public static function getAllOeuvreMaterials() { $database = DatabaseFactory::getFactory()->getConnection(); $sql = "SELECT o.oeuvre_id, o.oeuvre_name, m.material_id, material_name, material_price, material_weight, material_dimension_high, material_dimension_width,\n material_dimension_profound, material_provider_id, material_has_photoMaterial, material_description, quantity\n FROM oeuvres_materials AS om, materials AS m, oeuvres AS o WHERE m.material_id = om.material_id AND o.oeuvre_id = om.oeuvre_id "; $query = $database->prepare($sql); $query->execute(); $all_materials = array(); foreach ($query->fetchAll() as $material) { // all elements of array passed to Filter::XSSFilter for XSS sanitation, have a look into // application/core/Filter.php for more info on how to use. Removes (possibly bad) JavaScript etc from // the material's values array_walk_recursive($material, 'Filter::XSSFilter'); $all_materials[$material->material_id] = new stdClass(); $all_materials[$material->material_id]->oeuvre_id = $material->oeuvre_id; $all_materials[$material->material_id]->oeuvre_name = $material->oeuvre_name; $all_materials[$material->material_id]->material_id = $material->material_id; $all_materials[$material->material_id]->material_name = $material->material_name; $all_materials[$material->material_id]->material_price = $material->material_price; $all_materials[$material->material_id]->material_weight = $material->material_weight; $all_materials[$material->material_id]->material_dimension_high = $material->material_dimension_high; $all_materials[$material->material_id]->material_dimension_width = $material->material_dimension_width; $all_materials[$material->material_id]->material_dimension_profound = $material->material_dimension_profound; $all_materials[$material->material_id]->material_provider_id = $material->material_provider_id; $all_materials[$material->material_id]->material_photoMaterial_link = Config::get('USE_GRAVATAR') ? AvatarModel::getGravatarLinkByEmail($user->user_email) : MaterialModel::getPublicPhotoMaterialFilePathOfMaterial($material->material_has_photoMaterial, $material->material_id); $all_materials[$material->material_id]->material_description = $material->material_description; $all_materials[$material->material_id]->quantity = $material->quantity; } return $all_materials; }
/** * Create an avatar picture (and checks all necessary things too) * TODO decouple * TODO total rebuild */ public static function createAvatar() { // check avatar folder writing rights, check if upload fits all rules if (AvatarModel::isAvatarFolderWritable() and AvatarModel::validateImageFile()) { // create a jpg file in the avatar folder, write marker to database $target_file_path = Config::get('PATH_AVATARS') . Session::get('user_id'); AvatarModel::resizeAvatarImage($_FILES['avatar_file']['tmp_name'], $target_file_path, Config::get('AVATAR_SIZE'), Config::get('AVATAR_SIZE'), Config::get('AVATAR_JPEG_QUALITY')); AvatarModel::writeAvatarToDatabase(Session::get('user_id')); Session::set('user_avatar_file', AvatarModel::getPublicUserAvatarFilePathByUserId(Session::get('user_id'))); Session::add('feedback_positive', Text::get('FEEDBACK_AVATAR_UPLOAD_SUCCESSFUL')); } }
public static function getAllInstructors() { $database = DatabaseFactory::getFactory()->getConnection(); $sql = "SELECT user_id, user_name, user_email, user_active, user_has_avatar, user_deleted FROM users WHERE user_account_type = 6"; $query = $database->prepare($sql); $query->execute(); $all_users_profiles = array(); foreach ($query->fetchAll() as $user) { // all elements of array passed to Filter::XSSFilter for XSS sanitation, have a look into // application/core/Filter.php for more info on how to use. Removes (possibly bad) JavaScript etc from // the user's values array_walk_recursive($user, 'Filter::XSSFilter'); $all_users_profiles[$user->user_id] = new stdClass(); $all_users_profiles[$user->user_id]->user_id = $user->user_id; $all_users_profiles[$user->user_id]->user_name = $user->user_name; $all_users_profiles[$user->user_id]->user_email = $user->user_email; $all_users_profiles[$user->user_id]->user_active = $user->user_active; $all_users_profiles[$user->user_id]->user_deleted = $user->user_deleted; $all_users_profiles[$user->user_id]->user_avatar_link = Config::get('USE_GRAVATAR') ? AvatarModel::getGravatarLinkByEmail($user->user_email) : AvatarModel::getPublicAvatarFilePathOfUser($user->user_has_avatar, $user->user_id); } return $all_users_profiles; }
