public function testAdd() {
$profiler = Profiler::getInstance();
$profiler->add(0.02503434, 'My 1st action');
$profiler->add(0.02303434, 'My 2nd action');
$profiler->add(0.12003434, 'My 3rd action');
$profiler->add(0.62003434, 'My 4th action', true, 10);
$profiler->add(0.40003434, 'My 5th action', true);
$actions = $profiler->getProfile();
$this->assertEqual($actions[0]['time'], '0.620');
$this->assertEqual($actions[0]['action'], 'My 4th action');
$this->assertEqual($actions[0]['num_rows'], 10);
$this->assertEqual($profiler->total_queries, 2);
}
public function authControl()
{
$webapp = Webapp::getInstance();
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
$this->addToView('owner', $owner);
/* Begin plugin-specific configuration handling */
if (isset($_GET['p'])) {
// add config js to header
$this->addHeaderJavaScript('assets/js/plugin_options.js');
$active_plugin = $_GET['p'];
$pobj = $webapp->getPluginObject($active_plugin);
$p = new $pobj();
$this->addToView('body', $p->renderConfiguration($owner));
$profiler = Profiler::getInstance();
$profiler->clearLog();
} else {
$pld = DAOFactory::getDAO('PluginDAO');
$config = Config::getInstance();
$installed_plugins = $pld->getInstalledPlugins($config->getValue("source_root_path"));
$this->addToView('installed_plugins', $installed_plugins);
}
/* End plugin-specific configuration handling */
if (isset($_POST['changepass']) && $_POST['changepass'] == 'Change password' && isset($_POST['oldpass']) && isset($_POST['pass1']) && isset($_POST['pass2'])) {
$origpass = $owner_dao->getPass($this->getLoggedInUser());
if (!$this->app_session->pwdCheck($_POST['oldpass'], $origpass)) {
$this->addErrorMessage("Old password does not match or empty.");
} elseif ($_POST['pass1'] != $_POST['pass2']) {
$this->addErrorMessage("New passwords did not match. Your password has not been changed.");
} elseif (strlen($_POST['pass1']) < 5) {
$this->addErrorMessage("New password must be at least 5 characters. " . "Your password has not been changed.");
} else {
$cryptpass = $this->app_session->pwdcrypt($_POST['pass1']);
$owner_dao->updatePassword($this->getLoggedInUser(), $cryptpass);
$this->addSuccessMessage("Your password has been updated.");
}
}
if ($owner->is_admin) {
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$owners = $owner_dao->getAllOwners();
foreach ($owners as $o) {
$instances = $instance_dao->getByOwner($o, true);
$o->setInstances($instances);
}
$this->addToView('owners', $owners);
}
return $this->generateView();
}
/**
* @param string $channel
*
* @return mixed|void
*/
public function send($channel = '')
{
$profiler = Profiler::getInstance();
$messages = $profiler->getMilestones();
$started = $profiler->getTimeStart();
if (count($messages) > 0) {
// @TODO more options: db, log, email? extend!
switch ($channel) {
case 'dump':
print $this->format($messages, $started);
break;
case 'hidden':
print '<!--' . $this->format($messages, $started) . '-->';
break;
case 'none':
// fall through to default
// fall through to default
default:
// do nothing
break;
}
}
}
/**
* Generates plugin page options markup - Calls parent::generateView()
*
* @return str view markup
*/
protected function generateView()
{
// if we have some p[lugin option elements defined
// render them and add to the parent view...
if (count($this->option_elements) > 0) {
$this->setValues();
$view_mgr = new ViewManager();
$view_mgr->disableCaching();
// assign data
$view_mgr->assign('option_elements', $this->option_elements);
$view_mgr->assign('option_elements_json', json_encode($this->option_elements));
$view_mgr->assign('option_headers', $this->option_headers);
$view_mgr->assign('option_not_required', $this->option_not_required);
$view_mgr->assign('option_not_required_json', json_encode($this->option_not_required));
$view_mgr->assign('option_required_message', $this->option_required_message);
$view_mgr->assign('option_required_message_json', json_encode($this->option_required_message));
$view_mgr->assign('option_select_multiple', $this->option_select_multiple);
$view_mgr->assign('option_select_visible', $this->option_select_visible);
$view_mgr->assign('plugin_id', $this->plugin_id);
$view_mgr->assign('user_is_admin', $this->isAdmin());
$options_markup = '';
if ($this->profiler_enabled) {
$view_start_time = microtime(true);
$options_markup = $view_mgr->fetch(self::OPTIONS_TEMPLATE);
$view_end_time = microtime(true);
$total_time = $view_end_time - $view_start_time;
$profiler = Profiler::getInstance();
$profiler->add($total_time, "Rendered view (not cached)", false);
} else {
$options_markup = $view_mgr->fetch(self::OPTIONS_TEMPLATE);
}
$this->addToView('options_markup', $options_markup);
}
return parent::generateView();
}
public function authControl()
{
$this->disableCaching();
$webapp = Webapp::getInstance();
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$invite_dao = DAOFactory::getDAO('InviteDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
$this->addToView('owner', $owner);
$this->addToView('logo_link', '');
$this->view_mgr->addHelp('api', 'userguide/api/posts/index');
$this->view_mgr->addHelp('application_settings', 'userguide/settings/application');
