public static function getAllOeuvreMaterials()
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT o.oeuvre_id, o.oeuvre_name, m.material_id, material_name, material_price, material_weight, material_dimension_high, material_dimension_width,\n material_dimension_profound, material_provider_id, material_has_photoMaterial, material_description, quantity\n FROM oeuvres_materials AS om, materials AS m, oeuvres AS o WHERE m.material_id = om.material_id AND o.oeuvre_id = om.oeuvre_id ";
$query = $database->prepare($sql);
$query->execute();
$all_materials = array();
foreach ($query->fetchAll() as $material) {
// all elements of array passed to Filter::XSSFilter for XSS sanitation, have a look into
// application/core/Filter.php for more info on how to use. Removes (possibly bad) JavaScript etc from
// the material's values
array_walk_recursive($material, 'Filter::XSSFilter');
$all_materials[$material->material_id] = new stdClass();
$all_materials[$material->material_id]->oeuvre_id = $material->oeuvre_id;
$all_materials[$material->material_id]->oeuvre_name = $material->oeuvre_name;
$all_materials[$material->material_id]->material_id = $material->material_id;
$all_materials[$material->material_id]->material_name = $material->material_name;
$all_materials[$material->material_id]->material_price = $material->material_price;
$all_materials[$material->material_id]->material_weight = $material->material_weight;
$all_materials[$material->material_id]->material_dimension_high = $material->material_dimension_high;
$all_materials[$material->material_id]->material_dimension_width = $material->material_dimension_width;
$all_materials[$material->material_id]->material_dimension_profound = $material->material_dimension_profound;
$all_materials[$material->material_id]->material_provider_id = $material->material_provider_id;
$all_materials[$material->material_id]->material_photoMaterial_link = Config::get('USE_GRAVATAR') ? AvatarModel::getGravatarLinkByEmail($user->user_email) : MaterialModel::getPublicPhotoMaterialFilePathOfMaterial($material->material_has_photoMaterial, $material->material_id);
$all_materials[$material->material_id]->material_description = $material->material_description;
$all_materials[$material->material_id]->quantity = $material->quantity;
}
return $all_materials;
}
/**
* Create an avatar picture (and checks all necessary things too)
* TODO decouple
* TODO total rebuild
*/
public static function createAvatar()
{
// check avatar folder writing rights, check if upload fits all rules
if (AvatarModel::isAvatarFolderWritable() and AvatarModel::validateImageFile()) {
// create a jpg file in the avatar folder, write marker to database
$target_file_path = Config::get('PATH_AVATARS') . Session::get('user_id');
AvatarModel::resizeAvatarImage($_FILES['avatar_file']['tmp_name'], $target_file_path, Config::get('AVATAR_SIZE'), Config::get('AVATAR_SIZE'), Config::get('AVATAR_JPEG_QUALITY'));
AvatarModel::writeAvatarToDatabase(Session::get('user_id'));
Session::set('user_avatar_file', AvatarModel::getPublicUserAvatarFilePathByUserId(Session::get('user_id')));
Session::add('feedback_positive', Text::get('FEEDBACK_AVATAR_UPLOAD_SUCCESSFUL'));
}
}
public static function getAllInstructors()
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT user_id, user_name, user_email, user_active, user_has_avatar, user_deleted FROM users WHERE user_account_type = 6";
$query = $database->prepare($sql);
$query->execute();
$all_users_profiles = array();
foreach ($query->fetchAll() as $user) {
// all elements of array passed to Filter::XSSFilter for XSS sanitation, have a look into
// application/core/Filter.php for more info on how to use. Removes (possibly bad) JavaScript etc from
// the user's values
array_walk_recursive($user, 'Filter::XSSFilter');
$all_users_profiles[$user->user_id] = new stdClass();
$all_users_profiles[$user->user_id]->user_id = $user->user_id;
$all_users_profiles[$user->user_id]->user_name = $user->user_name;
$all_users_profiles[$user->user_id]->user_email = $user->user_email;
$all_users_profiles[$user->user_id]->user_active = $user->user_active;
$all_users_profiles[$user->user_id]->user_deleted = $user->user_deleted;
$all_users_profiles[$user->user_id]->user_avatar_link = Config::get('USE_GRAVATAR') ? AvatarModel::getGravatarLinkByEmail($user->user_email) : AvatarModel::getPublicAvatarFilePathOfUser($user->user_has_avatar, $user->user_id);
}
return $all_users_profiles;
}
/**
* Edit the user's email
*
* @param $new_user_email
*
* @return bool success status
*/
public static function editUserEmail($new_user_email)
{
// email provided ?
