function post(&$vars)
{
extract($vars);
$a = trim($request->params['identity']['email_value']);
$i = $Identity->find_by('email_value', $a);
if (is_email($a) && $i) {
trigger_error('Sorry, the e-mail address already exists.', E_USER_ERROR);
}
$p = $Person->base();
$p->save();
if (empty($request->params['identity']['url'])) {
$request->params['identity']['url'] = $a;
}
$request->params['identity']['token'] = make_token($p->id);
$request->params['identity']['person_id'] = $p->id;
$resource->insert_from_post($request);
$i = $Identity->find($request->id);
$i->set_etag();
$installed = environment('installed');
if (is_array($installed)) {
foreach ($installed as $appname) {
$app = $Setting->base();
$app->set_value('profile_id', $i->id);
$app->set_value('person_id', $p->id);
$app->set_value('name', 'app');
$app->set_value('value', $appname);
$app->save_changes();
$app->set_etag();
}
}
header_status('201 Created');
redirect_to($request->resource);
}
$username = $_GET['username'];
$match = array();
if (preg_match("/(.*)@{$domain}/", $username, $match)) {
$username = $match[1];
}
$username = preg_replace('/[^a-z0-9]/', '', strtolower($username));
$year = $_GET['gradyear'];
$year = preg_replace("/[^0-9]/", '', $year);
$type = $_GET['type'];
if ($type == "other") {
$type = $_GET['other'];
}
if ($username == '' || get_item($dbh, 'username', 'accounts', 'username', $username)) {
$thispage->append(show_username_taken($username));
} else {
$token = make_token();
$data = array('username' => $username, 'year' => $year, 'type' => $type);
$storable = serialize($data);
$email = $username . '@' . $domain;
mysql_query("insert into tentative_accounts set session = '{$storable}', token = '{$token}', created = now()");
$message = "Click the following link to activate your Plan:\n" . "www.grinnellplans.com/register.php?token={$token}\n\n" . "The link will expire in 24 hours.";
if (send_mail($email, "Activate your new plan.", $message)) {
$message = new InfoText("An email has been sent to {$email} with a link to activate your Plan. You will probably receive it right away, but if you don't get it within a few hours, <a href=\"mailto:{$admin_email}\">Bug us</a>.", 'Email Sent');
} else {
$message = new AlertText("We were not able to send you an activation email, possibly because your email address is not accepting messages at this time. Please contact <a href=\"mailto:{$admin_email}\">{$admin_email}</a> for assistance.", 'Activation email could not be sent');
}
$thispage->append($message);
}
} else {
if ($_GET['token']) {
$session = get_item($dbh, 'session', 'tentative_accounts', 'token', $token);
public function account_post()
{
set_req_log('/member/account', $_SERVER['HTTP_CLIENT_TYPE'], json_encode($this->post()));
if ($this->post('memberKey')) {
$member_key = $this->post('memberKey');
$password = $this->post('password') ? $this->post('password') : $this->post('memberKey');
$name = $this->post('name') ? $this->post('name') : '';
$birthday = $this->post('birthday') ? $this->post('birthday') : '';
$gender = $this->post('gender') ? $this->post('gender') : '';
$profile_image_url = $this->post('profileImageUrl') ? $this->post('profileImageUrl') : '';
$db_result = $this->member_db_model->set_member_account($member_key, $password, $name, $birthday, $gender, $profile_image_url);
if ($db_result) {
if ($db_result[0]['result'] == '01') {
set_err_log('Duplication - memberKey');
echo json_encode(array('errorCode' => '01', 'errorMessage' => 'duplicate error'));
} else {
$xid = $db_result[0]['xid'];
set_xid_log($xid);
$access_token = make_token($xid);
set_res_log($access_token);
header('Access-Token: ' . $access_token);
}
} else {
http_response_code(500);
set_err_log('Login DB Error');
}
} else {
http_response_code(400);
if (!array_key_exists('memberKey', $this->post())) {
set_err_log('Parameter Empty - memberKey');
}
echo json_encode(array('errorCode' => '00', 'errorMessage' => 'parameter error'));
}
}
function login_success($redirect = True)
{
// http://" . $gw_address . ":" . $gw_port . "/wifidog/auth?token=" . $token
$token = make_token();
$url = 'http://' . $_SESSION['gw_address'] . ':' . $_SESSION['gw_port'] . '/wifidog/auth?token=' . $token;
if ($redirect) {
Flight::redirect($url);
} else {
return $url;
}
}
<?php
// get to the root directory
chdir(dirname(__FILE__));
chdir('..');
// bootstrap the framework schtuffz
require_once 'framework/boot/boot.php';
// session
session_start();
// make a token for database interactions
$_SESSION['token'] = make_token();
// load get vars
$param_controller = $_GET['controller'];
$param_action = $_GET['action'];
// load helpers todo: make this in the controller's context?
require_once 'app/helpers/application_helper.php';
require_once 'app/helpers/' . $param_controller . '_helper.php';
// instantiate the controller
$controller_string = Inflector::camelize($param_controller) . 'Controller';
$controller = new $controller_string($param_action);
// call the action
$controller->{$param_action}();
function post(&$vars)
{
extract($vars);
$g = $Group->base();
$fields = $Group->fields_from_request($request);
foreach ($fields['groups'] as $field => $type) {
$g->set_value($field, $request->params['group'][$field]);
}
$g->save_changes();
$g->set_etag(get_person_id());
$subscribers = explode("\n", $request->subscribers);
foreach ($subscribers as $addr) {
$p = false;
$i = false;
$a = trim($addr);
$i = $Identity->find_by('email_value', $a);
if (is_email($a) && $i) {
$p = $i->FirstChild('people');
} elseif (is_email($a)) {
$p = $Person->base();
$p->save();
$i = $Identity->base();
$i->set_value('url', $a);
$i->set_value('email_value', $a);
$i->set_value('given_name', '');
$i->set_value('label', 'profile 1');
$token = make_token($p->id);
$i->set_value('token', $token);
$i->set_value('person_id', $p->id);
$i->save_changes();
$i->set_etag($p->id);
do_invite_email($a, $token, $g);
}
if (is_email($a) && $p) {
$m = $Membership->base();
$m->set_value('group_id', $g->id);
$m->set_value('person_id', $p->id);
$m->save_changes();
}
}
header('Status: 201 Created');
redirect_to('groups');
}
function do_ajaxy_fileupload(&$request, &$route)
{
global $db;
if (!isset($_FILES['Filedata']['name'])) {
return;
}
if (!is_writable('cache')) {
exit;
}
$result = $db->get_result("DELETE FROM " . $db->prefix . "uploads WHERE name = '" . $db->escape_string(urldecode($_FILES['Filedata']['name'])) . "'");
$tmp = 'cache' . DIRECTORY_SEPARATOR . make_token();
$tmp .= "." . extension_for(type_of($_FILES['Filedata']['name']));
$Upload =& $db->model('Upload');
$u = $Upload->base();
$u->set_value('name', urldecode($_FILES['Filedata']['name']));
$u->set_value('tmp_name', $tmp);
$u->save_changes();
move_uploaded_file($_FILES['Filedata']['tmp_name'], $tmp);
echo "200 OK";
exit;
}
