Example #1
0
 public function __construct($db_conf, $table, $user_field, $email_field, $pass_field, $key_field, $iv_field)
 {
     global $util, $security;
     if (!isset($_SESSION["user_id"]) || !isset($_SESSION["username"])) {
         $_SESSION["user_id"] = 0;
         $_SESSION["username"] = "";
     }
     if ($_SESSION["user_id"] == 0 && isset($_COOKIE["user"]) && isset($_COOKIE["encrypted_pass"])) {
         $database = new Database($db_conf);
         $user = $database->sanitize($_COOKIE["user"]);
         $result = $database->query("SELECT `id`, `" . $user_field . "`, `" . $pass_field . "`, `" . $key_field . "`, `" . $iv_field . "` FROM `" . $table . "` WHERE `" . $user_field . "`=" . $user . " OR `" . $email_field . "`=" . $user . ";");
         $cookie_user = $_COOKIE["user"];
         $cookie_encrypted_pass = $_COOKIE["encrypted_pass"];
         $security->delete_cookie("user");
         $security->delete_cookie("encrypted_pass");
         if (count($result) == 0) {
             if ($this->prevent_user_enum) {
                 $this->check_pass("testing", "+wDY57krS5nRSY6wbfRk3LpYLHIXkPAaHwxmKGlKIy7V3XAa2EKAdNS/o8Mrv5ub+58rSREPuUSHA7Pc/zHnjYggi2St55DQEYEdypq2jDIbYJydsY0X8g7g46UdxQD2+LfFjNe4vyIzONGdXL/j5INeeZxCjt7sp+DbcdzySJUS2VXfAMVHsHU6fS8XNDWM", "drYB,|h=zS*cVJ6Q7::&m=Y3DYwGI\$TM", "GfDHP5lj88QAH2cr7lw8pEGgJM7stTeGpOUvUBVYPLo=");
             }
             return;
         }
         if (!$this->check_pass($cookie_encrypted_pass, $result[0][$pass_field], $result[0][$key_field], $result[0][$iv_field])) {
             return;
         }
         $_SESSION["user_id"] = $result[0]["id"];
         $_SESSION["username"] = $result[0][$user_field];
         $_SESSION["html_username"] = $util->sanitize($result[0][$user_field]);
         $security->set_cookie("user", $cookie_user);
         $security->set_cookie("encrypted_pass", $cookie_encrypted_pass);
     }
 }
Example #2
0
 public static function by_route($route)
 {
     $route = Database::sanitize($route);
     $content = self::$props['content'];
     $res = Database::query("SELECT doc.*, {$content} FROM doc INNER JOIN doc_route ON doc_route.doc_id = doc.id WHERE doc_route.route = {$route} LIMIT 1;");
     $result = self::post_process($res);
     return isset($result[0]) ? $result[0] : [];
 }
Example #3
0
 public static function read_parts($params, $parts)
 {
     //echo '<pre>'; debug_print_backtrace(); echo '</pre>'; exit;
     $parts = explode(',', $parts);
     for ($i = 0; $i < count($parts); ++$i) {
         $parts[$i] = Database::sanitize($parts[$i]);
     }
     $parts = implode(',', $parts);
     $where = Session::is_admin() ? '' : 'AND private = 0';
     $res = Database::query("SELECT * FROM part WHERE part IN ({$parts}) {$where};");
     $result = Record::post_process($res);
     for ($i = 0; $i < count($result); ++$i) {
         $result[$i] = self::post_process_fields($result[$i]);
     }
     return $result;
 }
Example #4
0
	public static function push_notification(Action $action) {
		$mysqli = Database::connection();
		//var_dump($mysqli);
		$class = get_class($action);
		switch ($class) {
			case 'JoinBadmintonDate':
				$action->badminton_date->get_datename();
				$message = sprintf(NotificationPusher::$notification_messages[$class], $action->joiner->username, $action->badminton_date->datename);
