/**
* Pour protéger la base de données. Fait appel à cleanInput($data) si $data n'est pas un tableau.
* @author Alban Truc
* @param array|string $data Données envoyées
* @since 19/02/2014
* @return array|mixed Données nettoyées
*/
function _sanitize($data)
{
$clean_input = array();
if (is_array($data)) {
foreach ($data as $key => $value) {
$clean_input[$key] = _sanitize($value);
}
} else {
if (get_magic_quotes_gpc()) {
$data = trim(stripslashes($data));
}
$data = trim(strip_tags($data));
$clean_input = _cleanInput($data);
}
return $clean_input;
}
/**
* Sanitize input values from POST
* @param mixed $post The value or The array of values being sanitized.
* @return mixed the cleaned value
*/
function _post($post)
{
if (is_array($post)) {
foreach ($post as $name => $value) {
if (is_array($value)) {
$post[$name] = _post($value);
} else {
$value = stripslashes($value);
$value = _sanitize($value);
$post[$name] = $value;
}
}
} else {
$value = stripslashes($post);
$value = _sanitize($value);
return $value;
}
return $post;
}
if (is_array($value)) {
foreach ($_POST[$key] as $postkey => $postvalue) {
$_POST[$key . '_' . $postkey] = $postvalue;
}
unset($_POST[$key]);
}
}
/**
* Clean all user submitted data of hack and SQL injection attempts
*/
if ($useSanitizer) {
$getSanitizePath = $_SERVER['DOCUMENT_ROOT'] . str_replace('//', '/', dirname($_SERVER['PHP_SELF']) . '/inc.sanitize.php');
if (file_exists($getSanitizePath)) {
require_once $getSanitizePath;
foreach ($_POST as $key => $value) {
$_POST[$key] = _sanitize($value);
}
}
}
/**
* 1. Convert all $_POST variables to a regular variable
* 2. Checks all $_POSTs for URL type input
* - will exit and not proceed if URL type input is found
* NOTE1: REQUIRED, PLEASE DO NOT CHANGE ... NEEDED TO SET VARIABLES PROPERLY
* NOTE2: Processing here because many of the settings can be altered by the form
* NOTE3: Processing here because External Config will also alter settings (after the form)
*/
foreach ($_POST as $key => $value) {
$key = strtolower($key);
$value = str_replace("\n", "<br />", $value);
$hacked = false;
if ($userManager->checkEmailAvailability($email) != FALSE) {
$accountId = new MongoId();
$userId = new MongoId();
//crypte le password
$password = $userManager->encrypt($password);
//@link http://www.php.net/manual/en/class.mongodate.php
$time = time();
$end = $time + 30 * 24 * 60 * 60;
// + 30 jours
//info compte
$account = array('_id' => $accountId, 'state' => new MongoInt32($state), 'idUser' => $userId, 'idRefPlan' => new MongoId($plan), 'storage' => (int) 0, 'ratio' => (int) 0, 'startDate' => new MongoDate($time), 'endDate' => new MongoDate($end));
$isAccountAdded = $accountManager->create($account);
//Si aucun pb apres ajout du compte, ajoute l'user, sinon suppresion de user
if ($isAccountAdded == TRUE) {
//infos user
$user = array('_id' => $userId, 'isAdmin' => $isAdmin, 'state' => new MongoInt32($state), 'idCurrentAccount' => $accountId, 'firstName' => _sanitize($firstname), 'lastName' => _sanitize($lastname), 'password' => $password, 'email' => $email, 'geolocation' => $geo, 'apiKey' => $userManager->generateGUID());
$isUserAdded = $userManager->create($user);
if ($isUserAdded != TRUE) {
//annule l'insertion de l'account
$removeAccount = $accountManager->remove($account);
if ($removeAccount == TRUE) {
$isUserAdded['error'] .= 'The account created for this user has been removed successfully.';
} else {
$isUserAdded['error'] .= 'The account created for this user has not been removed successfully: ' . $removeAccount;
}
//contient le détail de l'erreur de suppression
} else {
$message = 'User <strong>' . $firstname . '</strong> has been inserted in database';
$_SESSION['addUserMessage'] = $message;
header('Location: ../pages/users.php');
}
/**
* Get the upload directory name from REQUEST
* @param string $name The file element name
* @return mixed
*/
public static function getDirFromRequest($name)
{
