public function requireLoggedOut($uri, $actions)
{
if (in_array($uri['action'], $actions) && isset($_SESSION['user_id'])) {
Application::flash('error', 'You are already logged in!');
$this->app->redirect_to('items');
exit;
}
}
function remove()
{
$user = User::get_by_id($_SESSION['user_id']);
if ($user->deauthenticate() == TRUE) {
Application::flash('info', 'You are now logged out.');
Application::redirect_to('items');
} else {
Application::flash('info', 'Nothing to see here.');
$this->loadView();
}
}
public static function initialise()
{
require_once 'vendor/autoload.php';
try {
require_once 'lib/routing.php';
$uri = Routing::fetch_uri();
$controller = ucfirst($uri['controller']) . 'Controller';
@(include "controllers/{$uri['controller']}_controller.php");
if (substr($uri['action'], 0, 1) == '?') {
$uri['action'] = '';
}
if (empty($uri['action']) && method_exists($controller, 'index')) {
$uri['action'] = 'index';
}
// If controller found and action exists
if (class_exists($controller) && method_exists($controller, $uri['action'])) {
$app = new $controller();
} else {
$uri = Routing::route();
$controller = ucfirst($uri['controller']) . 'Controller';
include "controllers/{$uri['controller']}_controller.php";
$app = new $controller();
}
$app->loadConfig();
$app->loadTwig();
$app->loadAws();
$app->loadModels();
$app->loadPlugins();
$app->uri = $uri;
// Helper var to simplify reponding to json
$app->json = $app->uri['format'] == 'json';
require_once 'lib/filter.php';
$app->runFilters();
$app->loadDefaultLibs();
// Set timezone from config
date_default_timezone_set($config->timezone);
// Call relevant function in controller
$app->loadAction();
unset($_SESSION['flash']);
} catch (ValidationException $e) {
ob_end_clean();
Application::flash('error', $e->getMessage());
header('Location: ' . $_SERVER['HTTP_REFERER']);
} catch (RoutingException $e) {
ob_end_flush();
// RoutingExceptions only thrown from static context
// so must set up new Application before rendering 404
$app = new Application();
$app->loadView('pages/404');
} catch (ApplicationException $e) {
ob_end_flush();
$e->app->loadView('pages/500');
}
}
function add()
{
$user = User::get_by_id($_SESSION['user_id']);
$_POST['email'] = trim($_POST['email']);
$error = '';
if ($_POST['email'] == '') {
$error .= 'Please enter an email address.<br />';
}
if ($user->invites < 1) {
$error .= 'You don\'t have any invites remaining.<br />';
}
// Check if email contains spaces
if (User::check_contains_spaces($_POST['email']) == TRUE) {
$error .= 'Email address cannot contain spaces.<br />';
}
if (User::check_contains_at($_POST['email']) != TRUE) {
$error .= 'Email must contain an @ symbol.<br />';
}
// Check if already invited
if (Invite::check_invited($_SESSION['user_id'], $_POST['email']) == TRUE) {
$error .= 'You have already invited this person.<br />';
}
// Check if already a user
if (is_object(User::get_by_email($_POST['email'])) == TRUE) {
$error .= 'This person is already using ' . $this->config->name . '!<br />';
}
if ($error == '') {
// No problems so do signup + login
// Add invite to database
$id = Invite::add($_SESSION['user_id'], $_POST['email']);
// Decrement invites in users table
$user->update_invites(-1);
// Award points
if (isset($this->plugins->points)) {
$this->plugins->points->update($_SESSION['user_id'], $this->plugins->points['per_invite_sent']);
}
// Log invite
if (isset($this->plugins->log)) {
$this->plugins->log->add($_SESSION['user_id'], 'invite', $id, 'add', $_POST['email']);
}
$admin = User::get_by_id($this->config->admin_users[0]);
$to = array('email' => $_POST['email']);
$subject = '[' . $this->config->name . '] An invitation from ' . $user->username;
$link = $this->config->url . 'signup/' . $id;
$body = $this->twig_string->render(file_get_contents("themes/{$this->config->theme}/emails/invite_friend.html"), array('user' => $user, 'link' => $link, 'app' => $this));
// Email user
$this->email->send_email($to, $subject, $body);
Application::flash('success', 'Invite sent!');
} else {
$this->uri['params']['email'] = $_POST['email'];
Application::flash('error', $error);
}
$this->index();
}
function grant_invites()
{
if ($this->uri['params']['count'] > 0) {
Admin::update_invites($this->uri['params']['count']);
Application::flash('success', 'Invites updated!');
}
$this->users();
}
private function signup_full()
{
$error = '';
// Check email
$_POST['email'] = trim($_POST['email']);
$email_check = $this->check_email($_POST['email']);
if ($email_check !== TRUE) {
$error .= $email_check;
}
// Check username
$username_check = $this->check_username($_POST['username']);
if ($username_check !== TRUE) {
$error .= $username_check;
}
// Check password
$password_check = $this->check_password($_POST['password1'], $_POST['password2']);
if ($password_check !== TRUE) {
$error .= $password_check;
}
// Error processing
if ($error == '') {
// No error so proceed...
