public function __set($key, $value)
{
if ($key === $this->config['columns']['password']) {
// Use Auth to hash the password
$value = Security::instance($this->config_name)->hash_password($value);
}
parent::__set($key, $value);
}
public static function createKey($args)
{
$db = \Base::instance()->get('db.instance');
$security = Security::instance();
$publicKey = $security->salt();
$privateKey = $security->salt_sha2(384);
$db->exec('INSERT INTO api_keys(target, `name`, `privateKey`, `publicKey`, isOrgKey, usages) VALUES(:target, :name, :privateKey, :publicKey, :isOrgKey, :usages)', ['target' => $args['target'], 'name' => $args['name'], 'privateKey' => $privateKey, 'publicKey' => $publicKey, 'isOrgKey' => $args['type'] == 'org', 'usages' => 0]);
return ['privateKey' => $privateKey, 'publicKey' => $publicKey];
}
public static function createInvite($email = '', $sendmail = false, $usages = 1)
{
$f3 = \Base::instance();
$db = $f3->get('db.instance');
// Generate a key
$security = Security::instance();
$key = $security->salt();
$db->exec('INSERT INTO invites(`key`, `email`, `fixedEmail`, `usages`, `claimed`) VALUES(:key, :email, :fixedEmail, :usages, FALSE)', array('key' => $key, 'email' => $email, 'fixedEmail' => !empty($email), 'usages' => $usages));
if ($sendmail and !empty($email)) {
$f3->set('email', $email);
$f3->set('key', $key);
SendingAPI::send(['mailTo' => $email, 'mailSubject' => 'You have been invited to join SquareMS !', 'mailContents' => ['html' => \Template::instance()->render('mails/invited.html'), 'text' => "You have been invited to join SquareMS ! \n" . "You can create an account using this link: https://squarems.net/invites/{$key} ! \n" . "If you have any more questions, you can mail us at contact@squarems.net. \n\n" . "This mail was sent to {$email}. Please do not respond, it is sent by an automated system."]]);
}
return $key;
}
public function signout()
{
Security::instance()->logout();
$this->notification->add($this->i18n['system.signout.success']);
url::redirect(url::area() . 'login');
}
public function create()
{
$this->breadcrumbs->add()->url(false)->title('Add Paper');
// let make sure they are still logged in.
$current = Security::instance()->get_user();
// sanity check
if ($current && $current->loaded) {
$input = Validation::factory($this->input->post());
$input->add_rules('paper_id', 'required');
if ($this->input->post('type') == 'new') {
$input->add_rules('name', 'required');
} elseif ($this->input->post('type') == 'existing') {
$input->add_rules('lightbox_id', 'required');
}
$continue = TRUE;
if ($input->validate()) {
// sanity checks to make sure that the data is real.
$lightbox_id = $this->input->post('lightbox_id');
// check to see if we are ment to be creating a new lightbox
if ($this->input->post('type') == 'new') {
$continue = FALSE;
// make sure there are no other lightboxes by this user with the same name
$existing = ORM::factory('lightbox')->where('creator_id', $current->id)->where('name', $this->input->post('name'))->find();
if ($existing->loaded) {
$this->notification->add($this->i18n['system.lightbox.exists'], $this->input->post('name'));
} else {
// so it is new, create a new one
$lightbox = orm::factory('lightbox');
$lightbox->name = $this->input->post('name');
$lightbox->description = $this->input->post('description');
$lightbox->creator_id = $current->id;
$lightbox->status = 'public';
if ($lightbox->save()) {
$lightbox_id = $lightbox->id;
$this->notification->add($this->i18n['system.lightbox.success'], $lightbox->name);
$continue = TRUE;
} else {
$this->notification->add($this->i18n['system.lightbox.error']);
}
}
}
$paper = ORM::factory('paper', $this->input->post('paper_id'));
$lightbox = ORM::factory('lightbox', $lightbox_id);
if ($continue) {
if ($paper->loaded && $lightbox->loaded) {
$lightbox->add($paper);
if ($lightbox->save()) {
$this->notification->add($this->i18n['system.paper.success'], array($paper->name, $lightbox->name));
} else {
$this->notification->add($this->i18n['system.paper.error'], array($paper->name, $lightbox->name));
}
} else {
if (!$paper->loaded) {
$this->notification->add($this->i18n['system.paper.invalid']);
}
if (!$lightbox->loaded) {
$this->notification->add($this->i18n['system.lightbox.invalid']);
}
}
}
} else {
foreach ($input->errors() as $key => $value) {
$this->notification->add($this->i18n['filter.' . $key . '.' . $value]);
}
}
} else {
// not logged in
$this->notification->add($this->i18n['system.user.invalid']);
}
}
if (!file_exists('GameEngine/config.php')) {
header("Location: install/");
}
include "GameEngine/config.php";
/*
if($_SERVER['HTTP_HOST'] != '.SERVER.')
{
header('location: '.SERVER.'');
exit;
}
*/
// delete the /* and the */ if you not use localhost.
