public function register()
{
if (isset($_GET['returnto']) && Strings::startsWith($_GET['returnto'], '/')) {
$returnto = $_GET['returnto'];
} else {
$returnto = (string) new URL();
}
$query = db()->table('attribute')->get('writable', array('public', 'groups', 'related', 'me'));
$query->addRestriction('required', true);
$attributes = $query->fetchAll();
try {
if (!$this->request->isPost()) {
throw new HTTPMethodException();
}
/*
* We need to validate the data the user sends. This is a delicate process
* and therefore requires quite a lot of attention
*/
$validatorUsername = validate()->addRule(new MinLengthValidationRule(4, 'Username must be more than 3 characters'));
$validatorUsername->addRule(new RegexValidationRule('/^[a-zA-z][a-zA-z0-9\\-\\_]+$/', 'Username must only contain characters, numbers, underscores and hyphens'));
$validatorEmail = validate()->addRule(new FilterValidationRule(FILTER_VALIDATE_EMAIL, 'Invalid email found'));
$validatorPassword = validate()->addRule(new MinLengthValidationRule(8, 'Password must have 8 or more characters'));
validate($validatorEmail->setValue(_def($_POST['email'], '')), $validatorUsername->setValue(_def($_POST['username'], '')), $validatorPassword->setValue(_def($_POST['password'], '')));
if (db()->table('username')->get('name', $_POST['username'])->addRestriction('expires', null, 'IS')->fetch()) {
throw new ValidationException('Username is taken', 0, array('Username is taken'));
}
if (db()->table('user')->get('email', $_POST['email'])->fetch()) {
throw new ValidationException('Email is taken', 0, array('Email is already in use'));
}
/**
* Once we validated the data, let's move onto the next step, store the
* data.
*/
$user = db()->table('user')->newRecord();
$user->email = $_POST['email'];
$user->password = $_POST['password'];
$user->verified = false;
$user->created = time();
$user->store();
$username = db()->table('username')->newRecord();
$username->user = $user;
$username->name = $_POST['username'];
$username->store();
foreach ($attributes as $attribute) {
$userattribute = db()->table('user\\attribute')->newRecord();
$userattribute->user = $user;
$userattribute->attr = $attribute;
$userattribute->value = $_POST[$attribute->_id];
$userattribute->store();
}
$s = Session::getInstance();
$s->lock($user->_id);
return $this->response->getHeaders()->redirect($returnto);
} catch (HTTPMethodException $e) {
/*Do nothing, we'll show the form*/
} catch (ValidationException $e) {
$this->view->set('messages', $e->getResult());
}
$this->view->set('attributes', $attributes);
}
/**
*
* GET Parameters:
* - appId - Id of the app trying to relay the message
* - appSecret - App Secret to authenticate the App
* - userId - Either a valid email or a user id
*
* @todo Introduce email permissions for certain applications
* @param int $userid Deprecated, do not use
* @throws PublicException
* @throws Exception
* @throws HTTPMethodException
*/
public function send($userid = null)
{
//TODO: Add search by username
try {
#Check if the request is post and subject and body are not empty
if (!$this->request->isPost()) {
throw new HTTPMethodException();
}
/*
* Retrieve the email / userId from the request. This should either be posted
* or getted.
*/
$userid = isset($_GET['to']) ? $_GET['to'] : _def($_POST['to'], $userid);
/*
* We check whether we received any data at all via POST for the recipient.
* We can obviously not relay any email to any user if we don't know where
* to send it to.
*/
if (!$userid) {
throw new PublicException('This enpoint requires a recipient');
}
/*
* Get the application authorizing the email. Although we do not log this
* right now, it's gonna be invaluable to help determining whether an app
* was compromised and is sending garbage.
*/
if (!$this->token) {
$app = db()->table('authapp')->get('appID', $_GET['appId'])->addRestriction('appSecret', $_GET['appSecret'])->fetch();
} else {
$app = $this->token->app;
}
if (!$app) {
throw new Exception('Could not authenticate the application trying to send the email');
}
/*
* Determine what kind of id you were sent to determine where to send the
* email to.
*/
if (filter_var($userid, FILTER_VALIDATE_EMAIL)) {
$email = $userid;
} elseif (is_numeric($userid)) {
$user = db()->table('user')->get('_id', _def($_POST['to'], $userid))->fetch();
$email = $user->email;
}
$vsubject = validate()->addRule(new EmptyValidationRule('Subject cannot be empty'));
$vcontent = validate()->addRule(new EmptyValidationRule('Message body cannot be empty'));
validate($vsubject->setValue($_POST['subject']), $vcontent->setValue($_POST['body']));
#Create the message and put it into the message queue
EmailModel::queue($email, $vsubject->getValue(), $vcontent->getValue())->store();
#Everything was okay - that's it. The email will be delivered later
} catch (ValidationException $e) {
$this->view->set('errors', $e->getResult());
} catch (HTTPMethodException $e) {
//Do nothing, we'll serve it with get
}
}
public function attribute($attrid)
{
if (!$this->user) {
throw new PublicException('Need to be logged in', 403);
}
/*
* Check if the attribute exists and is writable. This should prevent users
* from causing vandalism on the site.
*/
$attribute = db()->table('attribute')->get('_id', $attrid)->fetch();
if (!$attribute || $attribute->writable === 'nem') {
throw new Exception('No property found', 404);
}
$attributeValue = db()->table('user\\attribute')->get('user', $this->user)->addRestriction('attr', $attribute)->fetch();
if ($this->request->isPost()) {
/*
* It may happen that this user never defined this attribute, in this
* case, we're creating it.
*/
if ($attributeValue === null) {
$attributeValue = db()->table('user\\attribute')->newRecord();
$attributeValue->user = $this->user;
$attributeValue->attr = $attribute;
}
$v = validate();
if ($attribute->required) {
$v->addRule(new EmptyValidationRule('Value cannot be empty'));
}
$value = _def($_POST['value'], '');
#Validate the new value
validate($v->setValue($value));
$attributeValue->value = $value;
$attributeValue->store();
return $this->response->getHeaders()->redirect(new URL());
}
$this->view->set('attribute', $attribute);
$this->view->set('value', $attributeValue ? $attributeValue->value : '');
}
<div class="spacer" style="height: 50px"></div>
<form class="condensed standalone" method="POST">
<div class="description">
Enter your new username below to change it. Your old username will be kept
as an alias for 3 months before it expires.
</div>
<input type="text" name="username" placeholder="Your new username" value="<?php
echo __(_def($_POST['username'], ''));
?>
">
<?php
if (isset($messages) && is_array($messages)) {
foreach ($messages as $message) {
?>
<div class="error message"><?php
echo $message;
?>
</div>
<?php
}
}
?>
<input type="submit" value="Store">
</form>
