EVOLUTION-NINJA

Edit File: user.php

<?php class User extends Controller { var $title_values=Array('login'=>'Login to proceed','edit'=>'Profile Edit'); var $login_view='user/login'; var $login_success_view='overview'; var $edit_view='user/edit'; var $cnt=0; function User() { parent::Controller(); $this->load->model('prefered_host_model'); $this->load->model('user_model','',TRUE); $this->load->helper(array('text','form','date','url','session','common','error','admin','db','cookie','crypto', 'simplexml_load_url_curl')); $this->load->library(array('user_entry','validation','form_validation')); } function index() { $this->login(); /* $docRoot = getenv("DOCUMENT_ROOT").'/ppvdemon/'; include($docRoot."install/crypto.php"); */ } /** * prefered_host * * This method performs the final steps of a prefered host install * This can only be triggered from within the long screen. * */ function prefered_host() { // If there is a licence they need to login if ($this->prefered_host_model->check_for_licence()) { // if not send to the regular login. redirect('user/login'); } // Make sure there is user data in the DB if ($this->prefered_host_model->check_user()===FALSE) { // If they got here it means there was no key AND no user data // They need to perform a full install. header('Location: '.$installdir); } $this->form_validation->set_rules('receipt_id', 'Receipt', 'required'); if ($this->form_validation->run() == FALSE) { // show form. $this->load->view('user/prefered_host'); } else { if($this->prefered_host_model->register($this->input->post('receipt_id'))) { // if we succeded... redirect('user/login'); } else { // IF it failed... $data['message'] = 'There is a problem with your receipt, please check your email for your receipt number. If you believe you are receiving this message in error, <a target="_blank" href="'.LIC_SVR_URL.'resetlic.php">click here</a> to reset your license.'; $this->load->view('user/prefered_host', $data); } } } function login() { // Make sure there are users installed. if ($this->prefered_host_model->check_user()===FALSE) { log_message('debug', 'Ther are no users, install needed, redirecting to install.'); $installdir = dirname($_SERVER['SCRIPT_NAME']).'install/'; header('Location: '.$installdir); } // See if this is a prefered host install before any other actions happen. if ($this->prefered_host_model->check_for_licence()===FALSE) { log_message('debug', 'The usere needs to enter receipt number redirecting to prefered host setup.'); redirect('user/prefered_host'); } $data["header_tags"]=""; $data["error"]=""; $data["title"]=""; $admin_type=""; if($this->user_entry->is_logged_in()) { $data["title"]="Welcome"; $this->check_for_updates('ppv_accounts'); // $this->load->view($this->login_success_view,$data); return; } $this->validation->set_rules($this->get_rules()); $this->validation->set_fields($this->get_fields(1)); $this->validation->set_error_delimiters('<div id="error" name="error"><font color=red >', '</font></div>'); if ($this->validation->run() == FALSE) { $data["title"]=$this->title_values['login']; $this->load->view($this->login_view,$data); } else { $user_name=$this->input->post('user_name',true); $user_pass=sha1($this->input->post('user_pass',true)); if ($row=$this->user_model->check($user_name,$user_pass)) { $userid=$row->user_id; $license_key=$row->license_key; $license_date=$row->license_date; #$ent_license_key=$row->ent_license_key; #$ent_license_date=$row->ent_license_date; $url=base_url(); $license_status=$row->license_status; /*$c = curl_init('http://galtech.org/ppvdemon/db.php?licence_key='.$license_key.'&field=status'); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); $status = curl_exec($c); curl_close($c);*/ // $licence_key = $_GET['licence_key']; $apiURI = LIC_API_URL."?operation=db_query&licence_key=".