$this->view_mgr->addHelp('users', 'userguide/settings/allaccounts');
$this->view_mgr->addHelp('backup', 'install/backup');
//process password change
if (isset($_POST['changepass']) && $_POST['changepass'] == 'Change password' && isset($_POST['oldpass']) && isset($_POST['pass1']) && isset($_POST['pass2'])) {
$origpass = $owner_dao->getPass($this->getLoggedInUser());
if (!$this->app_session->pwdCheck($_POST['oldpass'], $origpass)) {
$this->addErrorMessage("Old password does not match or empty.", 'password');
} elseif ($_POST['pass1'] != $_POST['pass2']) {
$this->addErrorMessage("New passwords did not match. Your password has not been changed.", 'password');
} elseif (strlen($_POST['pass1']) < 5) {
$this->addErrorMessage("New password must be at least 5 characters. " . "Your password has not been changed.", 'password');
} else {
// verify CSRF token
$this->validateCSRFToken();
$cryptpass = $this->app_session->pwdcrypt($_POST['pass1']);
$owner_dao->updatePassword($this->getLoggedInUser(), $cryptpass);
$this->addSuccessMessage("Your password has been updated.", 'password');
}
}
// process invite
if (isset($_POST['invite']) && $_POST['invite'] == 'Create Invitation') {
// verify CSRF token
$this->validateCSRFToken();
$invite_code = substr(md5(uniqid(rand(), true)), 0, 10);
$invite_added = $invite_dao->addInviteCode($invite_code);
if ($invite_added == 1) {
//invite generated and inserted
$server = $_SERVER['HTTP_HOST'];
$invite_link = 'http' . (isset($_SERVER['HTTPS']) ? 's' : '') . '://' . $server . THINKUP_BASE_URL . 'session/register.php?code=' . $invite_code;
$this->addSuccessMessage("Invitation created!<br />Copy this link and send it to someone you want to " . 'invite to register on your ThinkUp installation.<br /><a href="' . $invite_link . '">' . $invite_link . '</a><br /> Good for one new registration. Expires in 7 days.', 'invite');
} else {
$this->addErrorMessage("There was an error creating a new invite. Please try again.", 'invite');
}
}
//process service user deletion
if (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['instance_id']) && is_numeric($_POST['instance_id'])) {
$owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO');
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$instance = $instance_dao->get($_POST['instance_id']);
if (isset($instance)) {
// verify CSRF token
$this->validateCSRFToken();
if ($this->isAdmin()) {
//delete all owner_instances
$owner_instance_dao->deleteByInstance($instance->id);
//delete instance
$instance_dao->delete($instance->network_username, $instance->network);
$this->addSuccessMessage('Account deleted.', 'account');
} else {
if ($owner_instance_dao->doesOwnerHaveAccess($owner, $instance)) {
//delete owner instance
$total_deletions = $owner_instance_dao->delete($owner->id, $instance->id);
if ($total_deletions > 0) {
//delete instance if no other owners have it
$remaining_owner_instances = $owner_instance_dao->getByInstance($instance->id);
if (sizeof($remaining_owner_instances) == 0) {
$instance_dao->delete($instance->network_username, $instance->network);
}
$this->addSuccessMessage('Account deleted.', 'account');
}
} else {
$this->addErrorMessage('Insufficient privileges.', 'account');
}
}
} else {
$this->addErrorMessage('Instance doesn\'t exist.', 'account');
}
}
$this->view_mgr->clear_all_cache();
/* Begin plugin-specific configuration handling */
if (isset($_GET['p'])) {
// add config js to header
if ($this->isAdmin()) {
$this->addHeaderJavaScript('assets/js/plugin_options.js');
}
$active_plugin = $_GET['p'];
$pobj = $webapp->getPluginObject($active_plugin);
$p = new $pobj();
$this->addToView('body', $p->renderConfiguration($owner));
$profiler = Profiler::getInstance();
$profiler->clearLog();
} else {
$pld = DAOFactory::getDAO('PluginDAO');
$config = Config::getInstance();
$installed_plugins = $pld->getInstalledPlugins($config->getValue("source_root_path"));
$this->addToView('installed_plugins', $installed_plugins);
}
/* End plugin-specific configuration handling */
if ($owner->is_admin) {
if (!isset($instance_dao)) {
$instance_dao = DAOFactory::getDAO('InstanceDAO');
}
$owners = $owner_dao->getAllOwners();
foreach ($owners as $o) {
$instances = $instance_dao->getByOwner($o, true);
$o->setInstances($instances);
}
$this->addToView('owners', $owners);
$this->addToView('public_instances', $instance_dao->getPublicInstances());
}
return $this->generateView();
}
/**
* Executes the query, with the bound values
* @param str $sql
* @param array $binds
* @return PDOStatement
*/
protected final function execute($sql, $binds = array())
{
if ($this->profiler_enabled) {
$start_time = microtime(true);
}
$sql = preg_replace("/#prefix#/", self::$prefix, $sql);
$sql = preg_replace("/#gmt_offset#/", self::$gmt_offset, $sql);
$stmt = self::$PDO->prepare($sql);
if (is_array($binds) and count($binds) >= 1) {
foreach ($binds as $key => $value) {
if (is_int($value)) {
$stmt->bindValue($key, $value, PDO::PARAM_INT);
} else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
try {
$stmt->execute();
} catch (PDOException $e) {
$config = Config::getInstance();
$exception_details = 'Database error! ';
if ($config->getValue('debug')) {
