public function checkLogin($usr = '', $pass = '')
{
/*inicialmente validaremos contra datos preestablecidos que podrían venir por ejemplo, de una base de datos*/
if ($usr == self::$user && $pass == self::$password) {
self::$loggedin = true;
self::$arrUsuario['user'] = self::$user;
$_SESSION['auth_user'] = self::$user;
$_SESSION['auth_pass'] = self::$password;
parent::set("auth_user", self::$user);
parent::set("auth_pass", self::$password);
return true;
} else {
self::$arrUsuario = array();
self::$loggedin = false;
return false;
}
$auth = new SessionUtils();
if ($auth->checkLogin('test', 'test')) {
echo "ok";
print_r($_SESSION);
print_r($_COOKIE);
} else {
echo "fail";
}
}
public static function saveSessionObject($name, $obj)
{
if (empty(self::$data)) {
self::$data = array();
}
self::$data[$name . CLIENT_NAME] = json_encode($obj);
}
protected function setUp()
{
parent::setUp();
$this->deleteAllUsers();
$this->createNewUsers();
SessionUtils::saveSessionObject('user', $this->usersArray['admin']);
}
public function logout($path = '/')
{
$ds = $this->getDataStore();
$this->session->add(self::LOGINED_KEY, false);
$this->session->add(self::USER_ID_KEY, null);
$this->cleanupAutoLogin($ds, $path);
}
public function insertNewUserAddressVisited(\AddressDTO $addressDTO)
{
try {
$this->userAutentication();
$userLogged = SessionUtils::getUserLogged();
$newAddress = array(":" . USERID => $userLogged->getUserId(), ":" . LONGITUDE => $addressDTO->getLongitude(), ":" . LATITUDE => $addressDTO->getLatitude(), ":" . TIMESTAMP => date(DATE_FORMAT));
$newAddressId = $this->getDB()->insert(USER_ADDRESS_VISITED_TABLE, $newAddress);
return $newAddressId;
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (Exception $e) {
throw $e;
}
}
public function testSession()
{
try {
$userLogged = SessionUtils::getUserLogged();
$username = $userLogged->getUserName();
$sessionToken = SessionUtils::getSessionToken();
$query = "select * from sat_user where USERNAME = {$username} and SESSION_TOKEN = {$sessionToken}";
return $this->execQuery($query);
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (Exception $e) {
throw $e;
}
}
function deleteFriendModel($friendId)
{
try {
$responseDTO = new ResponseDTO(DELETE_FRIEND_FORM);
$friendsDAO = new FriendsDAO();
$oldFriend = $friendsDAO->deleteFriend($friendId);
SessionUtils::deleteFriendInUserLoggedFriendList($friendId);
$responseDTO->setResponseSucc("friend" . $friendId);
return $responseDTO;
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (UserNotAuthenticatedExceptionDTO $authExp) {
throw $authExp;
} catch (Exception $e) {
throw $e;
}
}
public function updateProfilePhoto(\PhotoDTO $userProfilePhotoDTO)
{
$userLogged = SessionUtils::getUserLogged();
$set = array(PROFILEPHOTO => $userProfilePhotoDTO->getPhotoId());
$where = array(USERID => $userLogged->getUserId());
try {
$this->userAutentication();
$userPhoto = $this->getDB()->update(USER_TABLE, $set, $where);
DataModelUtils::notifyAction($userProfilePhotoDTO->getPhotoId() . SEPARATOR . $userProfilePhotoDTO->getPhotoUrl(), PROFILE_SETTINGS_PHOTO_FORM);
return $userProfilePhotoDTO;
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (UserNotAuthenticatedExceptionDTO $authExp) {
throw $authExp;
} catch (Exception $e) {
throw $e;
}
}
public function deleteAlbum($albumId)
{
try {
$model = $this->getModel();
$deletedAlbum = $model->deleteAlbumModel($albumId);
if (isset($_POST[JAVASCRIPT_ON]) && $_POST[JAVASCRIPT_ON] === "Y") {
echo json_encode($deletedAlbum->jsonSerialize());
} else {
SessionUtils::setError($deletedAlbum);
header("Location: " . URL . ALBUM_CONTROLLER);
exit;
}
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (UserNotAuthenticatedExceptionDTO $authExp) {
