public function member__reset_password()
{
$site_root = Config::getSiteRoot();
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
$password_confirm = filter_input(INPUT_POST, 'password_confirmation', FILTER_SANITIZE_STRING);
$token = filter_input(INPUT_POST, 'token', FILTER_SANITIZE_STRING);
$hash = filter_input(INPUT_POST, 'hash', FILTER_SANITIZE_STRING);
$referrer = $_SERVER['HTTP_REFERER'];
// validate form token
if (!$this->tokens->validate($token)) {
$this->flash->set('reset_password_error', 'Invalid token.');
URL::redirect($referrer);
}
// bail if cache doesnt exist or if its too old.
// this should have been caught on the page itself,
// but if it got submitted somehow, just redirect and the error logic will be in the plugin.
if (!$this->cache->exists($hash) || $this->cache->getAge($hash) > $this->fetchConfig('reset_password_age_limit', 20, 'is_numeric') * 60) {
URL::redirect($referrer);
}
// password check
if (is_null($password) || $password == '') {
$this->flash->set('reset_password_error', 'Password cannot be blank.');
URL::redirect($referrer);
}
// password confirmation check
if (!is_null($password_confirm) && $password !== $password_confirm) {
$this->flash->set('reset_password_error', 'Passwords did not match.');
URL::redirect($referrer);
}
// get username
$cache = $this->cache->getYAML($hash);
$username = $cache['username'];
// change password
$member = Member::load($username);
$member->set('password', $password);
$member->save();
// delete used cache
$this->cache->delete($hash);
// redirect
URL::redirect(array_get($cache, 'return', $this->fetchConfig('member_home', $site_root, null, false, false)));
}
<?php
require_once 'includes/header.php';
require_once 'includes/form.php';
require_once 'includes/categories.php';
if (isset($_SESSION["MemberID"]) == false) {
header("Location:index.php");
}
$oMember = new Member();
$oMember->load($_SESSION["MemberID"]);
if ($oMember->MemberLevel != 2) {
header("Location:index.php");
}
$oForm = new Form();
if (isset($_POST["submit"])) {
$oForm->data = $_POST;
$oForm->checkRequired("CategoryName");
$oForm->checkRequired("CategoryDesc");
if ($oForm->valid == true) {
$oNewCategory = new Category();
$oNewCategory->CategoryName = $_POST["CategoryName"];
$oNewCategory->CategoryDesc = $_POST["CategoryDesc"];
$oNewCategory->save();
header("Location:viewCategories.php?CategoryID=6");
exit;
}
}
$oForm->makeTextInput("Category Name", "CategoryName");
$oForm->makeTextInput("Category Description", "CategoryDesc");
$oForm->makeSubmit("Post");
?>
/**
* Gets a list of registered users
*
* @param boolean $protected Are we displaying information in a protected area?
* @return array
*/
public static function getList($protected = true)
{
// start a place to put users
$users = array();
// grab a list of files that should be users
$list = glob(Config::getConfigPath() . '/users/*.yaml');
// did we find anything?
if ($list) {
// loop through what we found, grabbing Member data along the way
foreach ($list as $name) {
// get delimiters surrounding the username
$slash = strrpos($name, '/') + 1;
$dot = strrpos($name, '.');
// parse username
$username = substr($name, $slash, $dot - $slash);
// protected?
$users[$username] = $protected ? Member::load($username) : Member::getProfile($username);
}
}
// return whatever we found
return $users;
}
}
// check that username doesn't already exist
if (!isset($errors['username']) && $username !== $original_username && Member::exists($username)) {
$errors['username'] = Localization::fetch('username_already_exists');
}
// if no errors, make the member object, renaming if necessary
$member = null;
if (empty($errors)) {
if ($is_new) {
$member = new Member(array());
$member->set('username', $username);
} else {
try {
$member = Member::load($original_username);
$member->rename($username);
$member = Member::load($username);
} catch (Exception $e) {
$errors['username'] = $e->getMessage();
}
}
}
if ($errors) {
// something isn't valid, no saving needed
$admin_app->flash('error', Localization::fetch('error_form_submission'));
Session::setFlash('member_old_values', $submission);
Session::setFlash('member_errors', $errors);
$admin_app->redirect($admin_app->request()->getReferrer());
return;
}
// set variables
foreach ($submission as $key => $value) {
/**
* Gets the Member object for a given $username
*
* @param string $username Username to look up
* @return Member|null
*/
public static function getMember($username)
{
return Member::load($username);
}
<?php
require_once 'includes/header.php';
require_once 'includes/member.php';
require_once 'includes/view.php';
if (isset($_SESSION["MemberID"]) == false) {
//no one logged in
header("Location:index.php");
} else {
//photo
//all member details must go here
//can we also get post and topic details?