$exception_details .= '<br>ThinkUp could not execute the following query:<br> ' . str_replace(chr(10), "", $stmt->queryString) . ' <br>PDOException: ' . $e->getMessage();
} else {
$exception_details .= '<br>To see the technical details of what went wrong, set debug = true in ThinkUp\'s config file.';
}
throw new PDOException($exception_details);
}
if ($this->profiler_enabled) {
$end_time = microtime(true);
$total_time = $end_time - $start_time;
$profiler = Profiler::getInstance();
$sql_with_params = Utils::mergeSQLVars($stmt->queryString, $binds);
$profiler->add($total_time, $sql_with_params, true, $stmt->rowCount());
}
return $stmt;
}
public function authControl()
{
$this->disableCaching();
//passsswd reset validation
$this->addHeaderCSS('assets/css/validate_password.css');
$this->addHeaderJavaScript('assets/js/jquery.validate.min.js');
$this->addHeaderJavaScript('assets/js/jquery.validate.password.js');
$this->addHeaderJavaScript('assets/js/validate_password.js');
$webapp = Webapp::getInstance();
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$invite_dao = DAOFactory::getDAO('InviteDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
$this->addToView('owner', $owner);
$this->addToView('logo_link', '');
$this->view_mgr->addHelp('api', 'userguide/api/posts/index');
$this->view_mgr->addHelp('application_settings', 'userguide/settings/application');
$this->view_mgr->addHelp('users', 'userguide/settings/allaccounts');
$this->view_mgr->addHelp('backup', 'install/backup');
$this->view_mgr->addHelp('account', 'userguide/settings/account');
//process password change
if (isset($_POST['changepass']) && $_POST['changepass'] == 'Change password' && isset($_POST['oldpass']) && isset($_POST['pass1']) && isset($_POST['pass2'])) {
// Check their old password is correct
if (!$owner_dao->isOwnerAuthorized($this->getLoggedInUser(), $_POST['oldpass'])) {
$this->addErrorMessage("Old password does not match or empty.", 'password');
} elseif ($_POST['pass1'] != $_POST['pass2']) {
$this->addErrorMessage("New passwords did not match. Your password has not been changed.", 'password');
} elseif (!preg_match("/(?=.{8,})(?=.*[a-zA-Z])(?=.*[0-9])/", $_POST['pass1'])) {
$this->addErrorMessage("Your new password must be at least 8 characters and contain both numbers " . "and letters. Your password has not been changed.", 'password');
} else {
// verify CSRF token
$this->validateCSRFToken();
// Try to update the password
if ($owner_dao->updatePassword($this->getLoggedInUser(), $_POST['pass1']) < 1) {
$this->addErrorMessage("Your password has NOT been updated.", 'password');
} else {
$this->addSuccessMessage("Your password has been updated.", 'password');
}
}
}
//reset api_key
if (isset($_POST['reset_api_key']) && $_POST['reset_api_key'] == 'Reset API Key') {
$this->validateCSRFToken();
$api_key = $owner_dao->resetAPIKey($owner->id);
if (!$api_key) {
throw new Exception("Unbale to update user's api_key, something bad must have happened");
}
$this->addSuccessMessage("Your API Key has been reset! Please update your ThinkUp RSS feed subscription.", 'api_key');
$owner->api_key = $api_key;
}
// process invite
if (isset($_POST['invite']) && $_POST['invite'] == 'Create Invitation') {
// verify CSRF token
$this->validateCSRFToken();
$invite_code = substr(md5(uniqid(rand(), true)), 0, 10);
$invite_added = $invite_dao->addInviteCode($invite_code);
if ($invite_added == 1) {
//invite generated and inserted
$server = $_SERVER['HTTP_HOST'];
$invite_link = Utils::getApplicationURL() . 'session/register.php?code=' . $invite_code;
$this->addSuccessMessage("Invitation created!<br />Copy this link and send it to someone you want to " . 'invite to register on your ThinkUp installation.<br /><a href="' . $invite_link . '" id="clippy_12345">' . $invite_link . '</a>
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
width="100"
height="14"
class="clippy"
id="clippy" >
<param name="movie" value="' . Utils::getApplicationURL() . 'assets/flash/clippy.swf"/>
<param name="allowScriptAccess" value="always" />
<param name="quality" value="high" />
<param name="scale" value="noscale" />
<param NAME="FlashVars" value="id=clippy_12345&copied=copied!&copyto=copy to clipboard">
<param name="bgcolor" value="#D5F0FC">
<param name="wmode" value="opaque">
<embed src="' . Utils::getApplicationURL() . 'assets/flash/clippy.swf"
width="100"
height="14"
name="clippy"
quality="high"
allowScriptAccess="always"
type="application/x-shockwave-flash"
pluginspage="http://www.macromedia.com/go/getflashplayer"
FlashVars="id=clippy_12345&copied=copied!&copyto=copy to clipboard"
bgcolor="#D5F0FC"
wmode="opaque"/></object>
<br /> Good for one new registration. Expires in 7 days.', 'invite', true);
} else {
$this->addErrorMessage("There was an error creating a new invite. Please try again.", 'invite');
}
}
//process service user deletion
if (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['instance_id']) && is_numeric($_POST['instance_id'])) {
$owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO');
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$instance = $instance_dao->get($_POST['instance_id']);
if (isset($instance)) {
// verify CSRF token
$this->validateCSRFToken();
