public function __construct()
{
$this->redis = new Redis();
if (!$this->redis->connect(AppConfig::getValue('redis_socket'))) {
AppController::fatalError('unable to connect to Redis server');
}
}
public static function unauthorised($message = null)
{
if ($message) {
(new Log(SECURITY_LOG))->setFatal(true)->logMessage($message);
}
// Show a Friendly Error Page
$view = new HTMLView(true);
$view->includeTemplate('error.unauthorised', ['app_name' => AppConfig::getValue('app_name')]);
$view->render(true);
exit;
// terminate script (regardless of location)
}
private function connect()
{
// Set Connection Settings
$this->dbname = AppConfig::getValue('db_name');
$this->schema = AppConfig::getValue('db_schema');
$this->hostname = AppConfig::getValue('db_hostname');
$this->port = AppConfig::getValue('db_port');
$this->username = AppConfig::getValue('db_username');
$this->password = AppConfig::getValue('db_password');
try {
$this->handle = new PDO('pgsql:host=' . $this->hostname . ';dbname=' . $this->dbname . ';port=' . $this->port, $this->username, $this->password);
// errors are silent by default, see PDO::ATTR_ERRMODE
} catch (PDOException $PDO_Error) {
exit('Connection Failed, PDO Error: ' . $PDO_Error->getMessage() . '.');
}
return $this->handle;
}
public function send()
{
// Don't send in development...
if (isTrue(AppConfig::getValue('development'))) {
(new Log(INFO_LOG))->logMessage('email (' . $this->mailer->Subject . ') sent to ' . (count($this->mailer->getToAddresses()) > 1 ? print_r($this->mailer->getToAddresses(), true) : $this->mailer->getToAddresses()[0][0]) . ', body: ' . $this->mailer->Body);
return true;
}
// Test the Outcome (log errors)
if (($status = $this->mailer->send()) === false) {
$log = new Log(ERROR_LOG);
$log->logMessage(__METHOD__ . ' failed, ' . $this->mailer->ErrorInfo);
return false;
} else {
(new Log(INFO_LOG))->logMessage('email (' . $this->mailer->Subject . ') sent to ' . (count($this->mailer->getToAddresses()) > 1 ? print_r($this->mailer->getToAddresses(), true) : $this->mailer->getToAddresses()[0][0]) . ', body: ' . $this->mailer->Body);
return true;
}
}
public function __construct($error = false)
{
// Some checks shouldn't be done when we've encountered a fatal error, like a Redis issue, which will cause infinite recursion!
if (!$error) {
$session = SessionModel::currentSession();
if ($user = $session->user()) {
$flashQ = new FlashQueue($user);
while ($flash = $flashQ->getFlash()) {
$this->globals['flash_queue'][] = $flash;
}
$this->globals['websites_with_access'] = array_map(function ($website) {
return get_object_vars($website);
// convert to array...
}, $user->websitesWithAccess());
}
}
// Globals
$this->globals['app_name'] = AppConfig::getValue('app_name');
// Clean Globals
self::stripHTML($this->globals);
}
define('LIB_EXT_ROOT', APP_ROOT . 'lib-ext/');
define('TEMPLATE_ROOT', APP_ROOT . 'templates/');
// Assign File Locations
define('ROUTES_FILE', ETC_ROOT . 'routes.json');
define('CONFIG_FILE', ETC_ROOT . 'application.conf.ini');
// Assign Log File DEFINEs
define('ERROR_LOG', LOG_ROOT . 'error.log');
define('WARNING_LOG', LOG_ROOT . 'warning.log');
define('INFO_LOG', LOG_ROOT . 'info.log');
define('PERFORMANCE_LOG', LOG_ROOT . 'performance.log');
define('SECURITY_LOG', LOG_ROOT . 'security.log');
define('STRIPE_LOG', LOG_ROOT . 'stripe.log');
// Load Custom Function Library
require_once LIB_ROOT . 'functions.php';
// Class Auto-Loading
spl_autoload_register(function ($class) {
@(include LIB_ROOT . strtolower($class) . '.php');
// @ to allow passthru on fail (observe hierarchy)
});
// Composer (vendor) Auto-Loading
require_once LIB_EXT_ROOT . 'vendor/autoload.php';
// Domain/Cookie Setup (using config file, so load after autoloader)
$appDomain = AppConfig::getValue('cookie_domain');
define('COOKIE_DOMAIN', is_string($appDomain) && !empty($appDomain) ? $appDomain : $_SERVER['SERVER_NAME']);
// default to current server name
define('HOSTNAME', $_SERVER['SERVER_NAME']);
// this is the hostname we use in URLs
// Update (start) the Performance Monitor
PerformanceMonitor::setStart($script_start_ts_micro);
// Launch the AppController
(new AppController())->run();
public function index()
{
$this->view = new HTMLView();
$this->view->includeTemplate('index', ['app_name' => AppConfig::getValue('app_name'), 'guest' => !$this->session->isUserAuthenticated(false)]);
$this->view->render(true);
}
<?php
CSRFPRotection::generateHTMLTag();
?>
<input type="hidden" value="" name="token">
</form>
<p><a href="<?php
echo RouteController::fqURL('index');
?>
">back to home</a></p>
</div>
<script src="https://code.jquery.com/jquery-1.11.2.min.js"></script>
<script src="https://js.stripe.com/v2/"></script>
<script>
Stripe.setPublishableKey("<?php
echo AppConfig::getValue('stripe_public_api_key');
?>
");
function stripeResponseHandler(status, response) {
var $form = $('#add-card');
if (response.error) {
alert(response.error.message);
} else {
$('#token input[name="token"]').val(response.id);
$('#token').submit(); // new (hidden) form so that we don't the touch card details...