				$a_href = $action->badminton_date->date_id;
				list($message, $a_href) = Database::sanitize(array($message, $a_href));
				$action->badminton_date->get_attendees(array(
					$action->joiner)
				);
				//print_r($action->badminton_date->attendees);
				foreach ($action->badminton_date->attendees as $attendant) {
					$a_href = "date.php?id=$a_href";
					$insert = "INSERT INTO `notifications` (message, user_id, type, a_href, read_status, date_notified) VALUES ('$message', '$attendant->user_id', '" . NotificationFactory::$notification_type_contract[$class] . "', '$a_href', '" . NotificationFactory::UNREAD . "', NOW())";
					$result = $mysqli->query($insert)
					or die ($mysqli->error);
				}
				return true;
				break;
			case 'LeaveBadmintonDate':
				$message = sprintf(NotificationPusher::$notification_messages[$class], $action->leaver->username, $action->badminton_date->datename);
				$a_href = $action->badminton_date->date_id;
				list($message, $a_href) = Database::sanitize(array($message, $a_href));
				$action->badminton_date->get_attendees();
				foreach ($action->badminton_date->attendees as $attendant) {
					if ($attendant->user_id != $action->leaver->user_id) {
						$a_href = "date.php?id=$a_href";
						$insert = "INSERT INTO `notifications` (message, user_id, type, a_href, read_status, date_notified) VALUES ('$message', '$attendant->user_id', '" . NotificationFactory::$notification_type_contract[$class] . "', '$a_href', '" . NotificationFactory::UNREAD . "', NOW())";
						$result = $mysqli->query($insert)
						or die ($mysqli->error);
					}
				}
				return true;
				break;
			case 'WithdrawAbsence':
				$message = sprintf(NotificationPusher::$notification_messages[$class], $action->withdrawer->username, $action->badminton_date->datename);
				$a_href = $action->badminton_date->date_id;
				list($message, $a_href) = Database::sanitize(array($message, $a_href));
				$action->badminton_date->get_attendees();
				foreach ($action->badminton_date->attendees as $attendant) {
					if ($attendant->user_id != $action->withdrawer->user_id) {
						$a_href = "date.php?id=$a_href";
						$insert = "INSERT INTO `notifications` (message, user_id, type, a_href, read_status, date_notified) VALUES ('$message', '$attendant->user_id', '" . NotificationFactory::$notification_type_contract[$class] . "', '$a_href', '" . NotificationFactory::UNREAD . "', NOW())";
						$result = $mysqli->query($insert)
						or die ($mysqli->error);
					}
				}
				return true;
				break;
			default:
				throw new UnexpectedValueException("$class is not a valid action class, tried to push in BadmintonDateNotificationPusher");
		}
	}
Example #5
0
try {
/*	$return_val = array();
	$return_val['session'] = $_SESSION['user_id'];
	$return_val['token'] = $_COOKIE['token'];
	$return_val['cookie'] = $_COOKIE['user_id'];
	echo json_encode($return_val, JSON_PRETTY_PRINT);*/
	$user = User::get_current_user();
	if ($user instanceof CurrentUser) {
		//echo 'hi';
		http_response_code(200);
		echo json_encode($user, JSON_PRETTY_PRINT);
	}
	else {
		if ($email && $password) {
			$mysqli = Database::connection();
			$email = Database::sanitize($email);
			$sql = "SELECT user_id, password FROM users WHERE email = '$email'";
			$return_val[] = $sql;
			$result = $mysqli->query($sql)
			or die ($mysqli->error);

