/**
  * Generates the captcha, "returns" a real image, this is why there is header('Content-type: image/jpeg')
  * Note: This is a very special method, as this is echoes out binary data.
  */
 public static function generateAndShowCaptcha()
 {
     // create a captcha with the CaptchaBuilder lib (loaded via Composer)
     $captcha = new CaptchaBuilder();
     $captcha->build(Config::get('CAPTCHA_WIDTH'), Config::get('CAPTCHA_HEIGHT'));
     // write the captcha character into session
     Session::set('captcha', $captcha->getPhrase());
     // render an image showing the characters (=the captcha)
     header('Content-type: image/jpeg');
     $captcha->output();
 }
Beispiel #2
0
 /**
  * Gets a user's profile data, according to the given $user_id
  * @param int $user_id The user's id
  * @return mixed The selected user's profile
  */
 public static function getPublicProfileOfUser($user_id)
 {
     $database = DatabaseFactory::getFactory()->getConnection();
     $sql = "SELECT user_id, user_name, user_email, user_active, user_has_avatar, user_deleted\n                FROM users WHERE user_id = :user_id LIMIT 1";
     $query = $database->prepare($sql);
     $query->execute(array(':user_id' => $user_id));
     $user = $query->fetch();
     if ($query->rowCount() == 1) {
         if (Config::get('USE_GRAVATAR')) {
             $user->user_avatar_link = AvatarModel::getGravatarLinkByEmail($user->user_email);
         } else {
             $user->user_avatar_link = AvatarModel::getPublicAvatarFilePathOfUser($user->user_has_avatar, $user->user_id);
         }
     } else {
         Session::add('feedback_negative', Text::get('FEEDBACK_USER_DOES_NOT_EXIST'));
     }
     // all elements of array passed to Filter::XSSFilter for XSS sanitation, have a look into
     // application/core/Filter.php for more info on how to use. Removes (possibly bad) JavaScript etc from
     // the user's values
     array_walk_recursive($user, 'Huge\\Core\\Filter::XSSFilter');
     return $user;
 }
 public function getConnection()
 {
     if (!$this->database) {
         /**
          * Check DB connection in try/catch block. Also when PDO is not constructed properly,
          * prevent to exposing database host, username and password in plain text as:
          * PDO->__construct('mysql:host=127....', 'root', '12345678', Array)
          * by throwing custom error message
          */
         try {
             $options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_OBJ, PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING);
             $this->database = new PDO(Config::get('DB_TYPE') . ':host=' . Config::get('DB_HOST') . ';dbname=' . Config::get('DB_NAME') . ';port=' . Config::get('DB_PORT') . ';charset=' . Config::get('DB_CHARSET'), Config::get('DB_USER'), Config::get('DB_PASS'), $options);
         } catch (\PDOException $e) {
             // Echo custom message. Echo error code gives you some info.
             echo 'Database connection can not be estabilished. Please try again later.' . '<br>';
             echo 'Error code: ' . $e->getCode();
             // Stop application :(
             // No connection, reached limit connections etc. so no point to keep it running
             Application::stop();
         }
     }
     return $this->database;
 }
Beispiel #4
0
<div class="container">
    <h1>NoteController/edit/:note_id</h1>

    <div class="box">
        <h2>Edit a note</h2>

        <!-- echo out the system feedback (error and success messages) -->
        <?php 
$this->renderFeedbackMessages();
?>