$oMember = new Member();
$iMemberID = $_SESSION["MemberID"];
$oMember->load($iMemberID);
//echo view::renderMember($oMember);
}
?>
<div class="profilePhoto">
<img src="images/placeHolder.png" alt="" class="profilePicture"/>
<a href="changePicture">Change Profile Picture</a>
</div>
<div>
<?php
echo view::renderMember($oMember);
?>
</div>
<div class="profileLinks">
<a href="viewCategories.php?CategoryID=6" class="profilePage">Browse Forums</a>
<a href="editDetails.php" class="profilePage">Edit Details</a>
</div>
/**
* Target for the member:profile_form form
*
* @return void
*/
public function member__update_profile()
{
$site_root = Config::getSiteRoot();
$referrer = Request::getReferrer();
$return = filter_input(INPUT_POST, 'return', FILTER_SANITIZE_URL);
// is user logged in?
if (!Auth::isLoggedIn()) {
URL::redirect($this->fetchConfig('login_url', $site_root, null, false, false));
}
// get current user
$member = Auth::getCurrentMember();
// get configurations
$allowed_fields = array_get($this->loadConfigFile('fields'), 'fields', array());
$role_definitions = $this->fetchConfig('role_definitions');
// who are we editing?
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$username = !$username ? $member->get('username') : $username;
// if the user isn't the current user, ensure that's allowed
if ($username !== $member->get('username')) {
// username is different from current user
if (!array_get($role_definitions, 'edit_other_users', null) || !$member->hasRole($role_definitions['edit_other_users'])) {
// this user does not have permission to do this
$this->flash->set('update_profile_error', 'You are not allowed to edit another member’s profile.');
URL::redirect($referrer);
} else {
// all set, update member
$member = Member::load($username);
}
}
// get old values
$old_values = $member->export();
// set up iterators and flags
$submission = array();
// loop through allowed fields, validating and updating
foreach ($allowed_fields as $field => $options) {
if (!isset($_POST[$field])) {
// was this username? that can be included separately
if ($field === 'username') {
$value = $username;
} else {
// field wasn't set, skip it
continue;
}
} else {
// set value
$value = filter_input(INPUT_POST, $field, FILTER_SANITIZE_STRING);
}
// set value
$old_values[$field] = $value;
// don't store this value if `save_value` is set to `false`
if (array_get($options, 'save_value', true)) {
$member->set($field, $value);
}
// add to submissions, including non-save_value fields because this
// is the list that will be validated
$submission[$field] = $value;
}
// validate
$errors = $this->tasks->validate($submission);
if (count($errors)) {
// errors were found, set a flash message and redirect
$this->flash->set('update_profile_error', 'Member profile not updated.');
$this->flash->set('update_profile_field_errors', $errors);
$this->flash->set('update_profile_old_values', $old_values);
URL::redirect($referrer);
} else {
// save member
$member->save();
// trigger a hook
$this->runHook('profile_update', 'call', null, $member);
// user saved
$this->flash->set('update_profile_success', 'Member profile updated.');
if ($return) {
URL::redirect($return);
} else {
URL::redirect($referrer);
}
}
}
<?php
require_once 'includes/header.php';
require_once 'includes/form.php';
require_once 'includes/member.php';
$iMemberID = $_SESSION["MemberID"];
$oExisitingMember = new Member();
$oExisitingMember->load($iMemberID);
$aExisitingData = [];
$aExisitingData["MemberName"] = $oExisitingMember->MemberName;
//photo should go in here too to edit photo.
$oForm = new Form();
$oForm->data = $aExisitingData;
if (isset($_POST["submit"])) {
$oForm->data = $_POST;
$oForm->checkRequired("MemberName");
//photo should go in here too to edit photo.
if ($oForm->valid) {
$oExisitingMember->MemberName = $_POST["MemberName"];
$oExisitingMember->save();
header("Location:profile.php");
}
}
$oForm->makeTextInput("Member Name", "MemberName");
$oForm->makeSubmit("Update Details");
?>
<div class="mainBackground">
<h3>Edit Details</h3>
<?php
echo $oForm->html;
