<?php
Class UserActions extends Aj {
function register() {
global $config, $db;
$error = '';
$first_name = '';
$last_name = '';
$username = '';
$email = '';
$password = '';
$users = LoadEndPointResource('users');
if ($users) {
if (isset($_POST) && !empty($_POST)) {
if ($_POST[ 'password' ] !== $_POST[ 'c_password' ]) {
$error .= '<p>• ' . __('Passwords Don\'t Match.') . '</p>';
}
UNSET($_POST[ 'c_password' ]);
$first_name = Secure($_POST[ 'first_name' ]);
$last_name = Secure($_POST[ 'last_name' ]);
$username = Secure($_POST[ 'username' ]);
$email = Secure($_POST[ 'email' ]);
$password = $_POST[ 'password' ];
if (isset($_POST[ 'username' ]) && empty($_POST[ 'username' ])) {
$error .= '<p>• ' . __('Missing username.') . '</p>';
}
if (isset($_POST[ 'password' ]) && empty($_POST[ 'password' ])) {
$error .= '<p>• ' . __('Missing password.') . '</p>';
}
if (!filter_var($_POST[ 'email' ], FILTER_VALIDATE_EMAIL)) {
$error .= '<p>• ' . __('This E-mail is invalid.') . '</p>';
}
if ($users->isUsernameExists($username)) {
$error .= '<p>• ' . __('This User name is Already exist.') . '</p>';
}
if ($users->isEmailExists($email)) {
$error .= '<p>• ' . __('This E-mail is Already exist.') . '</p>';
}
if (strlen($username) < 5 OR strlen($username) > 32) {
$error .= '<p>• ' . __('Username must be between 5/32.') . '</p>';
}
if (!preg_match('/^[\w]+$/', $username)) {
$error .= '<p>• ' . __('Invalid username characters.') . '</p>';
}
if (strlen($password) < 6) {
$error .= '<p>• ' . __('Password is too short.') . '</p>';
}
if (Wo_IsBanned($username)) {
$error .= '<p>• ' . __('The username is blacklisted and not allowed, please choose another username.') . '</p>';
}
if (Wo_IsBanned($email)) {
$error .= '<p>• ' . __('The email address is blacklisted and not allowed, please choose another email.') . '</p>';
}
if (preg_match_all('~@(.*?)(.*)~', $email, $matches) && !empty($matches[2]) && !empty($matches[2][0]) && Wo_IsBanned($matches[2][0])) {
$error .= '<p>• ' . __('The email provider is blacklisted and not allowed, please choose another email provider.') . '</p>';
}
if(!empty($config->specific_email_signup)){
if (preg_match_all('~@(.*?)(.*)~', $_POST['email'], $matches) && !empty($matches[2]) && !empty($matches[2][0]) && $matches[2][0] !== $config->specific_email_signup) {
$error = str_replace('{0}',$config->specific_email_signup , __('you must signup using {0} only.'));
}
}
if ($error == '') {
$re_data = $_POST;
$ref_user_id = null;
$ref = ($_SESSION['ref']) ? $_SESSION['ref'] : $_COOKIE['ref'];
if (!empty($ref) && $config->affiliate_type == 0) {
$ref_user_id = UserIdFromUsername($ref);
if (!empty($ref_user_id) && is_numeric($ref_user_id)) {
$re_data['referrer'] = Secure($ref_user_id);
$re_data['src'] = Secure('Referrer');
$update_balance = Wo_UpdateBalance($ref_user_id, $config->amount_ref);
unset($_SESSION['ref']);
setcookie('ref', '', 1, '/');
}
}
$regestered_user = $users->register($re_data);
if ($regestered_user[ 'code' ] == 200) {
$user = $users->login($username, $password);
if ($user[ 'code' ] == 200) {
SessionStart();
$JWT = $user[ 'userProfile' ]->web_token;
$url = $config->uri . '/steps';
$_SESSION[ 'JWT' ] = $user[ 'userProfile' ];
$_SESSION[ 'user_id' ] = $JWT;
return array(
'status' => 200,
'message' => __('Registration successfully'),
'url' => $url,
'cookies' => array(
'JWT' => $user[ 'userProfile' ]->web_token
)
);
} else {
$error .= '<p>• ' . __('Incorrect username or password.') . '</p>';
}
} else {
$error .= '<p>• ' . $regestered_user[ 'message' ] . '</p>';
}
}
}
if ($error !== '') {
return array(
'status' => 401,
'message' => $error
);
}
} else {
return array(
'status' => 401,
'message' => '<p>• ' . __('Resource endpoint class file not found.') . '</p>'
);
}
}
function login() {
global $app, $config, $db;
$error = '';
$users = LoadEndPointResource('users');
if ($users) {