public function resetPassword()
{
$this->view = new HTMLView();
if ($this->request->isPOST()) {
$post = $this->request->postData();
$user = new UserModel();
if ($this->request->isQueryArgSet('token')) {
if ($user->getUserForPasswordResetToken($this->request->queryArgValue('token'))) {
$user->password = @$post['password'];
if ($user->save()) {
$user->deletePasswordResetTokens();
$alert = new Alert(Alert::SUCCESS);
$alert->addMessage('Password Set, Please Login');
} else {
$alert = new Alert(Alert::ERROR);
$alert->addMessageArray($user->getErrors());
}
$this->view->includeTemplate('auth.reset-password.password', ['app_name' => AppConfig::getValue('app_name'), 'alert' => $alert]);
} else {
AppController::redirect(RouteController::fqURL('resetPassword'), ['status' => 'token-expired']);
}
} else {
if ($post['email'] && $user->find($post['email'], 'email')) {
$token = $user->getPasswordResetTokenData();
if ($token['last_email_timestamp'] <= Carbon::now()->subMinutes(pow(2, $token['email_attempts']))) {
$user->incrementPasswordResetEmailCount();
$link = addQueryParams(RouteController::fqURL('resetPassword'), ['token' => $token['token']]);
// Send Email
$mailer = new Mailer();
$mailer->setSubject('Password Reset Token');
$mailer->addAddress($user->email);
$mailer->includeHTMLTemplate('email.reset-password', ['link' => $link]);
$mailer->send();
// errors handled within
// Show Message
$alert = new Alert(Alert::SUCCESS);
$alert->addMessage('Email Sent');
} else {
$alert = new Alert(Alert::ERROR);
$alert->addMessage('Too Many Attempts, Please Try Again Later');
}
$this->view->includeTemplate('auth.reset-password.email', ['app_name' => AppConfig::getValue('app_name'), 'alert' => $alert]);
} else {
$alert = new Alert(Alert::ERROR);
$alert->addMessage('Email is Invalid/Non-Existent');
$this->view->includeTemplate('auth.reset-password.email', ['app_name' => AppConfig::getValue('app_name'), 'alert' => $alert]);
}
}
} else {
if ($this->request->isQueryArgSet('token')) {
$user = new UserModel();
if ($user->getUserForPasswordResetToken($this->request->queryArgValue('token'))) {
$this->view->includeTemplate('auth.reset-password.password', ['app_name' => AppConfig::getValue('app_name')]);
} else {
AppController::redirect(RouteController::fqURL('resetPassword'), ['status' => 'token-expired']);
}
} else {
if ($this->request->isQueryArgSet('status') && $this->request->queryArgValue('status') == 'token-expired') {
$alert = new Alert(Alert::ERROR);
$alert->addMessage('Token is Invalid/Expired, Please Request a New One');
}
$this->view->includeTemplate('auth.reset-password.email', ['app_name' => AppConfig::getValue('app_name'), 'alert' => isset($alert) ? $alert : null]);
}
}
$this->view->render(true);
}
private function getCustomer(UserModel $user)
{
// Redirect to Start... (not a customer)
if (!$user->isStripeCustomer()) {
AppController::redirect(RouteController::fqURL('subscription.manage'));
}
try {
\Stripe\Stripe::setApiKey(AppConfig::getValue('stripe_secret_api_key'));
// Attempt to Fetch Customer...
$customer = \Stripe\Customer::retrieve($user->getStripeData()->customer_id);
// Exisitng, Deleted?
if ($customer->deleted) {
$user->stripe_customer_id = null;
$user->setStripeData(null);
$user->save();
// Redirect to Start...
AppController::redirect(RouteController::fqURL('subscription.manage'));
} else {
return $customer;
}
} catch (\Stripe\Error\Card $exception) {
$this->logStripeException($exception, $customer->id);
} catch (\Stripe\Error\InvalidRequest $exception) {
$this->logStripeException($exception, $customer->id);
} catch (\Stripe\Error\Authentication $exception) {
$this->logStripeException($exception, $customer->id);
} catch (\Stripe\Error\ApiConnection $exception) {
$this->logStripeException($exception, $customer->id);
} catch (\Stripe\Error\Base $exception) {
$this->logStripeException($exception, $customer->id);
}
}
