<?phpclass MembersController extends AppController{ var $name = 'Members

1. <?php
2.  
3. class MembersController extends AppController
4. {
5. var $name = 'Members';
6. var $uses = array("Member", "Group", "Guest", "Profile");
7. var $helpers = array('Form', 'Html', 'Time');
8. var $validate = array(
9.  
10. );
11.  
12.  
13. var $paginate = array(
14. 'Member' => array(
15. 'limit' => 20,
16. 'order' => array(
17. 'Member.lastaction' => 'desc'
18. )
19. )
20. );
21. var $components = array('DarkAuth', 'CaptchaMaker', 'AuthEmailSender');
22.  
23. function index(){
24. //$this->DarkAuth->requiresAuth('Member');
25. $data = $this->paginate('Member');
26. $this->set(compact('data'));
27.  
28. }
29.  
30. function logout($redirect=true){
31. $this->DarkAuth->logout($redirect);
32. }
33.  
34. function emailauth($id){
35. $data = $this->Member->findById($id);
36. if ($data['Member']['sendEmail'] == 0){
37. $this->set("memberdata", $data['Member']);
38. $this->AuthEmailSender->sendAuthEmail($data['Member']['authKey'], $data['Member']['email'], $data['Member']['username'], $_SERVER['REMOTE_ADDR']);
39.  
40. $this->Member->id = $id;
41. $this->Member->saveField('sendEmail', 1);
42. } else {
43. $this->redirect("/");
44. }
45. }
46.  
47. function reg_complete($id){
48. if($this->referer() == "/members/register"){
49. $data = $this->Member->findById($id);
50. $this->set("memberdata", $data['Member']);
51. $this->AuthEmailSender->sendAuthEmail($data['Member']['authKey'], $data['Member']['email'], $data['Member']['username'], $_SERVER['REMOTE_ADDR']);
52. mysql_query('OPTIMIZE TABLE `_members`');
53. } else {
54. $this->redirect("/");
55. }
56. }
57.  
58. function reset_complete($id){
59. if($this->referer() == "/members/resetpass"){
60. $data = $this->Member->findById($id);
61. $this->set("memberdata", $data['Member']);
62. mysql_query('OPTIMIZE TABLE `_members`');
63. } else {
64. $this->redirect("/");
65. }
66. }
67.  
68. function authenticate($auth){
69. $data = $this->Member->findByAuthkey($auth);
70. if(is_array($data)){
71. $newData['auth'] = 1;
72. $newData['id'] = $data['Member']['id'];
73. $newData['authKey'] = '';
74. $newData['sendEmail'] = 1;
75. $this->Member->save($newData);
76. $this->set("memberdata", $data['Member']);
77.  
78. } else {
79. $this->redirect('/');
80. }
81. }
82.  
83. function resetpass(){
84. if($this->data){
85. $post = $this->data['Member'];
86. $error = array();
87.  
88. $query = mysql_query("SELECT `id`, `username`, `answer` FROM `_members` WHERE `email`=\"".$post['email']."\"");
89. $query = mysql_fetch_array($query);
90.  
91. if($query['answer'] == $post['answer']){
92. $newpassword = strtoupper(substr(md5(rand(10, 1643)), 0, 8));
93. $password_temp = md5($newpassword);
94. $newData['id'] = $query['id'];
95.  
96. mysql_query("UPDATE `_members` SET `password_temp` = '$password_temp' WHERE `id`='".$query['id']."'") or die(mysql_error());
97. $this->AuthEmailSender->sendPassEmail($newpassword, $post['email'], $query['username'], $_SERVER['REMOTE_ADDR']);
98. $this->redirect("/members/reset_complete/".$query['id']);
99. } else {
100. $this->set("error", array("answer" => "The security answer provided was incorrect! Please try again."));
101. }
102. }
103. }
104.  
105. function register(){
106. if($this->data){
107. $post = $this->data['Member'];
108. $error = array();
109.  
110. if(preg_match("/^[a-zA-Z0-9_]{5,15}$/", $post['username']) < 1){
111. $error['username'] = "Username must be 5-15 alphanumeric characters.";
112. } else if($this->checkExists('username', $post['username'], true) == 1){
113. $error['username'] = "That username is not available.";
114. }
115. if(preg_match("/^[a-z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/", $post['email']) < 1){
116. $error['email'] = "Invalid email address provided.";
117. } else if($this->checkExists('email', $post['email'], true) == 1){
118. $error['email'] = "That email address is already in use.";
119. }
120. if (preg_match("/^[^ ]{3,20}$/", $post['password']) < 1){
121. $error['password'] = "Password must be 3-20 non-space characters.";
122. } else if($post['password'] != $post['passwordCheck']){
123. $error['password'] = "The passwords provided do not match.";
124. }
125. if(preg_match("/[a-zA-Z0-9]+/", $post['question']) < 1){
126. $error['question'] = "Security question can not be blank.";
127. }
128. if(preg_match("/[a-zA-Z0-9]+/", $post['answer']) < 1){
129. $error['answer'] = "Security answer can not be blank.";
130. }
131. $checkCaptcha = mysql_query('SELECT * FROM `_captcha` WHERE `id` = "'.$post['captchaValue'].'" LIMIT 1');
132. $checkCaptcha = mysql_fetch_array($checkCaptcha);
133. if($checkCaptcha){
134. if($checkCaptcha['msg'] != $post['captcha']){
135. $error['captcha'] = "Please try again.";
136. }
137. } else {
138. $error['captcha'] = "Time out, try again.";
139. }
140.  