if (isset($_POST) && !empty($_POST)) {
if (isset($_POST[ 'username' ]) && empty($_POST[ 'username' ])) {
$error .= '<p>• ' . __('Missing username.') . '</p>';
}
if (isset($_POST[ 'password' ]) && empty($_POST[ 'password' ])) {
$error .= '<p>• ' . __('Missing password.') . '</p>';
}
if (isset($_POST[ 'username' ]) && !empty($_POST[ 'username' ]) && isset($_POST[ 'password' ]) && !empty($_POST[ 'password' ])) {
$username = secure($_POST['username']);
$password = secure($_POST['password']);
$getUser = $db->where("(username = ? or email = ?)", array(
$username,
$username
))->getOne('users', ["password", "id", "active","admin","username"]);
if (TwoFactor($getUser['id']) === false) {
session_start();
$_SESSION['code_id'] = $getUser['id'];
// setcookie("code_id", $getUser['id'], time() + (10 * 365 * 24 * 60 * 60), '/');
// $_COOKIE['code_id'] = $getUser['id'];
return array(
'status' => 600,
'url' => $config->uri . '/unusual-login?type=two-factor'
);
}
$user = $users->login($_POST[ 'username' ], $_POST[ 'password' ]);
if ($user[ 'code' ] == 200) {
SessionStart();
if ( $config->maintenance_mode == 1 ) {
if ($user[ 'userProfile' ]->admin === "0") {
return array(
'status' => 400,
'message' => '<p>• Website maintenance mode is active, Login for user is forbidden</p>'
);
}
}
$JWT = $user[ 'userProfile' ]->web_token;
$url = '';
if ($user[ 'userProfile' ]->start_up == 3 && $user[ 'userProfile' ]->verified == 1) {
$url = $config->uri . '/find-matches';
} else {
$url = $config->uri . '/steps';
}
$_SESSION[ 'JWT' ] = $user[ 'userProfile' ];
$_SESSION[ 'user_id' ] = $JWT;
return array(
'status' => 200,
'message' => __('Login successfully'),
'url' => $url,
'cookies' => array(
'JWT' => $JWT
)
);
} else {
$error .= '<p>• ' . __('Incorrect username or password.') . '</p>';
}
} else {
return array(
'status' => 400,
'message' => '<p>• ' . __('An error occurred while processing the form.') . '</p>'
);
}
if ($error !== '') {
return array(
'status' => 401,
'message' => $error
);
}
}
} else {
return array(
'status' => 401,
'message' => '<p>• ' . __('Resource endpoint class file not found.') . '</p>'
);
}
}
function forget_password() {
global $db;
$error = '';
$email = '';
$users = LoadEndPointResource('users');
if ($users) {
if (isset($_POST) && !empty($_POST)) {
if (isset($_POST[ 'email' ]) && empty($_POST[ 'email' ])) {
$error .= '<p>• ' . __('Missing E-mail.') . '</p>';
}
if (!filter_var($_POST[ 'email' ], FILTER_VALIDATE_EMAIL)) {
$error .= '<p>• ' . __('This E-mail is invalid.') . '</p>';
}
if (!$users->isEmailExists($_POST[ 'email' ])) {
$error .= '<p>• ' . __('This E-mail') . ' "' . $_POST[ 'email' ] . '" ' . __('is not registered.') . '</p>';
}
$email = Secure($_POST[ 'email' ]);
if ($error == '') {
$user = $db->where('email', $email)->getOne('users');
if ($user) {
$_email_code = Secure(rand(1111, 9999));
$db->where('id', $user['id'])->update('users',array('email_code'=>$_email_code));
$message_body = Emails::parse('auth/forget', array(
'first_name' => ($user[ 'first_name' ] !== '' ? $user[ 'first_name' ] : $user[ 'username' ]),
'email_code' => $_email_code
));
$send = SendEmail($email, self::Config()->site_name . ' ' . __('password reset.'), $message_body);
if ($send) {
$_SESSION[ 'verify_email' ] = $email;
return array(
'status' => 200,
'message' => __('Reset password email sent successfully.'),
'ajaxRedirect' => '/mail-otp/' . base64_encode(strrev($email)),
'cookies' => array(
'verify_email' => $email
)
);
} else {
$error .= '<p>• ' . __('Server can\'t send email to') . ' " ' . $email . '" ' . __('right now, please try again later.') . '</p>';
}
}
}
} else {
return array(
'status' => 400,
'message' => '<p>• ' . __('An error occurred while processing the form.') . '</p>'
);
}
if ($error !== '') {
return array(
'status' => 400,
'message' => $error
);
}
} else {
return array(
'status' => 401,