parent::userNotLogged($authExp);
} catch (Exception $e) {
throw $e;
}
}
public static function uploadPhotoModel($uploadedPhoto, $albumId, $formType, $latitude = NULL, $longitude = NULL)
{
$responseDTO = new ResponseDTO($formType);
try {
$userLogged = SessionUtils::getUserLogged();
$fileName = $uploadedPhoto["name"];
$fileType = $uploadedPhoto["type"];
$tmpFileName = $uploadedPhoto["tmp_name"];
$rawImage = FileUtils::getRawImage($fileType, $tmpFileName);
$fileName = FileUtils::getFileName($fileName, $userLogged->getUserId(), $albumId);
$redimImage = FileUtils::getRedimensionedImage($tmpFileName, $rawImage);
if (imagejpeg($redimImage, $fileName, 100)) {
$photoDAO = new PhotoDAO();
$newPhotoDTO = new PhotoDTO(NULL, $fileName, $latitude, $longitude);
$newPhotoDTO = $photoDAO->insertNewPhoto($newPhotoDTO);
if ($newPhotoDTO->getPhotoId() == 0) {
$responseDTO->setErrField(ERROR_RESPONSE, "Errore durante l'inserimento della foto [" . $newPhotoDTO->getPhotoUrl() . "]");
} else {
$albumDAO = new AlbumDAO();
if (is_null($albumId)) {
$albumId = $albumDAO->getDefaultAlbumId($userLogged->getUserId());
}
if ($formType !== ADD_ALBUM_FORM) {
$photoInAlbumId = $albumDAO->insertNewUserPhotoAlbum($userLogged->getUserId(), $albumId, $newPhotoDTO->getPhotoId());
}
if (!is_null($latitude) && !is_null($longitude)) {
$uploadedAddress = FileUtils::saveAddressModel($latitude, $longitude, $formType);
}
return $newPhotoDTO;
}
} else {
$responseDTO->setErrField(ERROR_RESPONSE, "Errore durante la copia del file sul server PHP");
}
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (UserNotAuthenticatedExceptionDTO $userAuth) {
throw $userAuth;
} catch (Exception $e) {
throw $e;
}
}
function userAutentication()
{
try {
$userLogged = SessionUtils::getUserLogged();
$sessionToken = SessionUtils::getSessionToken();
if (!is_null($userLogged)) {
$query = "select * from sat_user where userid = " . $userLogged->getUserId() . " and SESSION_TOKEN = '" . $sessionToken . "'";
$objectArray = $this->getDB()->execQuery($query);
if (is_null($objectArray)) {
$myException = new UserNotAuthenticatedExceptionDTO(URL . LOGIN_CONTROLLER);
throw $myException;
}
}
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (UserNotAuthenticatedExceptionDTO $userAuth) {
throw $userAuth;
} catch (Exception $e) {
throw $e;
}
}
public function forgotPassword()
{
try {
$model = $this->getModel();
$forgotPwdjax = NULL;
if (isset($_GET["forgotPasswordForm"])) {
$forgotPwdjax = json_decode($_GET["forgotPasswordForm"], true);
$forgottenPwd = $model->forgotPasswordModel($forgotPwdjax);
echo json_encode($forgottenPwd->jsonSerialize());
} else {
$forgottenPwd = $model->forgotPasswordModel($forgotPwdjax);
SessionUtils::setError($forgottenPwd);
header("Location:" . URL . FORGOT_PWD_CONTROLLER);
exit;
}
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (Exception $e) {
throw $e;
}
}
public function forgotPasswordModel($forgotPasswordForm)
{
$formObjRaw = new FormDTO(FORGOT_PWD_FORM, $forgotPasswordForm);
$responseDTO = new ResponseDTO(FORGOT_PWD_FORM);
try {
$formDataObj = $formObjRaw->getFormData();
$validator = new FormValidator(FORGOT_PWD_FORM, $formDataObj);
$validationError = $validator->checkAll();
if (sizeof($validationError) == 0) {
$userDAO = new UserDAO();
$userDTO = $userDAO->getUserByEmail($formDataObj[FORGOT_PWD_FORM . EMAIL]);
if (is_null($userDTO)) {
$responseDTO->setErrField(ERROR_RESPONSE, "Nessun user presente con questa mail");
} else {
$newPassword = PasswordUtils::createRandomicPassword();
$userDTO->setPassword($newPassword);
$resultMail = DataModelUtils::sendMail($userDTO, FORGOT_PWD_FORM);
$hashedPwd = PasswordUtils::getPassword($newPassword);