        <?php 
if ($this->note) {
    ?>
            <form method="post" action="<?php 
    echo Config::get('URL');
    ?>
note/editSave">
                <label>Change text of note: </label>
                <!-- we use htmlentities() here to prevent user input with " etc. break the HTML -->
                <input type="hidden" name="note_id" value="<?php 
    echo htmlentities($this->note->note_id);
    ?>
" />
                <input type="text" name="note_text" value="<?php 
    echo htmlentities($this->note->note_text);
    ?>
" />
                <input type="submit" value='Change' />
            </form>
        <?php 
Beispiel #5
0
 /**
  * Removes the avatar image file from the filesystem
  *
  * @param integer $userId
  * @return bool
  */
 public static function deleteAvatarImageFile($userId)
 {
     // Check if file exists
     if (!file_exists(Config::get('PATH_AVATARS') . $userId . ".jpg")) {
         Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_NO_FILE"));
         return false;
     }
     // Delete avatar file
     if (!unlink(Config::get('PATH_AVATARS') . $userId . ".jpg")) {
         Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED"));
         return false;
     }
     return true;
 }
Beispiel #6
0
 /**
  * Deletes the cookie
  * It's necessary to split deleteCookie() and logout() as cookies are deleted without logging out too!
  * Sets the remember-me-cookie to ten years ago (3600sec * 24 hours * 365 days * 10).
  * that's obviously the best practice to kill a cookie @see http://stackoverflow.com/a/686166/1114320
  *
  * @param string $user_id
  */
 public static function deleteCookie($user_id = null)
 {
     // is $user_id was set, then clear remember_me token in database
     if (isset($user_id)) {
         $database = DatabaseFactory::getFactory()->getConnection();
         $sql = "UPDATE users SET user_remember_me_token = :user_remember_me_token WHERE user_id = :user_id LIMIT 1";
         $sth = $database->prepare($sql);
         $sth->execute(array(':user_remember_me_token' => NULL, ':user_id' => $user_id));
     }
     // delete remember_me cookie in browser
     setcookie('remember_me', false, time() - 3600 * 24 * 3650, Config::get('COOKIE_PATH'), Config::get('COOKIE_DOMAIN'), Config::get('COOKIE_SECURE'), Config::get('COOKIE_HTTP'));
 }
Beispiel #7
0
        ?>
                        <tr>
                            <td><?php 
        echo $value->note_id;
        ?>
</td>
                            <td><?php 
        echo htmlentities($value->note_text);
        ?>
</td>
                            <td><a href="<?php 
        echo Config::get('URL') . 'note/edit/' . $value->note_id;
        ?>
">Edit</a></td>
                            <td><a href="<?php 
        echo Config::get('URL') . 'note/delete/' . $value->note_id;
        ?>
">Delete</a></td>
                        </tr>
                    <?php 
    }
    ?>
                </tbody>
            </table>
            <?php 
} else {
    ?>
                <div>No notes yet. Create some !</div>
            <?php 
}
?>
Beispiel #8
0
                            <?php 
    }
    ?>
                        </td>
                        <td><?php 
    echo $user->user_name;
    ?>
</td>
                        <td><?php 
    echo $user->user_email;
    ?>
</td>
                        <td><?php 
    echo $user->user_active == 0 ? 'No' : 'Yes';
    ?>
</td>
                        <td>
                            <a href="<?php 
    echo Config::get('URL') . 'profile/showProfile/' . $user->user_id;
    ?>
">Profile</a>
                        </td>
                    </tr>
                <?php 
}
?>
            </table>
        </div>
    </div>
</div>
 /**
  * Send the password reset mail
  *
  * @param string $user_name username
  * @param string $user_password_reset_hash password reset hash
  * @param string $user_email user email
  *
  * @return bool success status
  */
 public static function sendPasswordResetMail($user_name, $user_password_reset_hash, $user_email)
 {
     // create email body
     $body = Config::get('EMAIL_PASSWORD_RESET_CONTENT') . ' ' . Config::get('URL') . Config::get('EMAIL_PASSWORD_RESET_URL') . '/' . urlencode($user_name) . '/' . urlencode($user_password_reset_hash);
     // create instance of Mail class, try sending and check
     $mail = new \Huge\Core\Mail();
     $mail_sent = $mail->sendMail($user_email, Config::get('EMAIL_PASSWORD_RESET_FROM_EMAIL'), Config::get('EMAIL_PASSWORD_RESET_FROM_NAME'), Config::get('EMAIL_PASSWORD_RESET_SUBJECT'), $body);
     if ($mail_sent) {
         Session::add('feedback_positive', Text::get('FEEDBACK_PASSWORD_RESET_MAIL_SENDING_SUCCESSFUL'));
         return true;
     }
     Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_RESET_MAIL_SENDING_ERROR') . $mail->getError());
     return false;
 }
 /**
  * Sends the verification email (to confirm the account).
  * The construction of the mail $body looks weird at first, but it's really just a simple string.
  *
  * @param int $user_id user's id
  * @param string $user_email user's email
  * @param string $user_activation_hash user's mail verification hash string
  *
  * @return boolean gives back true if mail has been sent, gives back false if no mail could been sent
  */
 public static function sendVerificationEmail($user_id, $user_email, $user_activation_hash)
 {
     $body = Config::get('EMAIL_VERIFICATION_CONTENT') . Config::get('URL') . Config::get('EMAIL_VERIFICATION_URL') . '/' . urlencode($user_id) . '/' . urlencode($user_activation_hash);
     $mail = new Mail();
     $mail_sent = $mail->sendMail($user_email, Config::get('EMAIL_VERIFICATION_FROM_EMAIL'), Config::get('EMAIL_VERIFICATION_FROM_NAME'), Config::get('EMAIL_VERIFICATION_SUBJECT'), $body);
     if ($mail_sent) {
         Session::add('feedback_positive', Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_SUCCESSFUL'));
         return true;
     } else {
         Session::add('feedback_negative', Text::get('FEEDBACK_VERIFICATION_MAIL_SENDING_ERROR') . $mail->getError());
         return false;
     }
 }
Beispiel #11
0
        <!-- echo out the system feedback (error and success messages) -->
        <?php 
$this->renderFeedbackMessages();
?>

        <div>Your username: <?php 
echo $this->user_name;
?>
</div>
        <div>Your email: <?php 
echo $this->user_email;
?>
</div>
        <div>Your avatar image:
            <?php 
if (Config::get('USE_GRAVATAR')) {
    ?>
                Your gravatar pic (on gravatar.com): <img src='<?php 
    echo $this->user_gravatar_image_url;
    ?>
' />
            <?php 
} else {
    ?>
                Your avatar pic (saved locally): <img src='<?php 
    echo $this->user_avatar_file;
    ?>
' />
            <?php 
}
?>