'message' => '<p>• ' . __('Resource endpoint class file not found.') . '</p>'
);
}
}
function mailotp() {
global $db;
$error = '';
$email = '';
$email_code = '';
$users = LoadEndPointResource('users');
if ($users) {
if (isset($_POST) && !empty($_POST)) {
if (isset($_POST[ 'email' ]) && empty($_POST[ 'email' ])) {
$error .= '<p>• ' . __('Missing E-mail.') . '</p>';
} else {
if (!filter_var($_POST[ 'email' ], FILTER_VALIDATE_EMAIL)) {
$error .= '<p>• ' . __('This E-mail is invalid.') . '</p>';
} else {
if (!$users->isEmailExists($_POST[ 'email' ])) {
$error .= '<p>• ' . __('This E-mail') . ' "' . $_POST[ 'email' ] . '" ' . __('is not registered.') . '</p>';
}
}
}
if (isset($_POST[ 'email_code' ]) && empty($_POST[ 'email_code' ])) {
$error .= '<p>• ' . __('Missing email code.') . '</p>';
}
$email = Secure($_POST[ 'email' ]);
$email_code = Secure($_POST[ 'email_code' ]);
$user = $db->where('email', $email)->where('email_code', $email_code)->getOne('users');
if ($user) {
if ($user[ 'email_code' ] == $email_code) {
return array(
'status' => 200,
'message' => __('Email verified successfully'),
'ajaxRedirect' => '/reset/' . base64_encode(strrev($email)),
'cookies' => array(
'email_code' => $user[ 'email_code' ]
)
);
} else {
$error .= '<p>• ' . __('Wrong email verification code.') . '</p>';
}
} else {
$error .= '<p>• ' . __('No user found with this email or code.') . '</p>';
}
}
if ($error !== '') {
return array(
'status' => 400,
'message' => $error
);
}
} else {
return array(
'status' => 401,
'message' => '<p>• ' . __('Resource endpoint class file not found.') . '</p>'
);
}
}
function resetpassword() {
global $db, $config;
$error = '';
$email = '';
$email_code = '';
$password = '';
$new_password = '';
$users = LoadEndPointResource('users');
if ($users) {
if (isset($_POST) && !empty($_POST)) {
if ((isset($_POST[ 'email' ]) && empty($_POST[ 'email' ])) && (isset($_POST[ 'email' ]) && empty($_POST[ 'email' ]))) {
$error .= '<p>• ' . __('You are not allowed to open this page directly.') . '</p>';
} else {
if (isset($_POST[ 'email' ]) && empty($_POST[ 'email' ])) {
$error .= '<p>• ' . __('Missing E-mail.') . '</p>';
} else {
if (!filter_var($_POST[ 'email' ], FILTER_VALIDATE_EMAIL)) {
$error .= '<p>• ' . __('This E-mail is invalid.') . '</p>';
} else {
if (!$users->isEmailExists($_POST[ 'email' ])) {
$error .= '<p>• ' . __('This E-mail') . ' "' . $_POST[ 'email' ] . '" ' . __('is not registered.') . '</p>';
}
}
}
if (isset($_POST[ 'email_code' ]) && empty($_POST[ 'email_code' ])) {
$error .= '<p>• ' . __('Missing email code.') . '</p>';
} else {
if (!is_numeric($_POST[ 'email_code' ])) {
$error .= '<p>• ' . __('This Email code is invalid.') . '</p>';
}
}
if (isset($_POST[ 'password' ]) && empty($_POST[ 'password' ])) {
$error .= '<p>• ' . __('Empty password.') . '</p>';
} else {
if ($_POST[ 'password' ] !== $_POST[ 'c_password' ]) {
$error .= '<p>• ' . __('Passwords Don\'t Match.') . '</p>';
}
if (!empty($_POST[ 'password' ]) && strlen($_POST[ 'password' ]) < 6) {
$error .= '<p>• ' . __('Password is too short.') . '</p>';
}
}
}
if ($error == '') {
$email = Secure($_POST[ 'email' ]);
$email_code = Secure($_POST[ 'email_code' ]);
$user = $db->where('email', $email)->where('email_code', $email_code)->getOne('users');
if ($user) {
if ($user[ 'email_code' ] == $email_code) {
$new_password = password_hash(Secure($_POST[ 'password' ]), PASSWORD_DEFAULT, array(
'cost' => 11
));
$updated = $db->where('id', $user[ 'id' ])->update('users', array(
'password' => $new_password
));
if ($updated) {
$new_user_login = $users->login($user[ 'email' ], Secure($_POST[ 'password' ]));
if ($new_user_login[ 'code' ] == 200) {
SessionStart();
$_SESSION[ 'JWT' ] = $new_user_login[ 'userProfile' ];
$url = '';
if ($new_user_login[ 'userProfile' ]->start_up == 3) {
$url = $config->uri . '/find-matches';
} else {
$url = $config->uri . '/steps';
