ]{3,20}$/", $this->data['Member']['passwordNew1']) < 1 || preg_match("/^[^ ]{3,20}$/", $this->data['Member']['passwordNew2']) < 1){
- $error["passwordNew"] = "Passwords must be 3-20 non-space characters.";
- } else {
- $error["passwordNew"] = "Passwords provided did not match!";
- }
- } else {
- $error["password"] = "Incorrect password provided!";
- }
- $this->set("passerror", $error);
- }
- break;
- case "email":
- if (isset($_POST['changeemail'])){
- $error = array();
- if($this->data['Member']['email'] == $this->data['Member']['emailCheck']){
- if(!(preg_match("/^[a-z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/", $this->data['Member']['email']) < 1) && $this->data['Member']['email'] != $this->viewVars['_DarkAuth']['User']['email']){
- mysql_query("UPDATE `_members` SET `email`='".strtolower($this->data['Member']['email'])."',`auth`='0', `authKey`='".md5(time().$this->data['Member']['email'])."', `sendEmail`='0' WHERE `id`=".$this->viewVars["_DarkAuth"]['User']['id']) or die(mysql_error());
- $id = $this->viewVars['_DarkAuth']['User']['id'];
- if(file_exists("thumbcache/avatars/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg")){
- rename("thumbcache/avatars/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg", "thumbcache/avatars/".md5(strtolower($this->data['Member']['email'])).".jpg");
- }
- $this->logout(false);
- $this->redirect("/members/emailauth/".$id);
- } else if ($this->data['Member']['email'] == $this->viewVars['_DarkAuth']['User']['email']){
- $error['email'] = "This is your current email!";
- } else {
- $error['email'] = "That is not a valid email!";
- }
- } else {
- $error['email'] = "The emails provided did not match!";
- }
- $this->set("emailerror", $error);
- }
- break;
- default:
- // show everything\
- break;
- }
- $prof = mysql_query("SELECT * FROM `_profiles` WHERE `id`=".$this->viewVars["_DarkAuth"]['User']['id']) or die(mysql_error());
- while($profile = mysql_fetch_array($prof)){
- $this->set("profile_data2", $profile);
- }
- $this->set("thing", $thing);
- }
- function edit($what, $thing = ""){
- $this->set("what", $what);
- switch ($what){
- case "profile":
- $this->profile_edit($thing);
- break;
- default:
- $this->redirect("/");
- break;
- }
- }
- function profile($user = ""){
- if($user == ""){
- $user = $this->viewVars['_DarkAuth']['User']['username'];
- }
- if($user != ""){
- $data = $this->Member->findByUsername($user);
- if($data){
- $data['Member']['password'] = "";
- $data['Member']['password_temp'] = "";
- $this->set("profile_data", $data);
- $prof = mysql_query("SELECT * FROM `_profiles` WHERE `id`=".$data['Member']['id']) or die(mysql_error());
- while($profile = mysql_fetch_array($prof)){
- $this->set("profile_data2", $profile);
- }
- } else {
- $this->set("profile_data", "");
- }
- }
- }
- }
- ?>
Add Comment
Please, Sign In to add comment