$userDTO->setPassword($hashedPwd);
$result = $userDAO->updateUserPassword($userDTO);
if ($result != 1) {
$responseDTO->setErrField(ERROR_RESPONSE, "Problema nel cambio della password");
} else {
$responseDTO->setResponseSucc("Verra mandata una mail con una nuova password all'indirizzo " . $userDTO->getEmail());
}
}
} else {
if (array_key_exists(EMAIL, $validationError)) {
$responseDTO->setErrField(EMAIL, $validationError[EMAIL]);
}
SessionUtils::setFormValue($formDataObj);
}
return $responseDTO;
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (Exception $e) {
throw $e;
}
}
public function getUnreadNotificationList($limit = NULL)
{
$userLogged = SessionUtils::getUserLogged();
if (is_null($limit)) {
$query = "select * from sat_notify where SUBJECT_ID = " . $userLogged->getUserId() . " and IS_READ = 0 order by sent_at desc ";
} else {
$query = "select * from sat_notify where SUBJECT_ID = " . $userLogged->getUserId() . " and IS_READ = 0 order by sent_at desc ";
}
try {
$objectArray = $this->getDB()->execQuery($query);
if (is_null($objectArray)) {
return NULL;
} else {
$objectListDTO = DataModelUtils::getObjectList(NOTIFICATIONDTO, $objectArray);
return $objectListDTO;
}
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (Exception $e) {
throw $e;
}
}
public function confirmFriendshipModel($notificationId, $userForm)
{
$formObjRaw = new FormDTO(CONFIRM_FRIENDSHIP_FORM, $userForm);
$formObjRaw->setSubElementId($notificationId);
try {
$formDataObj = $formObjRaw->getFormData();
$friendDAO = new FriendsDAO();
$result = $friendDAO->confirmFriendship($formDataObj[CONFIRM_FRIENDSHIP_FORM . FRIENDID]);
$userDAO = new UserDAO();
$friendDTO = $userDAO->getUserByUserId($formDataObj[CONFIRM_FRIENDSHIP_FORM . FRIENDID]);
$friendDTO->setPassword(NULL);
$notificationDAO = new NotificationDAO();
$result = $notificationDAO->setNotificationAsRead($formDataObj[CONFIRM_FRIENDSHIP_FORM . NOTIFICATIONID]);
SessionUtils::addFriendInUserLoggedFriendList($friendDTO, date(DATE_FORMAT));
DataModelUtils::notifyAction($friendDTO->getUserId() . SEPARATOR . $friendDTO->getUserName(), CONFIRM_FRIENDSHIP_FORM);
return $friendDTO;
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (Exception $e) {
throw $e;
}
}
public function getFriendsList($userProfile)
{
if (!SessionUtils::isAdmin()) {
$query = "select ut.*, pt.*, tmp.FRIENDSSINCE \n from sat_user ut, sat_photo pt, ( \n select FRIENDID as USERID,FRIENDSSINCE \n from sat_user_friends \n where USERID = {$userProfile} \n UNION \n select USERID, FRIENDSSINCE \n from sat_user_friends \n where FRIENDID = {$userProfile} \n ) tmp \n where ut.profilephoto = pt.photoid and tmp.USERID = ut.USERID";
} else {
$query = "select distinct ut.*, pt.*, NULL AS FRIENDSSINCE from sat_user ut, sat_photo pt where ut.role <> 'ADMIN' and ut.profilephoto = pt.photoid ";
}
try {
$this->userAutentication();
$objectArray = $this->getDB()->execQuery($query);
if (is_null($objectArray)) {
return NULL;
} else {
$objectListDTO = DataModelUtils::getObjectList(FRIENDSDTO, $objectArray);
return $objectListDTO;
}
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (Exception $e) {
throw $e;
}
}
public function deleteUser($userId)
{
try {
$model = $this->getModel();
$deletedUser = $model->deleteUserModel($userId);
FileUtils::deleteAlbumDirOnServer($userId, NULL);
if (isset($_POST[JAVASCRIPT_ON]) && $_POST[JAVASCRIPT_ON] === "Y") {
echo json_encode($deletedUser->jsonSerialize());
} else {
$responseDTO = new ResponseDTO(DELETE_USER_FORM);
$responseDTO->setResponseSucc("Utente eliminato con successo");
SessionUtils::setError($responseDTO);
header("Location: " . URL . USERLIST_CONTROLLER);
exit;
}
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (UserNotAuthenticatedExceptionDTO $authExp) {