}
return array(
'status' => 200,
'message' => __('Password reset successfully'),
'url' => $url,
'cookies' => array(
'JWT' => $new_user_login[ 'userProfile' ]->web_token
),
'remove_cookies' => array(
'verify_email' => true,
'email_code' => true,
'email' => true
)
);
} else {
$error .= '<p>• ' . __('Error While login with new password.') . '</p>';
}
} else {
$error .= '<p>• ' . __('Error While save new password.') . '</p>';
}
} else {
$error .= '<p>• ' . __('Wrong email verification code.') . '</p>';
}
} else {
$error .= '<p>• ' . __('No user found with this email or code.') . '</p>';
}
}
}
if ($error !== '') {
return array(
'status' => 400,
'message' => $error
);
}
} else {
return array(
'status' => 401,
'message' => '<p>• ' . __('Resource endpoint class file not found.') . '</p>'
);
}
}
function UpdateAnnouncementViews(){
global $conn, $wo,$is_admin;
// if ($is_admin == false) {
// return false;
// }
$id = Secure($_GET['id']);
$user_id = Secure(self::ActiveUser()->id);
if (IsActiveAnnouncement($id) === false) {
return false;
}
if (IsViewedAnnouncement($id) === true) {
return false;
}
$query_one = mysqli_query($conn, "INSERT INTO `announcement_views` (`user_id`, `announcement_id`) VALUES ('{$user_id}', '{$id}')");
if ($query_one) {
return array(
'status' => 200);
}
}
function get_sms_verification_code() {
global $db;
if (self::ActiveUser() == NULL) {
return array(
'status' => 403,
'message' => __('Forbidden')
);
}
if (self::ActiveUser()->smscode !== '') {
return array(
'status' => 200,
'code' => self::ActiveUser()->smscode
);
} else {
return array(
'status' => 204
);
}
}
function send_verefication_sms() {
$data = array(
'status' => 200
);
global $db;
if (self::ActiveUser() == NULL) {
return array(
'status' => 403,
'message' => __('Forbidden')
);
}
$error = '';
$phone = '';
$users = LoadEndPointResource('users');
if ($users) {
if (isset($_GET) && !empty($_GET)) {
if (empty($_GET[ 'phone' ])) {
$error = '<p>• ' . __('Missing phone number.') . '</p>';
}
$phone = Secure($_GET[ 'phone' ]);
if (substr($_GET[ 'phone' ], 0, 1) !== '+') {
$error = '<p>• ' . __('Please provide international number with your area code starting with +.') . '</p>';
}
if (strlen($phone) < 6 OR strlen($phone) > 32) {
$error = '<p>• ' . __('Please enter valid number.') . '</p>';
}
if (!is_numeric(substr($phone, 1))) {
$error = '<p>• ' . __('Invalid phone number characters.') . '</p>';
}
$mob = $db->objectBuilder()->where('phone_number', str_replace('+', '', $phone))->where('id', self::ActiveUser()->id, '<>')->getValue('users', 'id');
if ($mob > 0) {
$error .= '<p>• ' . __('This Mobile number is Already exist.') . '</p>';
}
$activation_request_count = $db->where('id', self::ActiveUser()->id)->getValue('users', 'activation_request_count');
$last_activation_request = $db->where('id', self::ActiveUser()->id)->getValue('users', 'last_activation_request');
if( self::Config()->activation_limit_system == '1' ){
if( $activation_request_count >= self::Config()->max_activation_request ){
$error = '<p>• ' . __('You have been exceed the activation request limit.') . '</p>';
}
$timediff = intval( floor( time() - $last_activation_request ) / 60 );
if( $timediff < intval( self::Config()->activation_request_time_limit ) ){
$error = '<p>• ' . __('You have to wait') . ' ' . self::Config()->activation_request_time_limit . ' ' . __( ' minutes before you try to activate again.') . '</p>';
}
}
if ($error == '') {
$message = __('Mobile Activation code.') . ' ' . self::ActiveUser()->smscode;
$send = SendSMS($phone, $message);
if ($send) {
if( self::Config()->activation_limit_system == '1' ){
$db->where('id', self::ActiveUser()->id)->update('users', array('activation_request_count' => $db->inc(1) , 'last_activation_request' => time() ));
}
return array(
'status' => 200,
'message' => __('Verification sms sent successfully.')