if ($this->isAdmin()) {
//delete all owner_instances
$owner_instance_dao->deleteByInstance($instance->id);
//delete instance
$instance_dao->delete($instance->network_username, $instance->network);
$this->addSuccessMessage('Account deleted.', 'account');
} else {
if ($owner_instance_dao->doesOwnerHaveAccessToInstance($owner, $instance)) {
//delete owner instance
$total_deletions = $owner_instance_dao->delete($owner->id, $instance->id);
if ($total_deletions > 0) {
//delete instance if no other owners have it
$remaining_owner_instances = $owner_instance_dao->getByInstance($instance->id);
if (sizeof($remaining_owner_instances) == 0) {
$instance_dao->delete($instance->network_username, $instance->network);
}
$this->addSuccessMessage('Account deleted.', 'account');
}
} else {
$this->addErrorMessage('Insufficient privileges.', 'account');
}
}
} else {
$this->addErrorMessage('Instance doesn\'t exist.', 'account');
}
}
$this->view_mgr->clear_all_cache();
/* Begin plugin-specific configuration handling */
if (isset($_GET['p'])) {
// add config js to header
if ($this->isAdmin()) {
$this->addHeaderJavaScript('assets/js/plugin_options.js');
}
$active_plugin = $_GET['p'];
$pobj = $webapp->getPluginObject($active_plugin);
$p = new $pobj();
$this->addToView('body', $p->renderConfiguration($owner));
$profiler = Profiler::getInstance();
$profiler->clearLog();
} else {
$plugin_dao = DAOFactory::getDAO('PluginDAO');
$config = Config::getInstance();
$installed_plugins = $plugin_dao->getInstalledPlugins();
$this->addToView('installed_plugins', $installed_plugins);
}
/* End plugin-specific configuration handling */
if ($owner->is_admin) {
if (!isset($instance_dao)) {
$instance_dao = DAOFactory::getDAO('InstanceDAO');
}
$owners = $owner_dao->getAllOwners();
foreach ($owners as $o) {
$instances = $instance_dao->getByOwner($o, true);
$o->setInstances($instances);
}
$this->addToView('owners', $owners);
$this->addToView('public_instances', $instance_dao->getPublicInstances());
}
$whichphp = @exec('which php');
$php_path = !empty($whichphp) ? $whichphp : 'php';
$email = $this->getLoggedInUser();
//rss_crawl_url
$rss_crawl_url = Utils::getApplicationURL() . sprintf('crawler/rss.php?un=%s&as=%s', urlencode($email), $owner->api_key);
$this->addToView('rss_crawl_url', $rss_crawl_url);
//cli_crawl_command
$cli_crawl_command = 'cd ' . THINKUP_WEBAPP_PATH . 'crawler/;export THINKUP_PASSWORD=yourpassword; ' . $php_path . ' crawl.php ' . $email;
$this->addToView('cli_crawl_command', $cli_crawl_command);
//help link
$this->view_mgr->addHelp('rss', 'userguide/datacapture');
return $this->generateView();
}
/**
* Invoke the controller
*
* Always use this method, not control(), to invoke the controller.
* @TODO show get 500 error template on Exception
* (if debugging is true, pass the exception details to the 500 template)
*/
public function go()
{
try {
$this->initalizeApp();
// are we in need of a database migration?
$classname = get_class($this);
if ($classname != 'InstallerController' && $classname != 'BackupController' && UpgradeDatabaseController::isUpgrading($this->isAdmin(), $classname)) {
$this->setViewTemplate('install.upgradeneeded.tpl');
$this->disableCaching();
$option_dao = DAOFactory::getDAO('OptionDAO');
$option_dao->clearSessionData(OptionDAO::APP_OPTIONS);
return $this->generateView();
} else {
$results = $this->control();
if ($this->profiler_enabled && !isset($this->json_data) && strpos($this->content_type, 'text/javascript') === false && strpos($this->content_type, 'text/csv') === false) {
$end_time = microtime(true);
$total_time = $end_time - $this->start_time;
$profiler = Profiler::getInstance();
$this->disableCaching();
$profiler->add($total_time, "total page execution time, running " . $profiler->total_queries . " queries.");
$this->setViewTemplate('_profiler.tpl');
$this->addToView('profile_items', $profiler->getProfile());
return $results . $this->generateView();
} else {
return $results;
}
}
} catch (ControllerAuthException $e) {
Utils::setDefaultTimezonePHPini();
$this->setErrorTemplateState();
$this->addToView('error_type', get_class($e));
$config = Config::getInstance();
$message = 'You must <a href="' . $config->getValue('site_root_path') . 'session/login.php">log in</a> to do this.';
$this->addErrorMessage($message, null, true);
return $this->generateView();
} catch (ConfigurationException $e) {
$this->setErrorTemplateState();
$this->addToView('error_type', get_class($e));
$message = 'ThinkUp\'s configuration file does not exist! Try <a href="' . Utils::getSiteRootPathFromFileSystem() . 'install/">installing ThinkUp.</a>';
$this->addErrorMessage($message, null, true);
return $this->generateView();
} catch (Exception $e) {
Utils::setDefaultTimezonePHPini();
$this->setErrorTemplateState();
$this->addToView('error_type', get_class($e));
$disable_xss = false;
// if we are an installer exception, don't filter XSS, we have markup, and we trust this content
if (get_class($e) == 'InstallerException') {
$disable_xss = true;
}
$this->addErrorMessage($e->getMessage(), null, $disable_xss);
return $this->generateView();
}
}
public function authControl()
{
$webapp = Webapp::getInstance();
