/**
* Create a new api key.
*
* @param userid TODO
* @param comment TODO
* @param access_level TODO
* @return the new key
*/
public static function create_apikey($userid, $comment, $access_level)
{
$CI =& get_instance();
$valid_levels = $CI->muser->get_access_levels();
if (array_search($access_level, $valid_levels) === false) {
throw new \exceptions\UserInputException("user/validation/access_level/invalid", "Invalid access levels requested.");
}
if (strlen($comment) > 255) {
throw new \exceptions\UserInputException("user/validation/comment/too-long", "Comment may only be 255 chars long.");
}
$key = random_alphanum(32);
$CI->db->set(array('key' => $key, 'user' => $userid, 'comment' => $comment, 'access_level' => $access_level))->insert('apikeys');
return $key;
}
function new_id($min = 3, $max = 6)
{
static $id_blacklist = NULL;
if ($id_blacklist == NULL) {
// This prevents people from being unable to access their uploads
// because of URL rewriting
$id_blacklist = scandir(FCPATH);
$id_blacklist[] = "file";
$id_blacklist[] = "user";
}
$max_tries = 100;
for ($try = 0; $try < $max_tries; $try++) {
$id = random_alphanum($min, $max);
if ($this->id_exists($id) || in_array($id, $id_blacklist)) {
continue;
}
return $id;
}
throw new \exceptions\PublicApiException("file/new_id-try-limit", "Failed to find unused ID after {$max_tries} tries");
}
/**
* Returns an unused ID
*
* @param min minimal length of the resulting ID
* @param max maximum length of the resulting ID
*/
public function new_id($min = 3, $max = 6)
{
static $id_blacklist = NULL;
if ($id_blacklist == NULL) {
// This prevents people from being unable to access their uploads
// because of URL rewriting
$id_blacklist = scandir(FCPATH);
$id_blacklist[] = "file";
$id_blacklist[] = "user";
}
$max_tries = 100;
for ($try = 0; $try < $max_tries; $try++) {
$id = "m-" . random_alphanum($min, $max);
// TODO: try to insert the id into file_groups instead of checking with
// id_exists (prevents race conditio)
if ($this->id_exists($id) || in_array($id, $id_blacklist)) {
continue;
}
$this->db->insert("multipaste", array("url_id" => $id, "user_id" => $this->muser->get_userid(), "date" => time()));
return $id;
}
throw new \exceptions\PublicApiException("file/new_id-try-limit", "Failed to find unused ID after {$max_tries} tries");
}
private function _save_profile()
{
$this->muser->require_access();
$old = $this->muser->get_profile_data();
/*
* Key = name of the form field
* Value = function that sanatizes the value and returns it
* TODO: some kind of error handling that doesn't loose correctly filled out fields
*/
$value_processor = array();
$alerts = array();
$value_processor["upload_id_limits"] = function ($value) {
$values = explode("-", $value);
if (!is_array($values) || count($values) != 2) {
throw new \exceptions\PublicApiException("user/profile/invalid-upload-id-limit", "Invalid upload id limit value");
}
$lower = intval($values[0]);
$upper = intval($values[1]);
if ($lower > $upper) {
throw new \exceptions\PublicApiException("user/profile/lower-bigger-than-upper", "lower limit > upper limit");
}
if ($lower < 3 || $upper > 64) {
throw new \exceptions\PublicApiException("user/profile/limit-out-of-bounds", "upper or lower limit out of bounds (3-64)");
}
return $lower . "-" . $upper;
};
$value_processor["email"] = function ($value) use($old, &$alerts) {
if (!$this->duser->is_implemented("can_change_email")) {
return null;
}
if ($value === $old["email"]) {
return null;
}
$this->load->helper("email");
if (!valid_email($value)) {
throw new \exceptions\PublicApiException("user/profile/invalid-email", "Invalid email");
}
$this->load->library("email");
$keys = array("old" => random_alphanum(12, 16), "new" => random_alphanum(12, 16));
$emails = array(array("key" => $keys['old'], "email" => $old['email'], "user" => $this->muser->get_userid()), array("key" => $keys['new'], "email" => $value, "user" => $this->muser->get_userid()));
foreach ($emails as $email) {
$key = $email['key'];
$this->db->set(array('key' => $key, 'user' => $this->muser->get_userid(), 'date' => time(), 'action' => 'change_email', 'data' => json_encode(array('old_email' => $old['email'], 'new_email' => $value, 'keys' => $keys))))->insert('actions');
$this->email->from($this->config->item("email_from"));
$this->email->to($email['email']);
$this->email->subject("FileBin email change confirmation");
$this->email->message("" . "A request has been sent to change the email address of account '{$old["username"]}'\n" . "from " . $old['email'] . " to {$value}.\n" . "\n" . "Please follow this link to CONFIRM the change:\n" . site_url("user/change_email/{$key}/confirm") . "\n\n" . "Please follow this link to REJECT the change:\n" . site_url("user/change_email/{$key}/reject") . "\n\n");
$this->email->send();
$this->email->clear();
}
$alerts[] = array("type" => "info", "message" => "Reset and confirmation emails have been sent to your new and old address. Until your new address is confirmed the old one will be displayed and used.");
return null;
};
$data = array();
foreach (array_keys($value_processor) as $field) {
$value = $this->input->post($field);
if ($value !== false) {
$new_value = $value_processor[$field]($value);
if ($new_value !== null) {
$data[$field] = $new_value;
}
}
}
if (!empty($data)) {
$this->muser->update_profile($data);
}
$alerts[] = array("type" => "success", "message" => "Changes saved");
$this->data["alerts"] = $alerts;
return true;
}