parent::userNotLogged($authExp);
} catch (Exception $e) {
throw $e;
}
}
public static function getNotificationMessage($object, $context, $direction = NULL)
{
$message = "";
$userLogged = SessionUtils::getUserLogged();
if ($context === REGISTRATION_FORM) {
$user = explode(SEPARATOR, $object);
$message = '<label><a href="' . URL . PROFILE_CONTROLLER . INDEX . $user[0] . '">' . $user[1] . '</a> si vuole registrare su sharetrip.com</label>';
} else {
if ($context === PROFILE_SETTINGS_PHOTO_FORM) {
$userProfilePhotoDTO = explode(SEPARATOR, $object);
$message = '<label><a href="' . URL . PROFILE_SETTINGS_CONTROLLER . INDEX . $userLogged->getUserId() . '">' . $userLogged->getUsername() . '</a> ha cambiato la propria foto del profilo</label>';
} else {
if ($context === ADD_ALBUM_FORM) {
$album = explode(SEPARATOR, $object);
$message = '<label><a href="' . URL . PROFILE_CONTROLLER . INDEX . $userLogged->getUserId() . '"><label>' . $userLogged->getUsername() . '</a> ha aggiunto l\' album ' . '<a href="' . URL . ALBUM_CONTROLLER . INDEX . $album[2] . "/" . $userLogged->getUserId() . '">' . $album[3] . '</a></label>';
} else {
if ($context === CHANGE_SETTINGS_FORM) {
$message = '<label><a href="' . URL . PROFILE_SETTINGS_CONTROLLER . INDEX . $userLogged->getUserId() . '"><label>' . $userLogged->getUsername() . '</a> ha modificato alcune info del profilo.</label>';
} else {
if ($context === WRITE_POST_FORM) {
$post = explode(SEPARATOR, $object);
$message = "";
if ($userLogged->getUserId() === $post[2]) {
$message = '<label><a href="' . URL . PROFILE_CONTROLLER . INDEX . $userLogged->getUserId() . '">' . $userLogged->getUsername() . '</a> ha scritto un nuovo <a href="' . URL . PROFILE_CONTROLLER . INDEX . $post[0] . '/' . $post[1] . '/' . $post[2] . '"> post </a> sulla sua bacheca</label>';
} else {
$message = '<label><a href="' . URL . PROFILE_CONTROLLER . INDEX . $userLogged->getUserId() . '"><label>' . $userLogged->getUsername() . '</a> ha scritto un nuovo <a href="' . URL . PROFILE_CONTROLLER . INDEX . $post[0] . '/' . $post[1] . '/' . $post[2] . '"> post </a> sulla bacheca di <a href="' . URL . PROFILE_CONTROLLER . INDEX . $post[2] . '">' . $post[3] . '</a></label>';
}
} else {
if ($context === WRITE_COMMENT_FORM) {
$comment = explode(SEPARATOR, $object);
$message = '<label><a href="' . URL . PROFILE_CONTROLLER . INDEX . $userLogged->getUserId() . '">' . $userLogged->getUsername() . '</a> ha commentato un <a href="' . URL . PROFILE_CONTROLLER . INDEX . $comment[1] . '/' . $comment[2] . '/' . $comment[3] . '/' . $comment[0] . '"> post </a></label>.';
} else {
if ($context === ADD_PHOTO_FORM) {
$album = explode(SEPARATOR, $object);
$message = '<label><a href="' . URL . PROFILE_CONTROLLER . INDEX . $userLogged->getUserId() . '">' . $userLogged->getUsername() . '</a> ha aggiunto una nuova <a href="' . URL . PHOTO_CONTROLLER . INDEX . $album[2] . '/' . $album[0] . '/' . $userLogged->getUserId() . '">foto</a> nell\' <a href="' . URL . ALBUM_CONTROLLER . INDEX . $album[2] . '/' . $userLogged->getUserId() . '"> album </a></label>';
} else {
if ($context === ADD_FRIEND_FORM) {
$friend = explode(SEPARATOR, $object);
$message = '<label><a href="' . URL . PROFILE_CONTROLLER . INDEX . $userLogged->getUserId() . '">' . $userLogged->getUsername() . '</a> vuole stringere amicizia con te</label>';
} else {
if ($context === CONFIRM_FRIENDSHIP_FORM) {
$friend = explode(SEPARATOR, $object);
if ($direction === TOMYSELF) {
$message = '<label>Hai stretto amicizia con <a href="' . URL . PROFILE_CONTROLLER . INDEX . $friend[0] . '">' . $friend[1] . '</a><label>';
} else {
if ($direction === TOMINENEWFRIEND) {