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
$this->addToView('owner', $owner);
//proces password change
if (isset($_POST['changepass']) && $_POST['changepass'] == 'Change password' && isset($_POST['oldpass']) && isset($_POST['pass1']) && isset($_POST['pass2'])) {
$origpass = $owner_dao->getPass($this->getLoggedInUser());
if (!$this->app_session->pwdCheck($_POST['oldpass'], $origpass)) {
$this->addErrorMessage("Old password does not match or empty.");
} elseif ($_POST['pass1'] != $_POST['pass2']) {
$this->addErrorMessage("New passwords did not match. Your password has not been changed.");
} elseif (strlen($_POST['pass1']) < 5) {
$this->addErrorMessage("New password must be at least 5 characters. " . "Your password has not been changed.");
} else {
$cryptpass = $this->app_session->pwdcrypt($_POST['pass1']);
$owner_dao->updatePassword($this->getLoggedInUser(), $cryptpass);
$this->addSuccessMessage("Your password has been updated.");
}
}
//process account deletion
if (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['instance_id']) && is_numeric($_POST['instance_id'])) {
$owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO');
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$instance = $instance_dao->get($_POST['instance_id']);
if (isset($instance)) {
if ($this->isAdmin()) {
//delete all owner_instances
$owner_instance_dao->deleteByInstance($instance->id);
//delete instance
$instance_dao->delete($instance->network_username, $instance->network);
$this->addSuccessMessage('Account deleted.');
} else {
if ($owner_instance_dao->doesOwnerHaveAccess($owner, $instance)) {
//delete owner instance
$total_deletions = $owner_instance_dao->delete($owner->id, $instance->id);
if ($total_deletions > 0) {
//delete instance if no other owners have it
$remaining_owner_instances = $owner_instance_dao->getByInstance($instance->id);
if (sizeof($remaining_owner_instances) == 0) {
$instance_dao->delete($instance->network_username, $instance->network);
}
$this->addSuccessMessage('Account deleted.');
}
} else {
$this->addErrorMessage('Insufficient privileges.');
}
}
} else {
$this->addErrorMessage('Instance doesn\'t exist.');
}
}
$this->view_mgr->clear_all_cache();
/* Begin plugin-specific configuration handling */
if (isset($_GET['p'])) {
// add config js to header
if ($this->isAdmin()) {
$this->addHeaderJavaScript('assets/js/plugin_options.js');
}
$active_plugin = $_GET['p'];
$pobj = $webapp->getPluginObject($active_plugin);
$p = new $pobj();
$this->addToView('body', $p->renderConfiguration($owner));
$profiler = Profiler::getInstance();
$profiler->clearLog();
} else {
$pld = DAOFactory::getDAO('PluginDAO');
$config = Config::getInstance();
$installed_plugins = $pld->getInstalledPlugins($config->getValue("source_root_path"));
$this->addToView('installed_plugins', $installed_plugins);
}
/* End plugin-specific configuration handling */
if ($owner->is_admin) {
if (!isset($instance_dao)) {
$instance_dao = DAOFactory::getDAO('InstanceDAO');
}
$owners = $owner_dao->getAllOwners();
foreach ($owners as $o) {
$instances = $instance_dao->getByOwner($o, true);
$o->setInstances($instances);
}
$this->addToView('owners', $owners);
}
return $this->generateView();
}
/**
* Invoke the controller
*
* Always use this method, not control(), to invoke the controller.
* @TODO show get 500 error template on Exception
* (if debugging is true, pass the exception details to the 500 template)
*/
public function go()
{
try {
$this->initalizeApp();
$results = $this->control();
if ($this->profiler_enabled && !isset($this->json_data) && strpos($this->content_type, 'text/javascript') === false) {
$end_time = microtime(true);
$total_time = $end_time - $this->start_time;
$profiler = Profiler::getInstance();
$this->disableCaching();
$profiler->add($total_time, "total page execution time, running " . $profiler->total_queries . " queries.");
$this->setViewTemplate('_profiler.tpl');
$this->addToView('profile_items', $profiler->getProfile());
return $results . $this->generateView();
} else {
return $results;
}
} catch (Exception $e) {
//Explicitly set TZ (before we have user's choice) to avoid date() warning about using system settings
date_default_timezone_set('America/Los_Angeles');
$content_type = $this->content_type;
if (strpos($content_type, ';') !== FALSE) {
$content_type = array_shift(explode(';', $content_type));
}
switch ($content_type) {
case 'application/json':
$this->setViewTemplate('500.json.tpl');
break;
case 'text/plain':
$this->setViewTemplate('500.txt.tpl');
break;
default:
$this->setViewTemplate('500.tpl');
}
$this->addToView('error_type', get_class($e));
$this->addErrorMessage($e->getMessage());
return $this->generateView();
}
}
public function authControl()
{
$this->disableCaching();
$this->addHeaderJavaScript('assets/js/jqBootstrapValidation.js');
$this->addHeaderJavaScript('assets/js/validate-fields.js');
$this->addHeaderJavaScript('assets/js/jstz-1.0.4.min.js');
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$invite_dao = DAOFactory::getDAO('InviteDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
$this->addToView('owner', $owner);
$this->addToView('notification_options', $this->notification_frequencies);
