require_once "../../global.php";
$action = Filter::text($_POST['action']);
if ($action == 'edit') {
// assign POST data to variables
$username = Filter::text($_GET['un']);
$pw = Filter::text($_POST['txtPassword']);
$pw2 = Filter::text($_POST['txtConfirmPassword']);
$email = Filter::email($_POST['txtEmail']);
$name = Filter::text($_POST['txtName']);
$month = Filter::text($_POST['selBirthMonth']);
$year = Filter::text($_POST['selBirthYear']);
$sex = Filter::text($_POST['selGender']);
$location = Filter::text($_POST['txtLocation']);
$biography = Filter::formattedText($_POST['txtBiography']);
$user = User::loadByUsername($username);
// make sure user exists
if ($user === null) {
$json = array('error' => 'That user does not exist.');
exit(json_encode($json));
}
// new passwords provided?
if ($pw != "" || $pw2 != "") {
// do the passwords match?
if ($pw != $pw2) {
$json = array('error' => 'Sorry, your new passwords do not match.');
exit(json_encode($json));
}
}
// validate email address
if ($email == "") {
$numNeeded = Filter::numeric($_POST['txtNumNeeded']);
$deadline = Filter::text($_POST['txtDeadline']);
// validate the data
// required fields
if ($title == '') {
$json = array('error' => 'You must provide a name for this task.');
exit(json_encode($json));
} elseif ($leaderName == '') {
$json = array('error' => 'This task must have a leader.');
exit(json_encode($json));
} elseif ($description == '') {
$json = array('error' => 'You must provide some instructions for this task.');
exit(json_encode($json));
}
// leader must be real, and a creator or organizer
$leader = User::loadByUsername($leaderName);
if ($leader === null) {
$json = array('error' => 'The user you specified to lead this task does not exist.');
exit(json_encode($json));
} elseif (!ProjectUser::isCreator($leader->getID(), $project->getID()) && !ProjectUser::isTrusted($leader->getID(), $project->getID())) {
$json = array('error' => 'Only the project creator or a trusted member may lead tasks.');
exit(json_encode($json));
}
// num needed must be numeric or empty
if ($numNeeded != '' && !is_numeric($numNeeded)) {
$json = array('error' => 'Number of people needed must be a valid number or empty (for unlimited).');
exit(json_encode($json));
}
// check for valid date
$formattedDeadline = strtotime($deadline);
if ($formattedDeadline === false && $deadline != '') {
$oForm2 = new Form();
if (isset($_POST["create"])) {
$oForm2->data = $_POST;
// form validation:
$oForm2->checkFilled("firstName");
$oForm2->checkFilled("lastName");
$oForm2->checkFilled("username");
$oForm2->checkFilled("email");
$oForm2->checkFilled("address");
$oForm2->checkFilled("telephone");
$oForm2->checkFilled("password");
$oForm2->checkFilled("confirmPassword");
$oForm2->compare("password", "confirmPassword");
$oTestCustomer = new User();
// testing if username exists in database
$bLoad = $oTestCustomer->loadByUsername($_POST["username"]);
// what username is posted
if ($bLoad == true) {
$oForm2->raiseCustomError("username", "* this username already exists");
// calls raiseCustomError message
}
if ($oForm2->valid == true) {
//no errors, therefore creates new user in system:
$oCustomer = new User();
$oCustomer->firstName = $_POST["firstName"];
$oCustomer->lastName = $_POST["lastName"];
$oCustomer->username = $_POST["username"];
$oCustomer->email = $_POST["email"];
$oCustomer->address = $_POST["address"];
$oCustomer->telephone = $_POST["telephone"];
$oCustomer->password = password_hash($_POST["password"], PASSWORD_DEFAULT);
//Format Deadline, if empty or an invalid date is given, default to a week from today
if (!empty($line[3])) {
$deadline = strtotime($line[3]);
if ($deadline == false) {
$deadline = strtotime("+1 week");
$deadline = date("Y-m-d H:i:s", $deadline);
} else {
$deadline = date("Y-m-d H:i:s", $deadline);
}
} else {
$deadline = strtotime("+1 week");
$deadline = date("Y-m-d H:i:s", $deadline);
}
//Format Leader, if empty or an invalid name is given, don't enter in anyone
if (!empty($line[4])) {
$leaderId = User::loadByUsername(Filter::alphanum($line[4]));