$message = '<label><a href="' . URL . PROFILE_CONTROLLER . INDEX . $userLogged->getUserId() . '">' . $userLogged->getUsername() . '</a> ha stretto amicizia con te.</label>';
} else {
if ($direction === TOMYFRIENDSLIST) {
$message = '<label><a href="' . URL . PROFILE_CONTROLLER . INDEX . $userLogged->getUserId() . '">' . $userLogged->getUsername() . '</a> ha stretto amicizia con <a href="' . URL . PROFILE_CONTROLLER . INDEX . $friend[0] . '">' . $friend[1] . '</a></label>';
} else {
if ($direction === TOMINENEWFRIENDFRIENDLIST) {
$message = '<label><a href="' . URL . PROFILE_CONTROLLER . INDEX . $friend[0] . '">' . $friend[1] . '</a> ha stretto amicizia con <a href="' . URL . PROFILE_CONTROLLER . INDEX . $userLogged->getUserId() . '">' . $userLogged->getUsername() . '</a></label>';
}
}
}
}
}
}
}
}
}
}
}
}
}
return $message;
}
<?php
include "config.base.php";
include "include.common.php";
if (defined('MODULE_PATH')) {
SessionUtils::saveSessionObject("modulePath", MODULE_PATH);
}
define('CLIENT_PATH', dirname(__FILE__));
include CLIENT_PATH . "/include.common.php";
include CLIENT_PATH . "/server.includes.inc.php";
$user = SessionUtils::getSessionObject('user');
$profileCurrent = null;
$profileSwitched = null;
$profileClass = ucfirst(SIGN_IN_ELEMENT_MAPPING_FIELD_NAME);
$profileVar = SIGN_IN_ELEMENT_MAPPING_FIELD_NAME;
if (!empty($user->{$profileVar})) {
$profileCurrent = BaseService::getInstance()->getElement($profileClass, $user->{$profileVar}, null, true);
if (!empty($profileCurrent)) {
$profileCurrent = FileService::getInstance()->updateProfileImage($profileCurrent);
}
}
if ($user->user_level == 'Admin' || $user->user_level == 'Manager') {
$switchedEmpId = BaseService::getInstance()->getCurrentProfileId();
if ($switchedEmpId != $user->{$profileVar} && !empty($switchedEmpId)) {
$profileSwitched = BaseService::getInstance()->getElement($profileClass, $switchedEmpId, null, true);
if (!empty($profileSwitched)) {
$profileSwitched = FileService::getInstance()->updateProfileImage($profileSwitched);
}
}
}
$activeProfile = null;
private function init()
{
$urlArray = $this->getUrlArray();
if (is_null($urlArray)) {
$userLogged = SessionUtils::getUserLogged();
if (!is_null($userLogged)) {
//
header('Location: ' . URL . SessionUtils::getLastPageVisited());
exit;
} else {
if (isset($_COOKIE[SHAREATRIPCOOKIE])) {
header('Location: ' . URL . LOGIN_CONTROLLER . 'autoLogin');
exit;
} else {
header('Location: ' . URL . LOGIN_CONTROLLER);
exit;
}
}
} else {
if ($urlArray[1] === 'index') {
if ($urlArray[0] === 'Profile') {
if (!is_null($urlArray[5])) {
SessionUtils::setPost($urlArray[2]);
SessionUtils::setAuthorId($urlArray[3]);
SessionUtils::setDashboardId($urlArray[4]);
SessionUtils::setComment($urlArray[5]);
} else {
if (!is_null($urlArray[4])) {
SessionUtils::setPost($urlArray[2]);
SessionUtils::setAuthorId($urlArray[3]);
SessionUtils::setDashboardId($urlArray[4]);
} else {
if (!is_null($urlArray[2])) {
SessionUtils::setPost(NULL);
SessionUtils::setAuthorId(NULL);
SessionUtils::setDashboardId($urlArray[2]);
}
}
}
header("Location: " . URL . PROFILE_CONTROLLER);
exit;
} else {
if ($urlArray[0] === 'Photo') {
if (!is_null($urlArray[4])) {
SessionUtils::setAlbumId($urlArray[2]);
SessionUtils::setPhotoId($urlArray[3]);
SessionUtils::setDashboardId($urlArray[4]);
} else {
if (!is_null($urlArray[3])) {
SessionUtils::setAlbumId($urlArray[2]);
SessionUtils::setDashboardId($urlArray[3]);
} else {
if (!is_null($urlArray[2])) {
SessionUtils::setAlbumId($urlArray[2]);
}
}
}
header("Location: " . URL . PHOTO_CONTROLLER);
exit;
} else {
if ($urlArray[0] === 'Album') {
if (!is_null($urlArray[3])) {
SessionUtils::setAlbumId($urlArray[2]);
SessionUtils::setDashboardId($urlArray[3]);