$this->addToView('tz_list', Installer::getTimeZoneList());
$this->view_mgr->addHelp('api', 'userguide/api/posts/index');
$this->view_mgr->addHelp('application_settings', 'userguide/settings/application');
$this->view_mgr->addHelp('users', 'userguide/settings/allaccounts');
$this->view_mgr->addHelp('backup', 'install/backup');
$this->view_mgr->addHelp('account', 'userguide/settings/account');
//process password change
if (isset($_POST['changepass']) && $_POST['changepass'] == 'Change password' && isset($_POST['oldpass']) && isset($_POST['pass1']) && isset($_POST['pass2'])) {
// Check their old password is correct
if (!$owner_dao->isOwnerAuthorized($this->getLoggedInUser(), $_POST['oldpass'])) {
$this->addErrorMessage("Password is incorrect.", 'password');
} elseif ($_POST['pass1'] != $_POST['pass2']) {
$this->addErrorMessage("New passwords did not match. Your password has not been changed.", 'password');
} elseif (!preg_match("/(?=.{8,})(?=.*[a-zA-Z])(?=.*[0-9])/", $_POST['pass1'])) {
$this->addErrorMessage("Your new password must be at least 8 characters and contain both numbers " . "and letters. Your password has not been changed.", 'password');
} else {
// verify CSRF token
$this->validateCSRFToken();
// Try to update the password
if ($owner_dao->updatePassword($this->getLoggedInUser(), $_POST['pass1']) < 1) {
$this->addErrorMessage("Your password has NOT been updated.", 'password');
} else {
$this->addSuccessMessage("Your password has been updated.", 'password');
}
}
}
//reset api_key
if (isset($_POST['reset_api_key']) && $_POST['reset_api_key'] == 'Reset API Key') {
$this->validateCSRFToken();
$api_key = $owner_dao->resetAPIKey($owner->id);
if (!$api_key) {
throw new Exception("Unbale to update user's api_key, something bad must have happened");
}
$this->addSuccessMessage("Your API Key has been reset! Please update your ThinkUp RSS feed subscription.", 'api_key');
$owner->api_key = $api_key;
}
// process invite
if (isset($_POST['invite']) && $_POST['invite'] == 'Create Invitation') {
// verify CSRF token
$this->validateCSRFToken();
$invite_code = substr(md5(uniqid(rand(), true)), 0, 10);
$invite_added = $invite_dao->addInviteCode($invite_code);
if ($invite_added == 1) {
//invite generated and inserted
$invite_link = Utils::getApplicationURL() . 'session/register.php?code=' . $invite_code;
$this->addSuccessMessage("Invitation created!<br />Copy this link and send it to someone you want to " . 'invite to register on your ThinkUp installation.<br /><a href="' . $invite_link . '" id="clippy_12345">' . $invite_link . '</a>
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
width="100"
height="14"
class="clippy"
id="clippy" >
<param name="movie" value="' . Utils::getApplicationURL() . 'assets/flash/clippy.swf"/>
<param name="allowScriptAccess" value="always" />
<param name="quality" value="high" />
<param name="scale" value="noscale" />
<param NAME="FlashVars" value="id=clippy_12345&copied=copied!&copyto=copy to clipboard">
<param name="bgcolor" value="#D5F0FC">
<param name="wmode" value="opaque">
<embed src="' . Utils::getApplicationURL() . 'assets/flash/clippy.swf"
width="100"
height="14"
name="clippy"
quality="high"
allowScriptAccess="always"
type="application/x-shockwave-flash"
pluginspage="http://www.macromedia.com/go/getflashplayer"
FlashVars="id=clippy_12345&copied=copied!&copyto=copy to clipboard"
bgcolor="#dff0d8"
wmode="opaque"/></object>
<br /> Good for one new registration. Expires in 7 days.', 'invite', true);
} else {
$this->addErrorMessage("There was an error creating a new invite. Please try again.", 'invite');
}
}
//process service user deletion
if (isset($_POST['action']) && $_POST['action'] == 'Delete' && isset($_POST['instance_id']) && is_numeric($_POST['instance_id']) && !isset($_POST['hashtag_id']) && !isset($_POST['new_hashtag_name'])) {
$owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO');
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$instancehashtag_dao = DAOFactory::getDAO('InstanceHashtagDAO');
$hashtagpost_dao = DAOFactory::getDAO('HashtagPostDAO');
$hashtag_dao = DAOFactory::getDAO('HashtagDAO');
$instance = $instance_dao->get($_POST['instance_id']);
$message = '';
if (isset($instance)) {
// verify CSRF token
$this->validateCSRFToken();
if ($this->isAdmin()) {
//Retrieve this instance's saved searches
$instances_hashtags = $instancehashtag_dao->getByInstance($instance->id);
$deleted_searches = 0;
foreach ($instances_hashtags as $instance_hashtag) {
$hashtag_id = $instance_hashtag->hashtag_id;
$deleted_searches += $instancehashtag_dao->delete($instance_hashtag->instance_id, $hashtag_id);
//Continue deletions if no other owner has saved this search
if (!$instancehashtag_dao->isHashtagSaved($hashtag_id)) {
$deleted_searchposts = $hashtagpost_dao->deleteHashtagsPostsByHashtagID($hashtag_id);
$deleted_hashtag = $hashtag_dao->deleteHashtagByID($hashtag_id);
}
}
//delete all owner_instances
$owner_instance_dao->deleteByInstance($instance->id);
//delete instance
$instance_dao->delete($instance->network_username, $instance->network);
$this->addSuccessMessage('Account ' . ($deleted_searches > 0 ? 'and its saved searches ' : '') . 'deleted.', 'account');
