Beispiel #1
0
/**
 * Show page for input password.
 */
function room_message_pswd()
{
    // Show input password page
    if ($_SERVER['REQUEST_METHOD'] != 'POST') {
        $context = array();
        $context['type'] = 2;
        $context['msg'] = '<h2>Password required</h2>
                            Please enter the password to get into the private room.';
        sr_response('views/room/message.php', $context);
        // Ajax password check
    } else {
        try {
            $db = sr_pdo();
            $result = array();
            $stmt = $db->prepare('SELECT * FROM room WHERE name = :name');
            $stmt->bindParam(':name', $_SESSION['room_name']);
            $stmt->setFetchMode(PDO::FETCH_CLASS, 'Room');
            $stmt->execute();
            $room = $stmt->fetch();
            if ($room->password == $_POST['input_password']) {
                $_SESSION['is_checked_password'] = $_SESSION['room_name'];
                $result['result'] = 1;
            } else {
                $result['result'] = 0;
            }
            echo json_encode($result);
        } catch (PDOException $e) {
        }
    }
}
Beispiel #2
0
 /**
  * Returns the number of records of the table associated with this model.
  *
  * @param filter    array of filter (ex. array( 'is_open' => '1', 'is_authorized' => '0' ) )
  * @return  the number of records 
  */
 public static function getRecordNum($filter)
 {
     $db = sr_pdo();
     $called_class = get_called_class();
     $table = $called_class::getTableName();
     $where = '';
     $index = 0;
     foreach ($filter as $field => $value) {
         if ($index++ == 0) {
             $where .= 'WHERE ';
         } else {
             $where .= ' AND ';
         }
         $where .= $field . '=' . $value;
     }
     $stmt = $db->prepare("SELECT COUNT(*) FROM {$table} {$where}");
     $stmt->execute();
     $number_of_records = $stmt->fetch();
     return $number_of_records['COUNT(*)'];
 }
Beispiel #3
0
function main_profile()
{
    if (!sr_is_signed_in()) {
        sr_response_error(400);
    }
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        if ($_POST['which'] == 'basic') {
            global $sr_regex_name;
            global $sr_regex_email;
            $user = new User();
            $context = array();
            if (!preg_match($sr_regex_email, $_POST['profile_email'])) {
                $context['result'] = 2;
                $context['msg'] = 'Please enter a valid email address';
            } else {
                if (!preg_match($sr_regex_name, $_POST['first_name'])) {
                    $context['result'] = 3;
                    $context['msg'] = 'Name should consist of only alphabets (uppercase or lowercase).';
                } else {
                    if (!preg_match($sr_regex_name, $_POST['last_name'])) {
                        $context['result'] = 4;
                        $context['msg'] = 'Name should consist of only alphabets (uppercase or lowercase).';
                    } else {
                        try {
                            $db = sr_pdo();
                            $user = $user->get($db, sr_user_id());
                            $user->first_name = ucfirst($_POST['first_name']);
                            $user->last_name = ucfirst($_POST['last_name']);
                            $user->email = strtolower($_POST['profile_email']);
                            $user->save($db);
                            $context['result'] = 1;
                            $context['msg'] = 'Successfully updated';
                            sr_set_user_first_name($user->first_name);
                            sr_set_user_last_name($user->last_name);
                            sr_set_user_name($user->first_name . ' ' . $user->last_name);
                            sr_set_user_email($user->email);
                        } catch (PDOException $e) {
                            $context['result'] = 99;
                            $context['msg'] = 'Failed to save. Please try it again.';
                        }
                    }
                }
            }
            $context['which'] = 'basic';
            $context['first_name'] = sr_user_first_name();
            $context['last_name'] = sr_user_last_name();
            $context['email'] = sr_user_email();
            $context['is_authorized'] = sr_is_authorized();
            $context['is_admin'] = sr_is_admin();
            sr_response('views/main/profile.php', $context);
        } else {
            if ($_POST['which'] == 'password') {
                global $sr_regex_password;
                $user = new User();
                $context = array();
                if (!preg_match($sr_regex_password, $_POST['old_password'])) {
                    $context['result'] = 5;
                    $context['msg'] = 'Please enter a valid password.<br />Password should be alphanumeric.';
                } else {
                    if (!preg_match($sr_regex_password, $_POST['new_password'])) {
                        $context['result'] = 6;
                        $context['msg'] = 'Please enter a valid password.<br />Password should be alphanumeric.';
                    } else {
                        if ($_POST['new_password'] != $_POST['repeat_password']) {
                            $context['result'] = 7;
                            $context['msg'] = 'Please repeat your password.';
                        } else {
                            try {
                                $db = sr_pdo();
                                $user = $user->get($db, sr_user_id());