}
header("Location: " . URL . ALBUM_CONTROLLER);
exit;
} else {
if ($urlArray[0] === 'ProfileSettings') {
SessionUtils::setDashboardId($urlArray[2]);
header("Location: " . URL . PROFILE_SETTINGS_CONTROLLER);
exit;
}
}
}
}
}
$url = new UrlDTO($urlArray);
$this->loadController($url->getController());
$this->callControllerMethod($url);
}
}
public function setCurrentAdminProfile($profileId)
{
if (!class_exists('SessionUtils')) {
include APP_BASE_PATH . "include.common.php";
}
if ($profileId == "-1") {
SessionUtils::saveSessionObject('admin_current_profile', null);
return;
}
if ($this->currentUser->user_level == 'Admin') {
SessionUtils::saveSessionObject('admin_current_profile', $profileId);
} else {
if ($this->currentUser->user_level == 'Manager') {
$signInMappingField = SIGN_IN_ELEMENT_MAPPING_FIELD_NAME;
$signInMappingFieldTable = ucfirst($signInMappingField);
$subordinate = new $signInMappingFieldTable();
$signInMappingField = SIGN_IN_ELEMENT_MAPPING_FIELD_NAME;
$subordinates = $subordinate->Find("supervisor = ?", array($this->currentUser->{$signInMappingField}));
$subFound = false;
foreach ($subordinates as $sub) {
if ($sub->id == $profileId) {
$subFound = true;
break;
}
}
if (!$subFound) {
return;
}
SessionUtils::saveSessionObject('admin_current_profile', $profileId);
}
}
}
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Parpaing is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Parpaing. If not, see <http://www.gnu.org/licenses/>.
*/
session_start();
require_once "config/config.php";
require_once "engine/utils/SessionUtils.php";
if (!SessionUtils::isConnected($_SESSION)) {
exit;
}
$path = "/";
if (isset($_REQUEST["path"])) {
$path = $_REQUEST["path"];
if (strpos($path, "..") !== false) {
exit;
}
}
$fullpath = $config["parpaing"]["root_directory"] . $path;
$filename = substr($fullpath, strrpos($fullpath, "/") + 1);
if (file_exists($fullpath) && is_file($fullpath)) {
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-Disposition: attachment; filename=\"{$filename}\"");
function login($login, $password, &$session = null)
{
$args = array("login" => $login);
$query = "\tSELECT *\n\t\t\t\t\tFROM accounts\n\t\t\t\t\tJOIN persons ON acc_person_id = per_id\n\t\t\t\t\tLEFT JOIN ticketers ON acc_id = tic_account_id\n\t\t\t\t\tWHERE (acc_login = :login OR per_mail = :login) AND 1 = 1 ";
$statement = $this->pdo->prepare($query);
$statement->execute($args);
$results = $statement->fetchAll();
foreach ($results as $index => $line) {
foreach ($line as $key => $value) {
if (is_int($key)) {
unset($results[$index][$key]);
}
}
}
if (count($results)) {
$account = $results[0];
// error_log($account["acc_password"] . " vs " . AccountBo::computePassword($password));
if ($account["acc_password"] == AccountBo::computePassword($password)) {
if (is_array($session)) {
SessionUtils::login($session, $account);
}
return $account;
}
}
return false;
}
<div id="photoCurtain">
<button class="btn btn-info " id="closePhotoButton" name="closePhotoButton" type="button">
<span class="glyphicon glyphicon-remove"></span>
</button>
<div id="fullScreenPhotoDiv">
<img id="fullScreenImg" src="#" alt=""/>
</div>
</div>
<div id="content" class="container container-fluid">
<div>
<?php
$navigationItemSelected = SessionUtils::getNavigationSelectedItem();
$userLogged = SessionUtils::getUserLogged();
if (!is_null($userLogged)) {
?>
<nav class="navbar">
<ul id="headerNavItem" class="nav nav-tabs">
<li>
<a href="<?php
echo URL . HOME_CONTROLLER;
?>
">
<span class="glyphicon glyphicon-home"></span>
<span class="headerNavItemName"></span>
</a>
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Ice Framework. If not, see <http://www.gnu.org/licenses/>.