} else {
if ($owner_instance_dao->doesOwnerHaveAccessToInstance($owner, $instance)) {
//delete owner instance
$total_deletions = $owner_instance_dao->delete($owner->id, $instance->id);
if ($total_deletions > 0) {
//delete instance if no other owners have it
$remaining_owner_instances = $owner_instance_dao->getByInstance($instance->id);
$deleted_searches = 0;
if (sizeof($remaining_owner_instances) == 0) {
//Retrieve this instance's saved searches
$instances_hashtags = $instancehashtag_dao->getByInstance($instance->id);
foreach ($instances_hashtags as $instance_hashtag) {
$hashtag_id = $instance_hashtag->hashtag_id;
$deleted_searches += $instancehashtag_dao->delete($instance_hashtag->instance_id, $hashtag_id);
//Continue deletions if no other owner has saved this search
if (!$instancehashtag_dao->isHashtagSaved($hashtag_id)) {
$deleted_searchposts = $hashtagpost_dao->deleteHashtagsPostsByHashtagID($hashtag_id);
$deleted_hashtag = $hashtag_dao->deleteHashtagByID($hashtag_id);
}
}
$instance_dao->delete($instance->network_username, $instance->network);
}
$this->addSuccessMessage('Account ' . ($deleted_searches > 0 ? 'and its saved searches ' : '') . 'deleted.', 'account');
}
} else {
$this->addErrorMessage('Insufficient privileges.', 'account');
}
}
} else {
$this->addErrorMessage('Instance doesn\'t exist.', 'account');
}
}
//process hashtag deletion
if (isset($_POST['action']) && $_POST['action'] == 'Delete' && isset($_POST['hashtag_id']) && is_numeric($_POST['hashtag_id']) && isset($_POST['instance_id']) && is_numeric($_POST['instance_id'])) {
$instancehashtag_dao = DAOFactory::getDAO('InstanceHashtagDAO');
$hashtag_dao = DAOFactory::getDAO('HashtagDAO');
$hashtagpost_dao = DAOFactory::getDAO('HashtagPostDAO');
$hashtag_id = $_POST['hashtag_id'];
$instance_id = $_POST['instance_id'];
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$instance = $instance_dao->get($instance_id);
if (isset($instance)) {
$instances_hashtags_deleted = $instancehashtag_dao->delete($instance_id, $hashtag_id);
if (!$instancehashtag_dao->isHashtagSaved($hashtag_id)) {
$deleted_searchposts = $hashtagpost_dao->deleteHashtagsPostsByHashtagID($hashtag_id);
$deleted_hashtag = $hashtag_dao->deleteHashtagByID($hashtag_id);
}
$message = "Deleted saved search.";
$this->addSuccessMessage($message, 'account');
} else {
$this->addErrorMessage('Instance doesn\'t exist.', 'account');
}
}
//process service user hashtag addition
if (isset($_POST['action']) && $_POST['action'] == 'Save search' && isset($_POST['new_hashtag_name']) && $_POST['new_hashtag_name'] != '' && isset($_POST['instance_id']) && is_numeric($_POST['instance_id'])) {
$instancehashtag_dao = DAOFactory::getDAO('InstanceHashtagDAO');
$hashtag_dao = DAOFactory::getDAO('HashtagDAO');
$instance_id = $_POST['instance_id'];
$new_hashtag_name = $_POST['new_hashtag_name'];
//Check if $new_hashtag_name is an individual word (no spaces)
if (strpos($new_hashtag_name, " ") === false) {
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$instance = $instance_dao->get($instance_id);
if (isset($instance)) {
$hashtag = $hashtag_dao->getHashtag($new_hashtag_name, $instance->network);
if (!isset($hashtag)) {
$hashtag_id = $hashtag_dao->insertHashtag($new_hashtag_name, $instance->network);
$row_inserted = $instancehashtag_dao->insert($instance_id, $hashtag_id);
$message = "Saved search for " . $new_hashtag_name . ".";
$this->addSuccessMessage($message, 'account');
} else {
$row_inserted = $instancehashtag_dao->insert($instance_id, $hashtag->id);
$message = "Saved search for " . $new_hashtag_name . ".";
$this->addSuccessMessage($message, 'account');
}
} else {
$this->addErrorMessage('Instance doesn\'t exist.', 'account');
}
} else {
$this->addErrorMessage('You can only search for an individual keyword or hashtag, not a phrase. ' . 'Please try again.', 'account');
}
}
//process change to notification frequency
if (isset($_POST['updatefrequency'])) {
$this->validateCSRFToken();
$new_freq = isset($_POST['notificationfrequency']) ? $_POST['notificationfrequency'] : null;
$updates = 0;
if ($new_freq && isset($this->notification_frequencies[$new_freq])) {
$updates = $owner_dao->setEmailNotificationFrequency($this->getLoggedInUser(), $new_freq);
}
if ($updates > 0) {
// Update the user in the view to match
$owner->email_notification_frequency = $new_freq;
$this->addToView('owner', $owner);
$this->addSuccessMessage('Your email notification frequency has been updated.', 'notifications');
}
}
//process change to timezone
if (isset($_POST['updatetimezone'])) {
$this->validateCSRFToken();
$new_tz = isset($_POST['timezone']) ? $_POST['timezone'] : null;
$updates = 0;
if (isset($new_tz)) {
$possible_timezones = timezone_identifiers_list();
if (in_array($new_tz, $possible_timezones)) {
$updates = $owner_dao->setTimezone($this->getLoggedInUser(), $new_tz);
}
}
if ($updates > 0) {
// Update the user in the view to match
$owner->timezone = $new_tz;
$this->addToView('owner', $owner);
$this->addSuccessMessage('Your time zone has been saved.', 'timezone');
}
}
$this->view_mgr->clear_all_cache();
/* Begin plugin-specific configuration handling */