if (empty($new_user_email)) {
Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_FIELD_EMPTY'));
return false;
}
// check if new email is same like the old one
if ($new_user_email == Session::get('user_email')) {
Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_SAME_AS_OLD_ONE'));
return false;
}
// user's email must be in valid email format, also checks the length
// @see http://stackoverflow.com/questions/21631366/php-filter-validate-email-max-length
// @see http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a-valid-email-address
if (!filter_var($new_user_email, FILTER_VALIDATE_EMAIL)) {
Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN'));
return false;
}
// strip tags, just to be sure
$new_user_email = substr(strip_tags($new_user_email), 0, 254);
// check if user's email already exists
if (UserModel::doesEmailAlreadyExist($new_user_email)) {
Session::add('feedback_negative', Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN'));
return false;
}
// write to database, if successful ...
// ... then write new email to session, Gravatar too (as this relies to the user's email address)
if (UserModel::saveNewEmailAddress(Session::get('user_id'), $new_user_email)) {
Session::set('user_email', $new_user_email);
Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($new_user_email));
Session::add('feedback_positive', Text::get('FEEDBACK_EMAIL_CHANGE_SUCCESSFUL'));
return true;
}
Session::add('feedback_negative', Text::get('FEEDBACK_UNKNOWN_ERROR'));
return false;
}
/**
* Delete the current user's avatar
* Auth::checkAuthentication() makes sure that only logged in users can use this action and see this page
*/
public function deleteAvatar_action()
{
Auth::checkAuthentication();
AvatarModel::deleteAvatar(Session::get("user_id"));
Redirect::to('login/editAvatar');
}
/**
* Delete the current user's avatar
*/
public function deleteAvatar_action()
{
AvatarModel::deleteAvatar(Session::get("user_id"));
Redirect::to('user/editAvatar');
}
/**
* The real login process: The user's data is written into the session.
* Cheesy name, maybe rename. Also maybe refactoring this, using an array.
*
* @param $user_id
* @param $user_name
* @param $user_email
* @param $user_account_type
*/
public static function setSuccessfulLoginIntoSession($user_id, $user_name, $user_email, $user_account_type)
{
Session::init();
Session::set('user_id', $user_id);
Session::set('user_name', $user_name);
Session::set('user_email', $user_email);
Session::set('user_account_type', $user_account_type);
Session::set('user_provider_type', 'DEFAULT');
// get and set avatars
Session::set('user_avatar_file', AvatarModel::getPublicUserAvatarFilePathByUserId($user_id));
Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($user_email));
// finally, set user as logged-in
Session::set('user_logged_in', true);
}
/**
* {@inheritdoc}
*/
public function delete()
{
parent::delete();
// Remove all the members of a deleted team
$this->updateProperty($this->members, 'members', 0);
$this->db->execute("UPDATE `players` SET `team` = NULL WHERE `team` = ?", $this->id);
}
/**
* The real login process: The user's data is written into the session.
* Cheesy name, maybe rename. Also maybe refactoring this, using an array.
*
* @param $user_id
* @param $user_name
* @param $user_email
* @param $user_account_type
*/
public static function setSuccessfulLoginIntoSession($user_id, $user_name, $user_email, $user_account_type)
{
Session::init();
// remove old and regenerate session ID.
// It's important to regenerate session on sensitive actions,
// and to avoid fixated session.