// First check if user added
$user = User::get_by_email($_POST['email']);
// If not then add
if ($user == NULL) {
$user_id = User::add($_POST['email']);
$user = User::get_by_id($user_id);
}
// Do signup
User::signup($user->id, $_POST['username'], $_POST['password1'], $this->config->encryption_salt);
if ($this->config->send_emails == TRUE) {
// Send 'thank you for signing up' email
$admin = User::get_by_id($this->config->admin_users[0]);
$to = array('name' => $_POST['username'], 'email' => $_POST['email']);
$subject = '[' . $this->config->name . '] Welcome to ' . $this->config->name . '!';
$body = $this->twig_string->render(file_get_contents("themes/{$this->config->theme}/emails/signup.html"), array('username' => $_POST['username'], 'app' => $this));
// Email user
$this->email->send_email($to, $subject, $body);
}
// Log signup
if (isset($this->plugins->log)) {
$this->plugins->log->add($user->id, 'user', NULL, 'signup');
}
// Admin alert email
if ($this->config->send_emails && $this->config->signup_email_notifications == TRUE) {
$admin = User::get_by_id($this->config->admin_users[0]);
$to = array('name' => $admin->username, 'email' => $admin->email);
$subject = '[' . $this->config->name . '] New signup on ' . $this->config->name . '!';
$link = substr($this->config->url, 0, -1) . $this->url_for('users', 'show', $user->id);
$body = $this->twig_string->render(file_get_contents("themes/{$this->config->theme}/emails/admin_signup_notification.html"), array('link' => $link, 'app' => $this));
// Email user
$this->email->send_email($to, $subject, $body);
}
// Start session
$_SESSION['user_id'] = $user->id;
// Check invites are enabled and the code is valid
if ($this->config->invites->enabled == TRUE && Invite::check_code_valid($_POST['code'], $_POST['email']) == TRUE) {
// Get invites
$invites = Invite::list_by_code($_POST['code']);
if (is_array($invites)) {
foreach ($invites as $invite) {
// Update invites
$invite->update();
// Log invite update
if (isset($this->plugins->log)) {
$this->plugins->log->add($_SESSION['user_id'], 'invite', $invite->id, 'accept');
}
// Update points (but only if inviting user is not an admin)
if (isset($this->plugins->points) && in_array($invite->user_id, $this->config->admin_users) != TRUE) {
// Update points
$this->plugins->points->update($invite->user_id, $this->plugins->points['per_invite_accepted']);
// Log points update
if (isset($this->plugins->log)) {
$this->plugins->log->add($invite->user_id, 'points', NULL, $this->plugins->points['per_invite_accepted'], 'invite_accepted = ' . $invite->id);
}
}
}
// end foreach
}
// end if is_array
}
// Log login
if (isset($this->plugins->log)) {
$this->plugins->log->add($_SESSION['user_id'], 'user', NULL, 'login');
}
// If redirect_to is set then redirect
if ($this->uri['params']['redirect_to']) {
header('Location: ' . $this->uri['params']['redirect_to']);
exit;
}
// Set welcome message
Application::flash('success', 'Welcome to ' . $this->config->name . '!');
// Go forth!
header('Location: ' . $this->config->url);
exit;
} else {
// There was an error
// Propagate get vars to be picked up by the form
$this->uri['params']['email'] = $_POST['email'];
$this->uri['params']['username'] = $_POST['username'];
if (isset($_POST['code'])) {
$this->code = $_POST['code'];
}
// Show error message
Application::flash('error', $error);
// Show signup form
$this->loadView('users/add', array('title' => 'Signup'));
}
}
function remove($item_id)
{
$item = Item::get_by_id($item_id);
if ($_SESSION['user_id'] == $item->user->id && $item != NULL) {
// Delete item
$item->remove();
// Log item deletion
if (isset($this->plugins->log)) {
$this->plugins->log->add($_SESSION['user_id'], 'item', $item->id, 'remove');
}
// Delete comments
if (is_array($item->comments)) {
foreach ($item->comments as $comment) {
// Remove comment
$id = $comment->remove();
// Log comment removal
if (isset($this->plugins->log)) {
$this->plugins->log->add($_SESSION['user_id'], 'comment', $id, 'remove');
}
}
}
// Delete likes
if (is_array($item->comments)) {
foreach ($item->likes as $like) {
// Remove like
$id = $like->remove();
// Log like removal
if (isset($this->plugins->log)) {
$this->plugins->log->add($_SESSION['user_id'], 'like', $like->id, 'remove');
}
}
}
// Set message
Application::flash('success', ucfirst($this->config->items->name) . ' removed!');
// Return from whence you came
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit;
} else {
// Naughtiness = expulsion!
// Go forth
header('Location: ' . $this->config->url);
exit;
}
}