141. if($post['toa'] != 1){
142. $error['toa'] = "You must agree to these terms!";
143. }
144.  
145.  
146. if(count($error) == 0){
147. /* NO ERRORS! */
148. $newMember = array();
149. $newMember['username'] = $post['username'];
150. $newMember['email'] = $post['email'];
151. $newMember['password'] = md5($post['password']);
152. $newMember['authKey'] = md5($post['username'].$post['captchaValue']);
153. $newMember['ipaddress'] = $_SERVER['REMOTE_ADDR'];
154. $newMember['joindate'] = time();
155. $newMember['lastaction'] = 0;
156. $newMember['lastonline'] = 0;
157. $newMember['question'] = $post['question'];
158. $newMember['answer'] = $post['answer'];
159. $this->Member->save($newMember);
160. $newId = $this->Member->id;
161. $this->redirect("/members/reg_complete/".$newId);
162.  
163. } else {
164. $error['captcha'] = "Please type again.";
165. $this->set('error', $error);
166. }
167.  
168. }
169.  
170. $captcha = $this->CaptchaMaker->makeNewCaptcha();
171. $this->set('captcha', $captcha);
172. }
173.  
174. function showCaptcha($id){
175. $this->CaptchaMaker->buildCaptchaImage($id);
176. }
177.  
178. function gSQ($email){
179. if($email){
180. $query = mysql_query("SELECT `question` FROM `_members` WHERE `email` = \"$email\"");
181. $this->view = "empty";
182. while($row = mysql_fetch_array($query)) echo $row['question'];
183. }
184. }
185.  
186. function checkExists($field, $data, $return = false) {
187.  
188. $exists = 0;
189. if($data == ""){ $exists = 1; }
190.  
191. $query = mysql_query("SELECT * FROM `_members` WHERE `$field` = \"$data\"");
192. if (mysql_fetch_array($query)){ $exists = 1; }
193.  
194. ob_get_clean();
195. if($return) return $exists;
196. else {echo $exists;
197. die();}
198. }
199.  
200. function profile_edit($thing){
201. $this->DarkAuth->requiresAuth('Member');
202.  
203. switch($thing){
204. case "avatar":
205.  
206. if (isset($_POST["upload_thumbnail"])) {
207.  
208. //Get the new coordinates to crop the image.
209. $start_width = $_POST["x1"];
210. $start_height = $_POST["y1"];
211. $x2 = $_POST["x2"];
212. $y2 = $_POST["y2"];
213. $width = $_POST["w"];
214. $height = $_POST["h"];
215. //Scale the image to the thumb_width set above
216. $scale = 50/$width;
217.  
218. $newImageWidth = ceil($width * $scale);
219. $newImageHeight = ceil($height * $scale);
220. $newImage = imagecreatetruecolor(50,50);
221. $source = imagecreatefromjpeg("thumbcache/avatars/tmp/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg");
222.  
223. imagecopyresampled($newImage,$source,0,0,$start_width,$start_height,$newImageWidth,$newImageHeight,$width,$height);
224. imagejpeg($newImage,"thumbcache/avatars/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg",90);
225.  
226. $this->set("finished", true);
227. }
228.  
229. if(!$_POST['automatic'] && !$this->viewVars['finished']){
230. // submitting a file
231.  
232. $file_type = $_FILES['userfile']['type'];
233. $file_name = $_FILES['userfile']['name'];
234. $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));
235.  
236. if (!in_array($file_type, array('image/jpeg','image/jpg')) && !in_array($file_ext, array('.jpg','.jpeg','.JPG','.JPEG')) ){
237. $this->set("filewarning", "Uploaded image is not a .jpg or .png!");
238. } else if ( $_FILES['userfile']['size'] > 2000000){$this->set("filewarning", "Uploaded image is over 1.9MB!");
239. } else {
240.  
241. $temp_name = $_FILES['userfile']['tmp_name'];
242. $file_name = md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).$file_ext;
243. $file_path = "thumbcache/avatars/tmp/".$file_name;
244.  
245. if(is_uploaded_file($temp_name)){
246. $result = move_uploaded_file($temp_name, $file_path);
247. }
248.  
249. if($result){
250. $this->set("uploaded", $file_path);
251. }
252. }
253.  
