/** * Create a new api key. * * @param userid TODO * @param comment TODO * @param access_level TODO * @return the new key */ public static function create_apikey($userid, $comment, $access_level) { $CI =& get_instance(); $valid_levels = $CI->muser->get_access_levels(); if (array_search($access_level, $valid_levels) === false) { throw new \exceptions\UserInputException("user/validation/access_level/invalid", "Invalid access levels requested."); } if (strlen($comment) > 255) { throw new \exceptions\UserInputException("user/validation/comment/too-long", "Comment may only be 255 chars long."); } $key = random_alphanum(32); $CI->db->set(array('key' => $key, 'user' => $userid, 'comment' => $comment, 'access_level' => $access_level))->insert('apikeys'); return $key; }
function new_id($min = 3, $max = 6) { static $id_blacklist = NULL; if ($id_blacklist == NULL) { // This prevents people from being unable to access their uploads // because of URL rewriting $id_blacklist = scandir(FCPATH); $id_blacklist[] = "file"; $id_blacklist[] = "user"; } $max_tries = 100; for ($try = 0; $try < $max_tries; $try++) { $id = random_alphanum($min, $max); if ($this->id_exists($id) || in_array($id, $id_blacklist)) { continue; } return $id; } throw new \exceptions\PublicApiException("file/new_id-try-limit", "Failed to find unused ID after {$max_tries} tries"); }
/** * Returns an unused ID * * @param min minimal length of the resulting ID * @param max maximum length of the resulting ID */ public function new_id($min = 3, $max = 6) { static $id_blacklist = NULL; if ($id_blacklist == NULL) { // This prevents people from being unable to access their uploads // because of URL rewriting $id_blacklist = scandir(FCPATH); $id_blacklist[] = "file"; $id_blacklist[] = "user"; } $max_tries = 100; for ($try = 0; $try < $max_tries; $try++) { $id = "m-" . random_alphanum($min, $max); // TODO: try to insert the id into file_groups instead of checking with // id_exists (prevents race conditio) if ($this->id_exists($id) || in_array($id, $id_blacklist)) { continue; } $this->db->insert("multipaste", array("url_id" => $id, "user_id" => $this->muser->get_userid(), "date" => time())); return $id; } throw new \exceptions\PublicApiException("file/new_id-try-limit", "Failed to find unused ID after {$max_tries} tries"); }
private function _save_profile() { $this->muser->require_access(); $old = $this->muser->get_profile_data(); /* * Key = name of the form field * Value = function that sanatizes the value and returns it * TODO: some kind of error handling that doesn't loose correctly filled out fields */ $value_processor = array(); $alerts = array(); $value_processor["upload_id_limits"] = function ($value) { $values = explode("-", $value); if (!is_array($values) || count($values) != 2) { throw new \exceptions\PublicApiException("user/profile/invalid-upload-id-limit", "Invalid upload id limit value"); } $lower = intval($values[0]); $upper = intval($values[1]); if ($lower > $upper) { throw new \exceptions\PublicApiException("user/profile/lower-bigger-than-upper", "lower limit > upper limit"); } if ($lower < 3 || $upper > 64) { throw new \exceptions\PublicApiException("user/profile/limit-out-of-bounds", "upper or lower limit out of bounds (3-64)"); } return $lower . "-" . $upper; }; $value_processor["email"] = function ($value) use($old, &$alerts) { if (!$this->duser->is_implemented("can_change_email")) { return null; } if ($value === $old["email"]) { return null; } $this->load->helper("email"); if (!valid_email($value)) { throw new \exceptions\PublicApiException("user/profile/invalid-email", "Invalid email"); } $this->load->library("email"); $keys = array("old" => random_alphanum(12, 16), "new" => random_alphanum(12, 16)); $emails = array(array("key" => $keys['old'], "email" => $old['email'], "user" => $this->muser->get_userid()), array("key" => $keys['new'], "email" => $value, "user" => $this->muser->get_userid())); foreach ($emails as $email) { $key = $email['key']; $this->db->set(array('key' => $key, 'user' => $this->muser->get_userid(), 'date' => time(), 'action' => 'change_email', 'data' => json_encode(array('old_email' => $old['email'], 'new_email' => $value, 'keys' => $keys))))->insert('actions'); $this->email->from($this->config->item("email_from")); $this->email->to($email['email']); $this->email->subject("FileBin email change confirmation"); $this->email->message("" . "A request has been sent to change the email address of account '{$old["username"]}'\n" . "from " . $old['email'] . " to {$value}.\n" . "\n" . "Please follow this link to CONFIRM the change:\n" . site_url("user/change_email/{$key}/confirm") . "\n\n" . "Please follow this link to REJECT the change:\n" . site_url("user/change_email/{$key}/reject") . "\n\n"); $this->email->send(); $this->email->clear(); } $alerts[] = array("type" => "info", "message" => "Reset and confirmation emails have been sent to your new and old address. Until your new address is confirmed the old one will be displayed and used."); return null; }; $data = array(); foreach (array_keys($value_processor) as $field) { $value = $this->input->post($field); if ($value !== false) { $new_value = $value_processor[$field]($value); if ($new_value !== null) { $data[$field] = $new_value; } } } if (!empty($data)) { $this->muser->update_profile($data); } $alerts[] = array("type" => "success", "message" => "Changes saved"); $this->data["alerts"] = $alerts; return true; }