//***need to change with Chloe's updated user filter***
if (empty($leaderId)) {
$leaderId = Session::getUserID();
}
} else {
//$leaderId = NULL;
$leaderId = Session::getUserID();
}
}
//Create Task Record
$title = Filter::text($line[0]);
$description = Filter::text(iconv(mb_detect_encoding($line[1], mb_detect_order(), true), "UTF-8", $line[1]));
$task = new Task(array('creator_id' => Session::getUserID(), 'leader_id' => $leaderId, 'project_id' => $projectId, 'title' => $title, 'description' => $description, 'status' => 1, 'deadline' => $deadline, 'num_needed' => $numberOfPeople));
array_push($taskArray, $task);
//Increment row in file
$json = array('error' => $user->getUsername() . ' (' . $i . ') is already a trusted member of this project.');
exit(json_encode($json));
} elseif ($project->isMember($user->getID())) {
$json = array('error' => $user->getUsername() . ' (' . $i . ') is already a member of this project.');
exit(json_encode($json));
} else {
// add user to array
$users[] = $user;
}
} else {
// email address not found
$emails[] = $i;
}
} else {
// it's a username
$user = User::loadByUsername($i);
if ($user !== null) {
// user found
if ($project->isCreator($user->getID())) {
$json = array('error' => $user->getUsername() . ' (' . $i . ') is the creator of this project.');
exit(json_encode($json));
} elseif ($project->isTrusted($user->getID())) {
$json = array('error' => $user->getUsername() . ' (' . $i . ') is already a trusted member of this project.');
exit(json_encode($json));
} elseif ($project->isMember($user->getID())) {
$json = array('error' => $user->getUsername() . ' (' . $i . ') is already a member of this project.');
exit(json_encode($json));
} else {
// add user to array
$users[] = $user;
}
<!-- Navigation -->
<?php
require_once 'php/classes.php';
if (!isset($_GET['url'][0])) {
http_response_code(404);
header("Location: /404");
}
$user = new User();
if (!$user->loadByUsername($_GET['url'][0])) {
http_response_code(404);
header("Location: /404");
}
get_header();
?>
<!-- Page Content -->
<div class="container">
<!-- Page Heading/Breadcrumbs -->
<div class="row">
<div class="col-lg-12">
<h1 class="page-header">Profiel
<small></small>
</h1>
<ol class="breadcrumb">
<li><a href="/">Home</a>
</li>
<li class="active">Profiel</li>
</ol>
</div>
</div>
<!-- /.row -->
$pw = Filter::text($_POST['pw']);
$pw2 = Filter::text($_POST['pw2']);
$email = Filter::email($_POST['email']);
$name = Filter::text($_POST['name']);
$month = Filter::text($_POST['month']);
$year = Filter::text($_POST['year']);
$sex = Filter::text($_POST['sex']);
$location = Filter::text($_POST['location']);
$biography = Filter::text($_POST['biography']);
// make sure username is provided
if ($uname == "") {
$json = array('error' => 'You must provide a unique username to register.');
exit(json_encode($json));
}
// make sure username doesn't exist
$un = User::loadByUsername($uname);
if ($un != null) {
$json = array('error' => 'Sorry, that username is already taken. Please try another one.');
exit(json_encode($json));
}
// username blacklist
$blacklist = array("process", "------", "administrator", "create", "new", "admin", "edit", "delete", "invite", "tasks", "people", "basics", "activity");
foreach ($blacklist as $b) {
if ($uname == $b) {
$json = array('error' => 'Sorry, that username is not allowed.');
exit(json_encode($json));
}
}
// restrict username to a-zA-Z0-9- and at least 6 chars, max 20
// $pattern = "%^[a-zA-Z0-9-]{6,20}$%";
// if(!preg_match($pattern, $uname))
public function testLoadByNonexistentUsernameYieldsFalse()
{
$failureAffects = "Login will load nonexistent usernames";
$dbConfig = array();
$dbConfig['adapter'] = 'mysqli';
$dbConfig['host'] = 'mysql.dev.sendlove.us';
$dbConfig['dbname'] = 'LM_logintest';
$dbConfig['username'] = '******';
$dbConfig['password'] = '******';
$user = new User(new mysqli($dbConfig['host'], $dbConfig['username'], $dbConfig['password'], $dbConfig['dbname']));
$this->assertFalse($user->loadByUsername('*****@*****.**'));
}
