require_once "../../global.php"; $action = Filter::text($_POST['action']); if ($action == 'edit') { // assign POST data to variables $username = Filter::text($_GET['un']); $pw = Filter::text($_POST['txtPassword']); $pw2 = Filter::text($_POST['txtConfirmPassword']); $email = Filter::email($_POST['txtEmail']); $name = Filter::text($_POST['txtName']); $month = Filter::text($_POST['selBirthMonth']); $year = Filter::text($_POST['selBirthYear']); $sex = Filter::text($_POST['selGender']); $location = Filter::text($_POST['txtLocation']); $biography = Filter::formattedText($_POST['txtBiography']); $user = User::loadByUsername($username); // make sure user exists if ($user === null) { $json = array('error' => 'That user does not exist.'); exit(json_encode($json)); } // new passwords provided? if ($pw != "" || $pw2 != "") { // do the passwords match? if ($pw != $pw2) { $json = array('error' => 'Sorry, your new passwords do not match.'); exit(json_encode($json)); } } // validate email address if ($email == "") {
$numNeeded = Filter::numeric($_POST['txtNumNeeded']); $deadline = Filter::text($_POST['txtDeadline']); // validate the data // required fields if ($title == '') { $json = array('error' => 'You must provide a name for this task.'); exit(json_encode($json)); } elseif ($leaderName == '') { $json = array('error' => 'This task must have a leader.'); exit(json_encode($json)); } elseif ($description == '') { $json = array('error' => 'You must provide some instructions for this task.'); exit(json_encode($json)); } // leader must be real, and a creator or organizer $leader = User::loadByUsername($leaderName); if ($leader === null) { $json = array('error' => 'The user you specified to lead this task does not exist.'); exit(json_encode($json)); } elseif (!ProjectUser::isCreator($leader->getID(), $project->getID()) && !ProjectUser::isTrusted($leader->getID(), $project->getID())) { $json = array('error' => 'Only the project creator or a trusted member may lead tasks.'); exit(json_encode($json)); } // num needed must be numeric or empty if ($numNeeded != '' && !is_numeric($numNeeded)) { $json = array('error' => 'Number of people needed must be a valid number or empty (for unlimited).'); exit(json_encode($json)); } // check for valid date $formattedDeadline = strtotime($deadline); if ($formattedDeadline === false && $deadline != '') {
$oForm2 = new Form(); if (isset($_POST["create"])) { $oForm2->data = $_POST; // form validation: $oForm2->checkFilled("firstName"); $oForm2->checkFilled("lastName"); $oForm2->checkFilled("username"); $oForm2->checkFilled("email"); $oForm2->checkFilled("address"); $oForm2->checkFilled("telephone"); $oForm2->checkFilled("password"); $oForm2->checkFilled("confirmPassword"); $oForm2->compare("password", "confirmPassword"); $oTestCustomer = new User(); // testing if username exists in database $bLoad = $oTestCustomer->loadByUsername($_POST["username"]); // what username is posted if ($bLoad == true) { $oForm2->raiseCustomError("username", "* this username already exists"); // calls raiseCustomError message } if ($oForm2->valid == true) { //no errors, therefore creates new user in system: $oCustomer = new User(); $oCustomer->firstName = $_POST["firstName"]; $oCustomer->lastName = $_POST["lastName"]; $oCustomer->username = $_POST["username"]; $oCustomer->email = $_POST["email"]; $oCustomer->address = $_POST["address"]; $oCustomer->telephone = $_POST["telephone"]; $oCustomer->password = password_hash($_POST["password"], PASSWORD_DEFAULT);