// e.g. when a user logs in
session_regenerate_id(true);
$_SESSION = array();
Session::set('user_id', $user_id);
Session::set('user_name', $user_name);
Session::set('user_email', $user_email);
Session::set('user_account_type', $user_account_type);
Session::set('user_provider_type', 'DEFAULT');
// Set class_id
Session::set('class_id', self::getClassID());
// get and set avatars
Session::set('user_avatar_file', AvatarModel::getPublicUserAvatarFilePathByUserId($user_id));
Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($user_email));
// finally, set user as logged-in
Session::set('user_logged_in', true);
// update session id in database
Session::updateSessionId($user_id, session_id());
// set session cookie setting manually,
// Why? because you need to explicitly set session expiry, path, domain, secure, and HTTP.
// @see https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet#Cookies
setcookie(session_name(), session_id(), time() + Config::get('SESSION_RUNTIME'), Config::get('COOKIE_PATH'), Config::get('COOKIE_DOMAIN'), Config::get('COOKIE_SECURE'), Config::get('COOKIE_HTTP'));
}
/**
* Get a single material
* @param int $material_id id of the specific material
* @return object a single object (the result)
*/
public static function getMaterial($material_id)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT material_id, material_name, material_price, material_weight, material_dimension_high, material_dimension_width, material_dimension_profound, material_provider_id, material_has_photoMaterial, material_description\n FROM materials WHERE material_id = :material_id LIMIT 1";
$query = $database->prepare($sql);
$query->execute(array(':material_id' => $material_id));
foreach ($query->fetchAll() as $material) {
$material->material_id = $material->material_id;
$material->material_name = $material->material_name;
$material->material_price = $material->material_price;
$material->material_weight = $material->material_weight;
$material->material_dimension_high = $material->material_dimension_high;
$material->material_dimension_width = $material->material_dimension_width;
$material->material_dimension_profound = $material->material_dimension_profound;
$material->material_provider_id = $material->material_provider_id;
$material->material_photoMaterial_link = Config::get('USE_GRAVATAR') ? AvatarModel::getGravatarLinkByEmail($user->user_email) : self::getPublicPhotoMaterialFilePathOfMaterial($material->material_has_photoMaterial, $material->material_id);
$material->material_description = $material->material_description;
}
return $material;
// fetch() is the PDO method that gets a single result
//return $query->fetch();
}
/**
* Get all the teams in the database that are not disabled or deleted
*
* @return Team[] An array of Team IDs
*/
public static function getTeams()
{
return self::arrayIdToModel(parent::fetchIdsFrom("status", array("disabled", "deleted"), "s", true, "ORDER BY elo DESC"));
}
/**
* Get all of the members belonging to a team
* @param int $teamID The ID of the team to fetch the members of
* @return Player[] An array of Player objects of the team members
*/
public static function getTeamMembers($teamID)
{
return self::arrayIdToModel(parent::fetchIds("WHERE team = ?", "i", array($teamID)));
}
/**
* {@inheritdoc}
* @todo Add a constraint that does this automatically
*/
public function wipe()
{
$this->db->execute("DELETE FROM past_callsigns WHERE player = ?", $this->id);
parent::wipe();
}
/**
* Delete a user's avatar
*
* @param int $userId
* @return bool success
*/
public static function deleteAvatar($userId)
{
if (!ctype_digit($userId)) {
Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED"));
return false;
}
// try to delete image, but still go on regardless of file deletion result
self::deleteAvatarImageFile($userId);
if (self::$deleteAvatarQuery === null) {
self::$deleteAvatarQuery = DatabaseFactory::getFactory()->getConnection()->prepare("UPDATE users SET user_has_avatar = 0 WHERE user_id = :user_id LIMIT 1");
}
self::$deleteAvatarQuery->bindValue(":user_id", (int) $userId, PDO::PARAM_INT);
self::$deleteAvatarQuery->execute();
if ($sth->rowCount() == 1) {
Session::set('user_avatar_file', self::getPublicUserAvatarFilePathByUserId($userId));
Session::add("feedback_positive", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_SUCCESSFUL"));
return true;
} else {
Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED"));
return false;
}
}
<?php
class AvatarModel extends ImplicitWOGAPModel
{
public $table = 'wog_img';
}
AvatarModel::setParams(array('i_id' => array('filter' => FILTER_SANITIZE_NUMBER_INT), 'i_filename' => array('filter' => FILTER_SANITIZE_STRING)));