/** * Edit the user's email * * @param $new_user_email * * @return bool success status */ public static function editUserEmail($new_user_email) { // email provided ? if (empty($new_user_email)) { Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_FIELD_EMPTY')); return false; } // check if new email is same like the old one if ($new_user_email == Session::get('user_email')) { Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_SAME_AS_OLD_ONE')); return false; } // user's email must be in valid email format, also checks the length // @see http://stackoverflow.com/questions/21631366/php-filter-validate-email-max-length // @see http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a-valid-email-address if (!filter_var($new_user_email, FILTER_VALIDATE_EMAIL)) { Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN')); return false; } // strip tags, just to be sure $new_user_email = substr(strip_tags($new_user_email), 0, 254); // check if user's email already exists if (UserModel::doesEmailAlreadyExist($new_user_email)) { Session::add('feedback_negative', Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN')); return false; } // write to database, if successful ... // ... then write new email to session, Gravatar too (as this relies to the user's email address) if (UserModel::saveNewEmailAddress(Session::get('user_id'), $new_user_email)) { Session::set('user_email', $new_user_email); Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($new_user_email)); Session::add('feedback_positive', Text::get('FEEDBACK_EMAIL_CHANGE_SUCCESSFUL')); return true; } Session::add('feedback_negative', Text::get('FEEDBACK_UNKNOWN_ERROR')); return false; }
/** * Delete the current user's avatar * Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page */ public function deleteAvatar_action() { Auth::checkAuthentication(); AvatarModel::deleteAvatar(Session::get("user_id")); Redirect::to('login/editAvatar'); }
/** * Delete the current user's avatar */ public function deleteAvatar_action() { AvatarModel::deleteAvatar(Session::get("user_id")); Redirect::to('user/editAvatar'); }
/** * The real login process: The user's data is written into the session. * Cheesy name, maybe rename. Also maybe refactoring this, using an array. * * @param $user_id * @param $user_name * @param $user_email * @param $user_account_type */ public static function setSuccessfulLoginIntoSession($user_id, $user_name, $user_email, $user_account_type) { Session::init(); Session::set('user_id', $user_id); Session::set('user_name', $user_name); Session::set('user_email', $user_email); Session::set('user_account_type', $user_account_type); Session::set('user_provider_type', 'DEFAULT'); // get and set avatars Session::set('user_avatar_file', AvatarModel::getPublicUserAvatarFilePathByUserId($user_id)); Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($user_email)); // finally, set user as logged-in Session::set('user_logged_in', true); }
/** * {@inheritdoc} */ public function delete() { parent::delete(); // Remove all the members of a deleted team $this->updateProperty($this->members, 'members', 0); $this->db->execute("UPDATE `players` SET `team` = NULL WHERE `team` = ?", $this->id); }
/** * The real login process: The user's data is written into the session. * Cheesy name, maybe rename. Also maybe refactoring this, using an array. * * @param $user_id * @param $user_name * @param $user_email * @param $user_account_type */ public static function setSuccessfulLoginIntoSession($user_id, $user_name, $user_email, $user_account_type) { Session::init(); // remove old and regenerate session ID. // It's important to regenerate session on sensitive actions, // and to avoid fixated session. // e.g. when a user logs in session_regenerate_id(true); $_SESSION = array(); Session::set('user_id', $user_id); Session::set('user_name', $user_name); Session::set('user_email', $user_email); Session::set('user_account_type', $user_account_type); Session::set('user_provider_type', 'DEFAULT'); // Set class_id Session::set('class_id', self::getClassID()); // get and set avatars