$license_key ; $xml = simplexml_load_url_curl($apiURI); $cd[0] = (string)$xml->entries->entry->username; $cd[1] = (string)$xml->entries->entry->password; $cd[2] = (string)$xml->entries->entry->eMail; $cd[3] = (string)$xml->entries->entry->security_question_1; $cd[4] = (string)$xml->entries->entry->security_question_2; $cd[5] = (string)$xml->entries->entry->answer_1; $cd[6] = (string)$xml->entries->entry->answer_2; $cd[7] = (string)$xml->entries->entry->status; $cd[8] = (string)$xml->entries->entry->domain; $cd[9] = (string)$xml->entries->entry->licence_key; if($cd[7]!='1') { $this->session->set_flashdata('cnt_error', 'Licence Disabled'); redirect('user'); return; } if($license_status=='renew'){ /* $c = curl_init('http://galtech.org/ppvdemon/db.php?licence_key='.$license_key.'&field=domain'); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); $domain = curl_exec($c); curl_close($c); */ $ck=0; if($cd[7]=='1') { if($cd[8]==$url){ $table['license_status'] = 'active'; $this->db->where('user_id',$row->user_id); $this->db->update('pd_users',$table); } } else { if(!isset($_COOKIE['counter'])){ setcookie("counter", 1);} else{ $ck=$_COOKIE['counter']; $ck++; setcookie("counter", $ck); } if(isset($_COOKIE['counter'])){ if($_COOKIE['counter']!=3) { redirect('user'); return; } if($_COOKIE['counter']==3) { //echo 1; setcookie("counter", 1); $this->session->set_flashdata('cnt_error','Invalid License'); redirect('user'); return; } } } } $userid=$row->user_id; $qury1="select * from pd_users where user_id='$userid'"; $res=mysql_query($qury1); $re1=mysql_fetch_array($res); $log_count=$re1['log_count']; $log_count=$log_count+1; $chk=$log_count%5; //echo $chk; if($chk==0) { $license_status='renew'; $query2="update pd_users set log_count='$log_count', license_status='renew' where user_id='$userid'"; mysql_query($query2); } $query3="update pd_users set log_count='$log_count' where user_id='$userid'"; mysql_query($query3); if($license_key){ $license_date1 = strtotime(date("Y-m-d", strtotime($license_date)) . " +1 month"); $one_month = date('d-m-Y',$license_date1); $license_date2 = strtotime(date("Y-m-d", strtotime($one_month)) . " +1 month"); $two_month = date('d-m-Y',$license_date2); $user_timezone1=$row->user_timezone; $new_time_stamp7= GetTime($user_timezone1); $new_time_stamp7= strtotime($new_time_stamp7); $today1 = date('d-m-Y',$new_time_stamp7); if(strtotime($today1) < strtotime($one_month)){ /*$c = curl_init('http://galtech.org/ppvdemon/db.php?licence_key='.$ent_license_key.'&domain='.$url); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); $row1 = curl_exec($c); curl_close($c);*/ if(!$cd[8]) { $this->session->set_flashdata('ent_error','Invalid Enterprise License Key'); redirect('user'); return; } } else if(strtotime($today1) > strtotime($one_month) && strtotime($today1) < strtotime($two_month)){ if($row->thrice_a_week == ''){ $license_date3 = strtotime(date("Y-m-d", strtotime($today1)) . " +3 days"); $thrice_a_week = date('d-m-Y',$license_date3); $table['thrice_a_week'] = $thrice_a_week; $this->db->where('user_id',$row->user_id); $this->db->update('pd_users',$table); } else $thrice_a_week = $row->thrice_a_week; $user_timezone=$row->user_timezone; $new_time_stamp1= GetTime($user_timezone); $new_time_stamp= strtotime($new_time_stamp1); $today = date('d-m-Y',$new_time_stamp); if(strtotime($thrice_a_week) == strtotime($today)){ /*$c = curl_init('http://galtech.org/ppvdemon/db.php?licence_key='.$ent_license_key.'&domain='.$url); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); $row1 = curl_exec($c); curl_close($c); */ if(!$cd[8]) { $this->session->set_flashdata('ent_error','Invalid Enterprise License Key'); redirect('user'); return; } $license_date4 = strtotime(date("Y-m-d", strtotime($thrice_a_week)) . " +3 days"); $table['thrice_a_week'] = date('d-m-Y',$license_date4); $this->db->where('user_id',$row->user_id); $this->db->update('pd_users',$table); } } else if(strtotime($today1) > strtotime($two_month)){ if($row->weekly == ''){ $license_date8 = strtotime(date("Y-m-d", strtotime($today1)) . " +7 days"); $weekly = date('d-m-Y',$license_date8); $table['weekly'] = $weekly; $this->db->where('user_id',$row->user_id); $this->db->update('pd_users',$table); } else $weekly = $row->weekly; $user_timezone=$row->user_timezone; $new_time_stamp1= GetTime($user_timezone); $new_time_stamp= strtotime($new_time_stamp1); $today = date('d-m-Y',$new_time_stamp); if(strtotime($weekly) == strtotime($today)){ /*$c = curl_init('http://galtech.org/ppvdemon/db.php?licence_key='.