if (isset($_GET['p']) && !isset($_GET['u'])) {
// add config js to header
if ($this->isAdmin()) {
$this->addHeaderJavaScript('assets/js/plugin_options.js');
}
$active_plugin = $_GET['p'];
$webapp_plugin_registrar = PluginRegistrarWebapp::getInstance();
$pobj = $webapp_plugin_registrar->getPluginObject($active_plugin);
$p = new $pobj();
$this->addToView('body', $p->renderConfiguration($owner));
$this->addToView('force_plugin', true);
$profiler = Profiler::getInstance();
$profiler->clearLog();
} elseif (isset($_GET['p']) && isset($_GET['u']) && isset($_GET['n'])) {
if ($this->isAdmin()) {
$this->addHeaderJavaScript('assets/js/plugin_options.js');
}
$active_plugin = $_GET['p'];
$instance_username = $_GET['u'];
$instance_network = $_GET['n'];
$webapp_plugin_registrar = PluginRegistrarWebapp::getInstance();
$pobj = $webapp_plugin_registrar->getPluginObject($active_plugin);
$p = new $pobj();
$this->addToView('body', $p->renderInstanceConfiguration($owner, $instance_username, $instance_network));
$this->addToView('force_plugin', true);
$profiler = Profiler::getInstance();
$profiler->clearLog();
}
$plugin_dao = DAOFactory::getDAO('PluginDAO');
$config = Config::getInstance();
$installed_plugins = $plugin_dao->getInstalledPlugins();
$this->addToView('installed_plugins', $installed_plugins);
/* End plugin-specific configuration handling */
if ($owner->is_admin) {
if (!isset($instance_dao)) {
$instance_dao = DAOFactory::getDAO('InstanceDAO');
}
$owners = $owner_dao->getAllOwners();
foreach ($owners as $o) {
$instances = $instance_dao->getByOwner($o, true);
$o->setInstances($instances);
}
$this->addToView('owners', $owners);
$this->addToView('public_instances', $instance_dao->getPublicInstances());
}
$whichphp = @exec('which php');
$php_path = !empty($whichphp) ? $whichphp : 'php';
$email = $this->getLoggedInUser();
//rss_crawl_url
$rss_crawl_url = Utils::getApplicationURL() . sprintf('crawler/rss.php?un=%s&as=%s', urlencode($email), $owner->api_key);
$this->addToView('rss_crawl_url', $rss_crawl_url);
//cli_crawl_command
$cli_crawl_command = 'cd ' . THINKUP_WEBAPP_PATH . 'crawler/;export THINKUP_PASSWORD=yourpassword; ' . $php_path . ' crawl.php ' . $email;
$this->addToView('cli_crawl_command', $cli_crawl_command);
//help link
$this->view_mgr->addHelp('rss', 'userguide/datacapture');
return $this->generateView();
}
/**
* Invoke the controller
*
* Always use this method, not control(), to invoke the controller.
* @TODO show get 500 error template on Exception
* (if debugging is true, pass the exception details to the 500 template)
*/
public function go()
{
try {
$this->initalizeApp();
// are we in need of a database migration?
$classname = get_class($this);
if ($classname != 'InstallerController' && $classname != 'BackupController' && UpgradeController::isUpgrading($this->isAdmin(), $classname)) {
$this->setViewTemplate('install.upgradeneeded.tpl');
$this->disableCaching();
$option_dao = DAOFactory::getDAO('OptionDAO');
$option_dao->clearSessionData(OptionDAO::APP_OPTIONS);
return $this->generateView();
} else {
$results = $this->control();
if ($this->profiler_enabled && !isset($this->json_data) && strpos($this->content_type, 'text/javascript') === false && strpos($this->content_type, 'text/csv') === false) {
$end_time = microtime(true);
$total_time = $end_time - $this->start_time;
$profiler = Profiler::getInstance();
$this->disableCaching();
$profiler->add($total_time, "total page execution time, running " . $profiler->total_queries . " queries.");
$this->setViewTemplate('_profiler.tpl');
$this->addToView('profile_items', $profiler->getProfile());
return $results . $this->generateView();
} else {
return $results;
}
}
} catch (Exception $e) {
//Explicitly set TZ (before we have user's choice) to avoid date() warning about using system settings
date_default_timezone_set('America/Los_Angeles');
$content_type = $this->content_type;
if (strpos($content_type, ';') !== false) {
$exploded = explode(';', $content_type);
$content_type = array_shift($exploded);
}
switch ($content_type) {
case 'application/json':
$this->setViewTemplate('500.json.tpl');
break;
case 'text/plain':
$this->setViewTemplate('500.txt.tpl');
break;
default:
$this->setViewTemplate('500.tpl');
}
$this->addToView('error_type', get_class($e));
$this->addErrorMessage($e->getMessage());
return $this->generateView();
}
}
/**
* Executes the query, with the bound values
* @param str $sql
* @param array $binds
* @return PDOStatement
*/
protected final function execute($sql, $binds = array())
{
if ($this->profiler_enabled) {
$start_time = microtime(true);
}
$sql = preg_replace("/#prefix#/", $this->prefix, $sql);
$sql = preg_replace("/#gmt_offset#/", $this->gmt_offset, $sql);
$stmt = self::$PDO->prepare($sql);
if (is_array($binds) and count($binds) >= 1) {
foreach ($binds as $key => $value) {
if (is_int($value)) {
$stmt->bindValue($key, $value, PDO::PARAM_INT);
} else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
$stmt->execute();
if ($this->profiler_enabled) {
$end_time = microtime(true);
$total_time = $end_time - $start_time;
$profiler = Profiler::getInstance();
$profiler->add($total_time, $sql, true, $stmt->rowCount());
}
return $stmt;
}