254. } else if (!$this->viewVars['finished']) {
255. // automatic!
256. if(file_exists("thumbcache/avatars/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg")){
257. unlink("thumbcache/avatars/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg");
258. }
259. if(file_exists("thumbcache/avatars/tmp/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg")){
260. unlink("thumbcache/avatars/tmp/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg");
261. }
262. } else {
263. if(file_exists("thumbcache/avatars/tmp/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg")){
264. unlink("thumbcache/avatars/tmp/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg");
265. }
266. }
267. break;
268. case "password":
269.  
270. if(isset($_POST['changepass'])){
271. // change the password!
272. $error = array();
273.  
274. if(md5($this->data['Member']['password']) == $this->viewVars["_DarkAuth"]['User']['password']){
275. if($this->data['Member']['passwordNew1'] == $this->data['Member']['passwordNew2'] && !(preg_match("/^[^ ]{3,20}$/", $this->data['Member']['passwordNew1']) < 1)){
276. // correcto!
277. mysql_query("UPDATE `_members` SET `password_temp` = '".md5($this->data['Member']['passwordNew1'])."' WHERE `id`=".$this->viewVars["_DarkAuth"]['User']['id']) or die(mysql_error());
278. $error["success"] = "<strong>Your password was successfully changed!</strong>";
279. } else if (preg_match("/^[^ ]{3,20}$/", $this->data['Member']['passwordNew1']) < 1 || preg_match("/^[^ ]{3,20}$/", $this->data['Member']['passwordNew2']) < 1){
280. $error["passwordNew"] = "Passwords must be 3-20 non-space characters.";
281. } else {
282. $error["passwordNew"] = "Passwords provided did not match!";
283. }
284. } else {
285. $error["password"] = "Incorrect password provided!";
286. }
287.  
288. $this->set("passerror", $error);
289.  
290. }
291.  
292. break;
293. case "email":
294. if (isset($_POST['changeemail'])){
295. $error = array();
296.  
297. if($this->data['Member']['email'] == $this->data['Member']['emailCheck']){
298.  
299. if(!(preg_match("/^[a-z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$/", $this->data['Member']['email']) < 1) && $this->data['Member']['email'] != $this->viewVars['_DarkAuth']['User']['email']){
300.  
301. mysql_query("UPDATE `_members` SET `email`='".strtolower($this->data['Member']['email'])."',`auth`='0', `authKey`='".md5(time().$this->data['Member']['email'])."', `sendEmail`='0' WHERE `id`=".$this->viewVars["_DarkAuth"]['User']['id']) or die(mysql_error());
302. $id = $this->viewVars['_DarkAuth']['User']['id'];
303.  
304. if(file_exists("thumbcache/avatars/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg")){
305. rename("thumbcache/avatars/".md5(strtolower($this->viewVars["_DarkAuth"]['User']['email'])).".jpg", "thumbcache/avatars/".md5(strtolower($this->data['Member']['email'])).".jpg");
306. }
307.  
308. $this->logout(false);
309. $this->redirect("/members/emailauth/".$id);
310.  
311. } else if ($this->data['Member']['email'] == $this->viewVars['_DarkAuth']['User']['email']){
312. $error['email'] = "This is your current email!";
313. } else {
314. $error['email'] = "That is not a valid email!";
315. }
316. } else {
317. $error['email'] = "The emails provided did not match!";
318. }
319.  
320. $this->set("emailerror", $error);
321. }
322.  
323. break;
324. default:
325. // show everything\
326. break;
327. }
328. $prof = mysql_query("SELECT * FROM `_profiles` WHERE `id`=".$this->viewVars["_DarkAuth"]['User']['id']) or die(mysql_error());
329. while($profile = mysql_fetch_array($prof)){
330. $this->set("profile_data2", $profile);
331. }
332. $this->set("thing", $thing);
333. }
334.  
335.  
336. function edit($what, $thing = ""){
337. $this->set("what", $what);
338. switch ($what){
339. case "profile":
340. $this->profile_edit($thing);
341. break;
342.  
343. default:
344. $this->redirect("/");
345. break;
346. }
347. }
348.  
349. function profile($user = ""){
350. if($user == ""){
351. $user = $this->viewVars['_DarkAuth']['User']['username'];
352. }
353. if($user != ""){
354.  
355. $data = $this->Member->findByUsername($user);
356. if($data){
357. $data['Member']['password'] = "";
358. $data['Member']['password_temp'] = "";
359. $this->set("profile_data", $data);
360. $prof = mysql_query("SELECT * FROM `_profiles` WHERE `id`=".$data['Member']['id']) or die(mysql_error());
361. while($profile = mysql_fetch_array($prof)){
362. $this->set("profile_data2", $profile);
363. }
364. } else {
365. $this->set("profile_data", "");
366. }
367. }
368. }
369.  
370. }
371.  
372. ?>