);
} else {
$error = '<p>• ' . __('Can\'t send verification sms, please try again later.') . '</p>';
}
}else{
return array(
'status' => 400,
'message' => $error
);
}
}
}
if ($error !== '') {
return array(
'status' => 400,
'message' => $error
);
}
}
function get_email_verification_code() {
global $db;
if (self::ActiveUser() == NULL) {
return array(
'status' => 403,
'message' => __('Forbidden')
);
}
if (self::ActiveUser()->email_code !== '') {
return array(
'status' => 200,
'code' => self::ActiveUser()->email_code
);
} else {
return array(
'status' => 204
);
}
}
function send_verefication_email() {
global $db;
if (self::ActiveUser() == NULL) {
return array(
'status' => 403,
'message' => __('Forbidden')
);
}
$error = '';
$email = '';
$users = LoadEndPointResource('users');
if ($users) {
if (isset($_POST) && !empty($_POST)) {
$email = strtolower(Secure($_POST[ 'email' ]));
if (isset($_POST[ 'email' ]) && empty($_POST[ 'email' ])) {
$error = '• ' . __('Missing email.');
}
if (!filter_var($_POST[ 'email' ], FILTER_VALIDATE_EMAIL)) {
$error = '• ' . __('This E-mail is invalid.');
}
if (strtolower(self::ActiveUser()->email) !== $email) {
if ($users->isEmailExists($email)) {
$error = __('This E-mail is Already exist.');
}
}
if ($error == '') {
$message_body = Emails::parse('auth/activate', array(
'first_name' => (self::ActiveUser()->first_name !== '' ? self::ActiveUser()->first_name : self::ActiveUser()->username),
'email_code' => self::ActiveUser()->email_code
));
if (strtolower(self::ActiveUser()->email) !== $email) {
$email = strtolower($email);
} else {
$email = strtolower(self::ActiveUser()->email);
}
$send = SendEmail($email, __('Thank you for your registration.'), $message_body);
if ($send) {
if (strtolower(self::ActiveUser()->email) !== $email) {
$db->where('id', self::ActiveUser()->id)->update('users', array(
'email' => $email
));
$_SESSION[ 'userEdited' ] = true;
}
return array(
'status' => 200
);
} else {
return array(
'status' => 403,
'message' => __('Can\'t send verification email, please try again later.')
);
}
} else {
return array(
'status' => 403,
'message' => $error
);
}
} else {
return array(
'status' => 403,
'message' => __('Can\'t send verification email, please try again later.')
);
}
} else {
return array(
'status' => 403,
'message' => __('Can\'t send verification email, please try again later.')
);
}
}
function save_user_location() {
global $db;
if (self::ActiveUser() == NULL) {
return array(
'status' => 403,
'message' => __('Forbidden')
);
}
$data = array();
if (isset($_POST[ 'lat' ]) && !empty($_POST[ 'lat' ])) {
$data[ 'lat' ] = Secure($_POST[ 'lat' ]);
}
if (isset($_POST[ 'lng' ]) && !empty($_POST[ 'lng' ])) {
$data[ 'lng' ] = Secure($_POST[ 'lng' ]);
}
$data[ 'last_location_update' ] = time();
$updated = $db->where('id', self::ActiveUser()->id)->update('users', $data);
if ($updated) {
return array(
'status' => 200
);
} else {
return array(
'status' => 204
);
}
}