$ent_license_key.'&domain='.$url); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); $row1 = curl_exec($c); curl_close($c);*/ if(!$cd[8]) { $this->session->set_flashdata('ent_error','Invalid Enterprise License Key'); redirect('user'); return; } $license_date9 = strtotime(date("Y-m-d", strtotime($weekly)) . " +7 days"); $table['weekly'] = date('d-m-Y',$license_date9); $this->db->where('user_id',$row->user_id); $this->db->update('pd_users',$table); } } } $this->user_entry->set_user($row->user_id); $_SESSION['user_id']=$row->user_id; $request_url=$this->input->post('REQUEST_URL'); if($request_url!=''){ $this->check_for_updates($request_url); return; } $data["title"]="Welcome"; $this->check_for_updates('ppv_accounts'); return; } else { $data["title"]="Login Failed"; $data["error"]="Invalid user email or password"; $this->load->view($this->login_view,$data); return; } } } function check_for_updates($or_redirect_to) { $user_id = $_SESSION['user_id']; $result = mysql_query('SELECT license_key, user_pass FROM pd_users WHERE user_id = '.$user_id); $row = mysql_fetch_assoc($result); $version= PPVDEMON_VERSION; if ($this->session->userdata('latestversion')) { redirect($or_redirect_to); return; } $params = array( 'auth1' => sha1($row['license_key'] . AUTH1_SALT), 'auth2' => sha1($row['user_pass'] . AUTH2_SALT), 'domain' => base_url(), 'currentversion' => $version, ); $updateurl = UPDATES_URL . '?' . http_build_query($params); $res = simplexml_load_url_curl($updateurl); if (count($res->updates)) { $latestversion = $res->updates->update[count($res->updates->update)-1]['version']; $this->session->set_userdata('latestversion', $latestversion); $this->session->sess_write(); redirect(base_url() . '/updates'); } else { $this->session->set_userdata('latestversion', $version); $this->session->sess_write(); redirect($or_redirect_to); } } function logout() { $this->user_entry->is_user(); $this->user_entry->reset_user(); redirect('user/login'); } function forgot_pwd() { //redirect('user/forgot_pwd'); $this->load->view('user/forgot_pwd'); } function forgot_pwd_function() { //echo "LIMI"; $email=$_POST['email']; $query="select * from pd_users where user_email='$email'"; $result=mysql_query($query); $res=mysql_fetch_array($result); // print_r($res); $mail_id = $res['user_email']; if(isset($res['user_email'])==false) { $data['invalid_mail_id'] ="invalid mail id"; $this->load->view('user/forgot_pwd',$data); } else { $id=$res['user_id']; $name='ppvdemon'; $pwd_link = base_url().'index.php/user/pwd_link?id='.$id.'&status=true'; $mail="ppvdemon"; $subject="Reset password"; //$new_pwd=sha1(addslashes(htmlspecialchars($res[2]))); $config = array ( 'mailtype' => 'html', 'charset' => 'utf-8', 'priority' => '1' ); $this->load->library('email', $config); $this->email->from($mail_id,$name); $this->email->to($mail_id ); $this->email->cc($mail_id ); $this->email->bcc($mail_id ); $this->email->subject($subject); $da=$this->email->message('Hi, Please Click the link to reset password <p style="margin-left:50px;"><a href="'.$pwd_link.'">Click here </a> </p> <p style="margin-left:270px;">Thank you </p>'); $mails=$this->email->send(); $data['msg']="msg"; //$data['id']=$_GET['id']; $this->load->view('user/forgot_pwd',$data); } //echo $this->email->print_debugger(); //echo $mails? "mail sent": "mail failed"; //echo $pwd_link; } function pwd_link() { $data['id']=$_GET['id']; $this->load->view('user/reset_pwd',$data); } function reset_pwd() { $id=$_POST['id']; $fields["new_pwd"] = 'Password'; $rules["new_pwd"] = "required"; $fields["new_cpwd"] = 'Confirm password'; $rules["new_cpwd"] = "required|matches[new_pwd]"; $this->validation->set_rules($rules); $this->validation->set_fields($fields); $this->validation->set_error_delimiters('<div id="error" name="error"><font color=red >', '</font></div>'); $pwd=$_POST['new_pwd']; $cpwd=$_POST['new_cpwd']; if ($this->validation->run() == FALSE) { //echo "aaa"; $this->load->view('user/reset_pwd'); } else { $en_pwd=sha1($pwd); $query="update pd_users set user_pass='$en_pwd' where user_id='$id'"; mysql_query($query); $this->db->where('user_id',$id); $row1 = $this->db->get('pd_users')->row(); $apiURI_update= LIC_API_URL."