Session::set('user_avatar_file', AvatarModel::getPublicUserAvatarFilePathByUserId($user_id)); Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($user_email)); // finally, set user as logged-in Session::set('user_logged_in', true); // update session id in database Session::updateSessionId($user_id, session_id()); // set session cookie setting manually, // Why? because you need to explicitly set session expiry, path, domain, secure, and HTTP. // @see https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet#Cookies setcookie(session_name(), session_id(), time() + Config::get('SESSION_RUNTIME'), Config::get('COOKIE_PATH'), Config::get('COOKIE_DOMAIN'), Config::get('COOKIE_SECURE'), Config::get('COOKIE_HTTP')); }
/** * Get a single material * @param int $material_id id of the specific material * @return object a single object (the result) */ public static function getMaterial($material_id) { $database = DatabaseFactory::getFactory()->getConnection(); $sql = "SELECT material_id, material_name, material_price, material_weight, material_dimension_high, material_dimension_width, material_dimension_profound, material_provider_id, material_has_photoMaterial, material_description\n FROM materials WHERE material_id = :material_id LIMIT 1"; $query = $database->prepare($sql); $query->execute(array(':material_id' => $material_id)); foreach ($query->fetchAll() as $material) { $material->material_id = $material->material_id; $material->material_name = $material->material_name; $material->material_price = $material->material_price; $material->material_weight = $material->material_weight; $material->material_dimension_high = $material->material_dimension_high; $material->material_dimension_width = $material->material_dimension_width; $material->material_dimension_profound = $material->material_dimension_profound; $material->material_provider_id = $material->material_provider_id; $material->material_photoMaterial_link = Config::get('USE_GRAVATAR') ? AvatarModel::getGravatarLinkByEmail($user->user_email) : self::getPublicPhotoMaterialFilePathOfMaterial($material->material_has_photoMaterial, $material->material_id); $material->material_description = $material->material_description; } return $material; // fetch() is the PDO method that gets a single result //return $query->fetch(); }
/** * Get all the teams in the database that are not disabled or deleted * * @return Team[] An array of Team IDs */ public static function getTeams() { return self::arrayIdToModel(parent::fetchIdsFrom("status", array("disabled", "deleted"), "s", true, "ORDER BY elo DESC")); }
/** * Get all of the members belonging to a team * @param int $teamID The ID of the team to fetch the members of * @return Player[] An array of Player objects of the team members */ public static function getTeamMembers($teamID) { return self::arrayIdToModel(parent::fetchIds("WHERE team = ?", "i", array($teamID))); }
/** * {@inheritdoc} * @todo Add a constraint that does this automatically */ public function wipe() { $this->db->execute("DELETE FROM past_callsigns WHERE player = ?", $this->id); parent::wipe(); }
/** * Delete a user's avatar * * @param int $userId * @return bool success */ public static function deleteAvatar($userId) { if (!ctype_digit($userId)) { Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED")); return false; } // try to delete image, but still go on regardless of file deletion result self::deleteAvatarImageFile($userId); if (self::$deleteAvatarQuery === null) { self::$deleteAvatarQuery = DatabaseFactory::getFactory()->getConnection()->prepare("UPDATE users SET user_has_avatar = 0 WHERE user_id = :user_id LIMIT 1"); } self::$deleteAvatarQuery->bindValue(":user_id", (int) $userId, PDO::PARAM_INT); self::$deleteAvatarQuery->execute(); if ($sth->rowCount() == 1) { Session::set('user_avatar_file', self::getPublicUserAvatarFilePathByUserId($userId)); Session::add("feedback_positive", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_SUCCESSFUL")); return true; } else { Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED")); return false; } }
<?php class AvatarModel extends ImplicitWOGAPModel { public $table = 'wog_img'; } AvatarModel::setParams(array('i_id' => array('filter' => FILTER_SANITIZE_NUMBER_INT), 'i_filename' => array('filter' => FILTER_SANITIZE_STRING)));