//Format Deadline, if empty or an invalid date is given, default to a week from today if (!empty($line[3])) { $deadline = strtotime($line[3]); if ($deadline == false) { $deadline = strtotime("+1 week"); $deadline = date("Y-m-d H:i:s", $deadline); } else { $deadline = date("Y-m-d H:i:s", $deadline); } } else { $deadline = strtotime("+1 week"); $deadline = date("Y-m-d H:i:s", $deadline); } //Format Leader, if empty or an invalid name is given, don't enter in anyone if (!empty($line[4])) { $leaderId = User::loadByUsername(Filter::alphanum($line[4])); //***need to change with Chloe's updated user filter*** if (empty($leaderId)) { $leaderId = Session::getUserID(); } } else { //$leaderId = NULL; $leaderId = Session::getUserID(); } } //Create Task Record $title = Filter::text($line[0]); $description = Filter::text(iconv(mb_detect_encoding($line[1], mb_detect_order(), true), "UTF-8", $line[1])); $task = new Task(array('creator_id' => Session::getUserID(), 'leader_id' => $leaderId, 'project_id' => $projectId, 'title' => $title, 'description' => $description, 'status' => 1, 'deadline' => $deadline, 'num_needed' => $numberOfPeople)); array_push($taskArray, $task); //Increment row in file
$json = array('error' => $user->getUsername() . ' (' . $i . ') is already a trusted member of this project.'); exit(json_encode($json)); } elseif ($project->isMember($user->getID())) { $json = array('error' => $user->getUsername() . ' (' . $i . ') is already a member of this project.'); exit(json_encode($json)); } else { // add user to array $users[] = $user; } } else { // email address not found $emails[] = $i; } } else { // it's a username $user = User::loadByUsername($i); if ($user !== null) { // user found if ($project->isCreator($user->getID())) { $json = array('error' => $user->getUsername() . ' (' . $i . ') is the creator of this project.'); exit(json_encode($json)); } elseif ($project->isTrusted($user->getID())) { $json = array('error' => $user->getUsername() . ' (' . $i . ') is already a trusted member of this project.'); exit(json_encode($json)); } elseif ($project->isMember($user->getID())) { $json = array('error' => $user->getUsername() . ' (' . $i . ') is already a member of this project.'); exit(json_encode($json)); } else { // add user to array $users[] = $user; }
<!-- Navigation --> <?php require_once 'php/classes.php'; if (!isset($_GET['url'][0])) { http_response_code(404); header("Location: /404"); } $user = new User(); if (!$user->loadByUsername($_GET['url'][0])) { http_response_code(404); header("Location: /404"); } get_header(); ?> <!-- Page Content --> <div class="container"> <!-- Page Heading/Breadcrumbs --> <div class="row"> <div class="col-lg-12"> <h1 class="page-header">Profiel <small></small> </h1> <ol class="breadcrumb"> <li><a href="/">Home</a> </li> <li class="active">Profiel</li> </ol> </div> </div> <!-- /.row -->
$pw = Filter::text($_POST['pw']); $pw2 = Filter::text($_POST['pw2']); $email = Filter::email($_POST['email']); $name = Filter::text($_POST['name']); $month = Filter::text($_POST['month']); $year = Filter::text($_POST['year']); $sex = Filter::text($_POST['sex']); $location = Filter::text($_POST['location']); $biography = Filter::text($_POST['biography']); // make sure username is provided if ($uname == "") { $json = array('error' => 'You must provide a unique username to register.'); exit(json_encode($json)); } // make sure username doesn't exist $un = User::loadByUsername($uname); if ($un != null) { $json = array('error' => 'Sorry, that username is already taken. Please try another one.'); exit(json_encode($json)); } // username blacklist $blacklist = array("process", "------", "administrator", "create", "new", "admin", "edit", "delete", "invite", "tasks", "people", "basics", "activity"); foreach ($blacklist as $b) { if ($uname == $b) { $json = array('error' => 'Sorry, that username is not allowed.'); exit(json_encode($json)); } } // restrict username to a-zA-Z0-9- and at least 6 chars, max 20 // $pattern = "%^[a-zA-Z0-9-]{6,20}$%"; // if(!preg_match($pattern, $uname))
public function testLoadByNonexistentUsernameYieldsFalse() { $failureAffects = "Login will load nonexistent usernames"; $dbConfig = array(); $dbConfig['adapter'] = 'mysqli'; $dbConfig['host'] = 'mysql.dev.sendlove.us'; $dbConfig['dbname'] = 'LM_logintest'; $dbConfig['username'] = '******'; $dbConfig['password'] = '******'; $user = new User(new mysqli($dbConfig['host'], $dbConfig['username'], $dbConfig['password'], $dbConfig['dbname'])); $this->assertFalse($user->loadByUsername('*****@*****.**')); }