error_reporting(E_ALL || E_NOTICE);
if (file_exists('Security/Security.class.php')) {
require 'Security/Security.class.php';
Security::instance();
} else {
die('Security: Please activate security class!');
}
include "GameEngine/Database.php";
include "GameEngine/Lang/" . LANG . ".php";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php
echo SERVER_NAME;
?>
</title>
<link rel="shortcut icon" href="favicon.ico" />
<link rel="stylesheet" type="text/css" href="gpack/travian/main.css" />
">
<noscript><p>Please enable Javascript in your browser to view this site</p></noscript>
<div id="header">
<div class="container">
<h1 id="logo"><a href="/">Spicers</a></h1>
<ul id="controls">
<?php
if (Security::instance()->get_user()) {
?>
<li><span class="user-name"><?php
echo Security::instance()->get_user()->unique;
?>
</span></li>
<li><a href="account">My Account</a></li>
<li><a href="account/logout" id="sign-out">Sign Out</a></li>
<?php
} else {
?>
<li><span class="user-name">(Not signed in)</span> <a href="account/login" id="sign-in">Sign In</a></li>
<li><a href="account/register">Register</a></li>
<?php
}
?>
<li class="last"><a href="about-us/contact">Contact Us</a></li>
<li id="site-search">
<form action="#todo" method="post">
<!-- #todo: Better way to detect what domain user is on -->
<? foreach (admin::$sites as $site) : ?>
<li><a href="<?= url::base() . $site . '/' . url::routes_area(); ?>" <?= strstr( $base_href, $site ) !== false ? 'class="selected"' : '' ?>><span><?= $site; ?></span></a></li>
<? endforeach; ?>
<!-- /#todo -->
</ul>
<? endif; ?>
*/
?>
<div id="user-info">
<?php
if (Security::instance()->get_user()) {
?>
<p>Hello, <span class="user-name"><?php
echo Security::instance()->get_user()->username;
?>
</span></p>
<ul id="user-actions">
<li class="first"><a href="account">My Account</a></li>
<li><a href="account/logout">Logout</a></li>
<li class="last"><a href="#todo">Visit Website</a></li>
</ul><!--/navigation -->
<?php
}
?>
</div>
<ul id="navigation">
<li>
<?php
/**
* The method used to delete a object, redirects to index
*
* @param integer $id the id of the object to delete
*/
public function delete($id = NULL)
{
// make sure that they are only trying to delete their own lightboxes
if ($this->access->allowed('lightboxes', 'delete')) {
$current = Security::instance()->get_user();
if ($id) {
$lightbox = ORM::factory('lightbox')->find($id);
if ($lightbox->loaded) {
if ($lightbox->creator_id == $current->id) {
$lightbox_name = $lightbox->name;
if ($lightbox->delete()) {
$this->notification->add($this->i18n['system.lightbox.success'], $lightbox_name);
} else {
$this->notification->add($this->i18n['system.lightbox.error'], $lightbox_name);
}
} else {
$this->notification->add($this->i18n['system.user.invalid']);
}
} else {
$this->notification->add($this->i18n['system.lightbox.invalid']);
}
} else {
$this->notification->add($this->i18n['system.lightbox.invalid']);
}
} else {
url::failed();
}
if (!request::is_ajax()) {
url::redirect(url::area());
}
}
<div class="header">
<h4>Your Spicers</h4>
</div><!-- /.header -->
<ul class="menu navigation">
<li class="current"><a href="lightboxes"><span>Lightboxes</span></a></li>
<li><a href="account/inspirations"><span>Inspiration</span></a></li>
<li><a href="account/samples"><span>Samples & Dummies</span></a></li>
<li><a href="account/settings"><span>Settings</span></a></li>
</ul><!-- /.navigation -->
</div><!-- /.section -->
<div id="user-info" class="section">
<h5>Hi <?php
echo Security::instance()->get_user()->firstname;
?>
</h5>
<dl>
<dt>Last login:</dt>
<dd class="time"><!-- #todo --><?php
echo date("d M, Y");
?>
<!-- /#todo --></dd>
<dt>Your representative:</dt>
<dd><a href="#todo"><!-- #todo -->Representative Name<!-- /#todo --></a></dd>
</dl>
</div><!-- /#user-info -->
</div><!-- /#side-menu -->
/**
* Constructor. Sanitizes global data GET, POST and COOKIE data.
* Also makes sure those pesty magic quotes and register globals
* don't bother us. This is protected because it really only needs
* to be run once.
*
* @return void
*/
protected function __construct()
{
if (self::$instance === NULL) {
// Check for magic quotes
if (get_magic_quotes_runtime()) {
// Dear lord!! This is bad and deprected. Sort it out ;)
set_magic_quotes_runtime(0);
}
if (get_magic_quotes_gpc()) {
// This is also bad and deprected. See http://php.net/magic_quotes for more information.
$this->magic_quotes_gpc = TRUE;
}
// Check for register globals and prevent security issues from arising.
if (ini_get('register_globals')) {
if (isset($_REQUEST['GLOBALS'])) {
// No no no.. just kill the script here and now
exit('Illegal attack on global variable.');
}
// Get rid of REQUEST
$_REQUEST = array();
// The following globals are standard and shouldn't really be removed
$preserve = array('GLOBALS', '_REQUEST', '_GET', '_POST', '_FILES', '_COOKIE', '_SERVER', '_ENV', '_SESSION');
// Same effect as disabling register_globals
foreach ($GLOBALS as $key => $value) {
if (!in_array($key, $preserve)) {
global ${$key};
${$key} = NULL;
unset($GLOBALS[$key], ${$key});
}
}
}
// Sanitize global data
if (is_array($_POST)) {
foreach ($_POST as $key => $value) {
$_POST[$this->clean_input_keys($key)] = $this->clean_input_data($value);
}
} else {
$_POST = array();
}
if (is_array($_GET)) {
foreach ($_GET as $key => $value) {
$_GET[$this->clean_input_keys($key)] = $this->clean_input_data($value);
}
} else {
$_GET = array();
}
if (is_array($_COOKIE)) {
foreach ($_COOKIE as $key => $value) {
$_COOKIE[$this->clean_input_keys($key)] = $this->clean_input_data($value);
}
} else {
$_COOKIE = array();
}
// Just make REQUEST a merge of POST and GET. Who really wants cookies in it anyway?
$_REQUEST = array_merge($_GET, $_POST);
self::$instance = $this;
}
}
public function logout()
{
Security::instance()->logout();
url::redirect('account/login');
}