------------------------------------------------------------------
Original work Copyright (c) 2012 [Gamonoid Media Pvt. Ltd]
Developer: Thilina Hasantha (thilina.hasantha[at]gmail.com / facebook.com/thilinah)
*/
define('CLIENT_PATH', dirname(__FILE__));
include "config.base.php";
include "include.common.php";
$modulePath = SessionUtils::getSessionObject("modulePath");
if (!defined('MODULE_PATH')) {
define('MODULE_PATH', $modulePath);
}
include "server.includes.inc.php";
if ($_REQUEST['a'] != "rsp" && $_REQUEST['a'] != "rpc") {
if (empty($user)) {
if ($_REQUEST['a'] == 'na') {
$ret['message'] = "";
if (empty($_REQUEST['employee'])) {
$ret['status'] = "ERROR";
$ret['message'] .= "Select an Employee.<br/>";
}
if (empty($_REQUEST['username'])) {
$ret['status'] = "ERROR";
$ret['message'] .= "Enter Username.<br/>";
function logout()
{
SessionUtils::logout();
header("Location: " . URL . LOGIN_CONTROLLER);
exit;
}
public function searchUser()
{
$model = $this->getModel();
$searchCriteriaFormAjax = NULL;
$jsonUserDTOList = [];
try {
if (isset($_GET["searchForm"])) {
$searchCriteriaFormAjax = json_decode($_GET["searchForm"], true);
$foundedResources = $model->searchResourceModel($searchCriteriaFormAjax);
for ($i = 0; $i < sizeof($foundedResources); $i++) {
$index = 'friends' . $i;
$jsonUserDTOList[$index] = $foundedResources[$index]->jsonSerialize();
}
echo json_encode($jsonUserDTOList);
} else {
$foundedResources = $model->searchResourceModel($searchCriteriaFormAjax);
if (get_class($foundedResources) === RESPONSEDTO) {
SessionUtils::setError($foundedResources);
} else {
if (!is_null($foundedResources)) {
$responseDTO = new ResponseDTO(SEARCH_USER_FORM);
$responseDTO->setResponseSucc($foundedResources);
SessionUtils::setError($responseDTO);
}
}
header("Location: " . URL . FRIENDS_CONTROLLER);
exit;
}
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (UserNotAuthenticatedExceptionDTO $authExp) {
parent::userNotLogged($authExp);
} catch (Exception $e) {
throw $e;
}
}
public static function checkBoolean($key){
$_SESSION[$key]=!SessionUtils::getBoolean($key);
return $_SESSION[$key];
}
</div>
<div class="errorDiv" id="add_photo_<?php
echo $photoId;
?>
_response" >
<?php
echo $this->getArg("add_photo_" . $photoId . "_response");
?>
</div>
</div>
</div>
<?php
}
} else {
if ($this->getArg('userCanWrite') && !SessionUtils::isAdmin()) {
?>
<div id="no_photo" class="col-xs-12 col-sm-12 col-md-12 col-lg-12">
Non è presente nessuna foto. aggiungila!
</div>
<?php
}
}
?>
</div>
</div>
</div>
public function denyFriendship($notificationId)
{
try {
$userLogged = SessionUtils::getUserLogged();
$deleteFriendAjax = NULL;
$model = $this->getModel();
if (isset($_POST["denyFriendshipForm"])) {
$deleteFriendAjax = json_decode($_POST["denyFriendshipForm"], true);
$deletedFriend = $model->denyFriendshipModel($notificationId, $deleteFriendAjax);
echo json_encode($deletedFriend->jsonSerialize());
} else {
$deletedFriend = $model->denyFriendshipModel($notificationId, $deleteFriendAjax);
SessionUtils::setError($responseDTO);
header("Location: " . URL . NOTIFICATION_CONTROLLER);
exit;
}
} catch (PDOException $pdoe) {
throw $pdoe;
} catch (Exception $e) {
throw $e;
}
}