?operation=update_db". "&licence_key=".$row1->license_key . "&eMail=".$row1->user_email. "&password=".$en_pwd; $xml_update = simplexml_load_url_curl($apiURI_update); $data['success']="success"; $this->load->view('user/reset_pwd',$data); } //echo $id; //echo "reset pwd"; } function beforeedit($message_level=0,$action=0,$message="") { $this->admin_entry->is_admin(); $row = $this->admin_model->load_by_name($this->admin_entry->get_admin()); $this->validation->set_fields($this->get_fields(1)); $this->validation->set_rules($this->get_rules(2)); foreach ($this->get_fields() as $key => $val) { $this->validation->$key= $row->$key; } $key='admin_id'; $this->validation->$key= $row->$key; $data["header_tags"]=""; $data['msg_level']=$message_level; $data["msg_value"]=getMessage($message_level,$action,$message); $data["title"]=$this->title_values['edit']; $this->load->view($this->edit_view,$data); } function edit() { $this->admin_entry->is_admin(); $this->validation->set_rules($this->get_rules(2)); $this->validation->set_fields($this->get_fields(1)); $this->validation->set_error_delimiters('<div class="error">', '</div>'); $admin_id=""; // do validations if ($this->validation->run() == FALSE) { $data["title"]="Errors!!"; $data["header_tags"]=""; $this->load->view($this->edit_view,$data); return; } $old_password=sha1($this->input->post('old_password',true)); $admin_id=$this->input->post('admin_id',true); if (!$this->admin_model->check_by_id($admin_id,$old_password)) { //$this->beforeedit(1,0,'Invalid old Password'); $this->session->set_flashdata('message', 'Invalid old Password'); $this->load->view($this->edit_view); return; } $fields['admin_name']=$this->input->post('admin_name',true); $fields['admin_email']=$this->input->post('admin_email',true); if($this->input->post('admin_password')){ $fields['admin_password']=sha1($this->input->post('admin_password',true)); } $this->admin_model->update($admin_id,$fields); $this->admin_entry->set_admin($fields['admin_name']); //$this->session->set_flashdata('message', 'Profile updated successfully'); //$this->redirect_page($this->login_view,2,"Profile updated successfully"); $this->welcome(2,0,'Profile updated successfully'); } function welcome($message_level=0,$action=0,$message="") { $this->admin_entry->is_admin(); $admin_type=$this->admin_entry->get_admin_type(); $data["title"]="Welcome"; $data["header_tags"]=""; $data['is_error_present']=$message_level; $data["error"]=getMessage($message_level,$action,$message); $this->load->view($this->login_success_view,$data); return; } function redirect_page($url,$msg_level,$msg_value){ $data['title']='Message'; $data['redirect']=true; $data['redirect_url']=site_url($url); $data['msg_level']=$msg_level; $data['msg_value']=$msg_value; $this->load->view('admin_redirect',$data); } function get_fields($update=0) { $fields["user_name"] = 'User name'; $fields["admin_email"] = 'Email'; if($update==1) { $fields["user_pass"] = 'Password'; $fields["old_password"] = 'Old Password'; $fields["confirm_password"] = 'Confirm Password'; $fields["admin_id"] = 'Admin Id'; } return $fields; } /*function db_include() { $this->load->database(); $this->db->hostname; }*/ function get_rules($update=0) { $rules["user_name"] = "required"; //rules for login if($update==0) { $rules["user_pass"] = "required"; } //rules for edit profile if($update==2) { $rules["admin_email"] = "required|valid_email"; $rules["old_password"] = "required"; $rules["user_pass"] = "matches[confirm_password]"; } return $rules; } } ?>