return isset($_REQUEST[$name . '-dir']) ? _sanitize(base64_decode($_REQUEST[$name . '-dir'])) : '';
}
}
$userManager = new UserPdoManager();
$accountManager = new AccountPdoManager();
$planManager = new RefPlanPdoManager();
// $sDate = $userManager->formatMongoDate($startDate);
// $eDate = $userManager->formatMongoDate($endDate);
$account = $accountManager->findById($id);
//récupère l'idAccount
$user = $account->getUser();
//récupère l'idUser
$user = $userManager->findById($user);
//récupère ensuite les infos user byId
$criteriaAccount = array('_id' => new MongoId($account->getId()));
$criteriaUser = array('_id' => new MongoId($user->getId()));
$updateFieldAccount = array('$set' => array('startDate' => new MongoDate($startDate), 'endDate' => new MongoDate($endDate), 'idRefPlan' => new MongoId(_sanitize($plan)), 'state' => new MongoInt32(1)));
$updateFieldUser = array('$set' => array('firstName' => _sanitize($firstname), 'lastName' => _sanitize($lastname), 'password' => _sanitize($password), 'email' => _sanitize($email), 'geo' => _sanitize($geo), 'state' => new MongoInt32(1)));
$options = array('new' => true);
// var_dump($updateFieldAccount);
$editAccount = $accountManager->findAndModify($criteriaAccount, $updateFieldAccount, NULL, $options);
$editUser = $userManager->findAndModify($criteriaUser, $updateFieldUser, NULL, $options);
// var_dump($criteriaAccount);
// var_dump($criteriaUser);
// echo '</br>';
// echo '----------';
// var_dump($updateFieldAccount);
// var_dump($updateFieldUser);
// exit();
if ($editAccount && $editUser == TRUE) {
if (!array_key_exists('error', $editAccount)) {
$message = 'User' . ' <strong>' . $firstname . '</strong> ' . 'has been successfully modified';
$_SESSION['editUserMessage'] = $message;
/**
* Assign data to template
*
* Note:
*
* - Variables are tagged with %name% in templates
* - Variables provided by system by default:
* site_name,
* site_url,
* site_slogan,
* site_description,
* site_adminname,
* site_adminmail
*
* @param string $content
* @param array $vars
* @return string
*/
public function assignTemplate($content, $vars = array())
{
// Bind system variables
$systemVars = array('site_adminmail' => _sanitize(Pi::config('adminmail')), 'site_adminname' => _sanitize(Pi::config('adminname')), 'site_name' => _sanitize(Pi::config('sitename')), 'site_slogan' => _sanitize(Pi::config('slogan')), 'site_description' => _sanitize(Pi::config('description')), 'site_url' => Pi::url('www', true));
$vars = array_merge($systemVars, $vars);
// Assign variables
foreach ($vars as $key => $val) {
$content = str_replace('%' . $key . '%', $val, $content);
}
return $content;
}
$firstName = $_POST['firstName'];
$email = $_POST['email'];
$password = $_POST['password'];
$passwordConfirmation = $_POST['passwordConfirmation'];
if (!empty($_POST['geolocation'])) {
$geolocation = $_POST['geolocation'];
} else {
$geolocation = 'Not specified';
}
//Verifie si le champ correspondant a "nom" n'est pas vide, meme chose pour "password"
//S'il ne sont pas vide=> debut de la condition
if (!empty($name) && $password == $passwordConfirmation) {
if (chk_crypt($_POST['code'])) {
$userPdoManager = new UserPdoManager();
/*$result = $userPdoManager->register($name, $firstName, $email, $password, $passwordConfirmation, $geolocation);*/
$result = $userPdoManager->register(_sanitize($name), _sanitize($firstName), _sanitize($email), _sanitize($password), _sanitize($passwordConfirmation), _sanitize($geolocation));
//http://www.php.net/manual/en/function.array-key-exists.php
if (!array_key_exists('error', $result)) {
$registerOK = true;
$_SESSION['validMessageRegister'] = $registerOK;
//reste sur la page
header('Location:/Cubbyhole/view/register.php');
} else {
$_SESSION['errorMessageRegister'] = $result['error'];
header('Location:../view/register.php');
die;
}
} else {
$errorCaptcha = 'Error, invalid captcha';
$_SESSION['errorMessageCaptcha'] = $errorCaptcha;
header('Location:../view/register.php');