                                if ($user->password != md5($_POST['old_password'])) {
                                    $context['result'] = 8;
                                    $context['msg'] = 'Please check your old password.';
                                } else {
                                    $user->password = md5($_POST['new_password']);
                                    $user->save($db);
                                    $context['result'] = 1;
                                    $context['msg'] = 'Successfully updated';
                                }
                            } catch (PDOException $e) {
                                $context['result'] = 99;
                                $context['msg'] = 'Failed to save. Please try it again.';
                            }
                        }
                    }
                }
                $context['which'] = 'password';
                $context['first_name'] = sr_user_first_name();
                $context['last_name'] = sr_user_last_name();
                $context['email'] = sr_user_email();
                $context['is_authorized'] = sr_is_authorized();
                $context['is_admin'] = sr_is_admin();
                sr_response('views/main/profile.php', $context);
            } else {
                $user = new User();
                $result = array();
                try {
                    $db = sr_pdo();
                    $user = $user->get($db, sr_user_id());
                    $user->delete($db);
                    sr_signout();
                    echo json_encode($result);
                } catch (PDOException $e) {
                }
            }
        }
    } else {
        // Show profile view
        $context = array('which' => 'basic', 'first_name' => sr_user_first_name(), 'last_name' => sr_user_last_name(), 'email' => sr_user_email(), 'is_authorized' => sr_is_authorized(), 'is_admin' => sr_is_admin());
        sr_response('views/main/profile.php', $context);
    }
}
Beispiel #4
0
function admin_users()
{
    // Show Users Page
    if ($_SERVER['REQUEST_METHOD'] != 'POST') {
        if (!sr_is_signed_in()) {
            sr_redirect('/d/main/signin/');
        }
        if (!sr_is_admin()) {
            sr_redirect('/d/');
        }
        $db = sr_pdo();
        $stmt = $db->prepare('SELECT * FROM user LIMIT 10');
        $stmt->execute();
        $user_list = $stmt->fetchAll(PDO::FETCH_CLASS, 'User');
        $context = array('user_list' => $user_list);
        sr_response('views/admin/users.php', $context);
        // Handling Ajax Request
    } else {
        // Pagination or Filtering
        if ($_POST['type'] == 'pagination') {
            try {
                $db = sr_pdo();
                $json = $_POST['filter'];
                $json = stripslashes($json);
                $filter = json_decode($json);
                $where = '';
                $index = 0;
                foreach ($filter as $field => $value) {
                    if ($index++ == 0) {
                        $where .= 'WHERE ';
                    } else {
                        $where .= ' AND ';
                    }
                    $where .= $field . '=' . $value;
                }
                $total_record_number = User::getRecordNum($filter);
                if ($_POST['page_number'] == -1) {
                    $beginRecordNum = (int) ($total_record_number / 10) * 10;
                } else {
                    $beginRecordNum = ($_POST['page_number'] - 1) * 10;
                }
                $stmt = $db->prepare("SELECT * FROM user {$where} LIMIT {$beginRecordNum}, 10");
                $stmt->execute();
                $user_list = $stmt->fetchAll(PDO::FETCH_CLASS, 'User');
                $result = array('user_list' => $user_list, 'total_record_number' => $total_record_number);
                echo json_encode($result);
            } catch (PDOException $e) {
            }
            // Update Authorized or Admin Authority
        } else {
            try {
                $db = sr_pdo();
                $stmt = $db->prepare('SELECT * FROM user WHERE id = :id');
                $stmt->bindParam(':id', $_POST['id']);
                $stmt->setFetchMode(PDO::FETCH_CLASS, 'User');
                $stmt->execute();
                $user = $stmt->fetch();
                if ($_POST['type'] == 'authorized') {
                    if ($_POST['checked'] == 'checked') {
                        $user->is_authorized = 1;
                    } else {
                        $user->is_authorized = 0;
                    }
                } else {
                    if ($_POST['checked'] == 'checked') {
                        $user->is_admin = 1;
                    } else {
                        $user->is_admin = 0;
                    }
                }
                $result = $user->save($db);
                if (sr_user_id() == $user->id) {
                    sr_set_admin($user->is_admin);
                    sr_set_authorized($user->is_authorized);
                }
            } catch (PDOException $e) {
            }
        }
    }
}
Beispiel #5
0
function channel_destroyed_log($room)
{
    $db = sr_pdo();
    $r_log = new RoomLog();
    $r_log->room_id = $room->id;
    $r_log->name = $room->name;
    $r_log->title = $room->title;
    $r_log->description = $room->description;
    $r_log->is_open = $room->is_open;
    $r_log->start_time = $room->start_time;
    $r_log->end_time = $r_log->getCurrentTime();
    try {
        $r_log->add($db);
    } catch (PDOException $e) {
        // failed to write the log
        echo $e;
    }
}