			$mysqli->set_charset('utf-8');

			if ($result->num_rows == 1) {
			//	echo 'hi';
				list($user_id, $hashed_password) = mysqli_fetch_row($result);
				$verify = password_verify($password, $hashed_password);
				if ($verify) {
					//The user is authenticated
					$size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
					$new_token = bin2hex(mcrypt_create_iv($size, MCRYPT_DEV_RANDOM));
Example #6
0
<?php
header("Content-Type: application/json"); //Set header for outputing the JSON information
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php';
$request = file_get_contents('php://input');
$data = json_decode($request);
$thread_id = $data->thread_id;
$thread_title = $data->thread_title;
$thread_text = $data->thread_text;
/*$thread_id = 18;
$thread_text = 'editted text';*/
$user = User::get_current_user();
try {
    if (is_numeric($thread_id) && ($user instanceof User) && ($thread_text) && ($thread_title)) {
        list($thread_text, $thread_title) = Database::sanitize(array($thread_text, $thread_title));
        $editted_thread = new Thread(array(
            'thread_id' => $thread_id,
            'thread_text' => $thread_text,
            'thread_title' => $thread_title)
        );
        $result = $user->edit_thread($editted_thread);
        if ($result) {
            http_response_code(200);
            $result->thread_text = $data->thread_text;
            echo json_encode($result, JSON_PRETTY_PRINT);
        }
        else {
            throw new RuntimeException('RuntimeException occured on request, could not edit thread for some reason');
        }
    }
    else {
        throw new UnexpectedValueException('UnexpectedValueExceptionx occured on request');
<?php
header("Content-Type: application/json"); //Set header for outputing the JSON information
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php';
$request = file_get_contents('php://input');
$data = json_decode($request);
$date_string = $data->date;
/*$date_string = '2015-09-07';*/
try {
	if ($date_string) {
		$date_string = Database::sanitize($date_string);
		$mysqli = Database::connection();
		$sql = "SELECT t1.date_id, t1.datename, DATE_FORMAT(t1.begin_datetime, '%b %e, %Y - %r') as `begin_datetime`, DATE_FORMAT(t1.end_datetime, '%b %e, %Y - %r') as `end_datetime`, t1.creator_id as `user_id`, t2.username, t2.email, t2.reputation, t2.avatar, t1.bool_group, t1.confirmed
		FROM `badminton_dates` as t1
		INNER JOIN `users` as t2 
		ON t2.user_id = t1.creator_id
		WHERE MONTH(date_id) = MONTH('$date_string')
		ORDER BY t1.begin_datetime ASC";
		$result = $mysqli->query($sql)
		or die ($mysqli->error);
		$dates = array();
		while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
			$row['creator'] = new ProfileUser($row);
			if ($row['confirmed']) {
				$badminton_date = new ConfirmedBadmintonDate($row);
			}
			else {
				if ($row['bool_group']) {
					$badminton_date = new GrouProposedDate($row);
				}
				else {
					$badminton_date = new PublicProposedDate($row);
Example #8
0
 public static function destroy_all($doc_id)
 {
     $q = Database::sanitize(["DELETE FROM doc_route WHERE doc_id = ?", $doc_id]);
     return Database::query($q);
 }
Example #9
0
			//Check to see if this is the correct token
			$sql = "SELECT email_token FROM users WHERE user_id = '$user_id' AND type != 1";
			$result = $mysqli->query($sql)
			or die ($mysqli->error);

			if ($result->num_rows == 1) {
				$token_hashed = mysqli_fetch_row($result)[0];
				if (password_verify($token, $token_hashed)) {
					//Officiate the user
					$sql = "UPDATE `users` SET type = 1 WHERE user_id ='$user_id'";
					$result = $mysqli->query($sql)
					or die ($mysqli->error);

					//Create a real token and handshake with user
					$token = User::generate_token();
					$hashed_token = Database::sanitize(password_hash($token, PASSWORD_BCRYPT));

					//Send the hashed token to the server
					$sql = "UPDATE `users` SET token = '$hashed_token'";
					$result = $mysqli->query($sql)
					or die ($mysqli->error);

					//Pass to cookies
					$_SESSION['user_id'] = $user_id;
					setcookie('user_id', $user_id, time() + 3600, "/");
					setcookie('token', $token, time() + 3600, "/");
					$_COOKIE['user_id'] = $user_id;
					$_COOKIE['token'] = $token;
					echo 'Account verified';
				}
				else {
Example #10
0
<?php
header("Content-Type: application/json"); //Set header for outputing the JSON information
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php';
$request = file_get_contents('php://input');
$data = json_decode($request);
$thread_text = $data->thread_text;
$type = $data->type;
$date_play = $data->date_play;
// $type = 2;
// $thread_text = 'ahdisahdosa';
$user = User::get_current_user();
try {
	if (array_key_exists($type, Thread::$type_contracts) && ($thread_text)) {
		if ($user instanceof CurrentUser) {
			list($thread_text)  = Database::sanitize(array($thread_text));
			$comment = new Thread(array(
				'thread_text' => $thread_text,
				'date_play' => $date_play,
				'type' => $type)
			);
			$result = $user->post_thread($comment);
			if ($result) {
				//Now if this is an anticipated date, we will try to create a tentative badminton date and denote it with a type = 2
				http_response_code(200);
				$result->thread_text = $data->thread_text;
				echo json_encode($result, JSON_PRETTY_PRINT);
			}
			else {
				throw new RuntimeException('RuntimeException occured on request, could not post commment for some reason');
			}
		}
Example #11
0
<?php
header("Content-Type: application/json"); //Set header for outputing the JSON information
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php';
$request = file_get_contents('php://input');
$data = json_decode($request);
$password = $data->password;
$confirm = $data->confirm_password;
$user = User::get_current_user();
try {
    if ($user instanceof CurrentUser) {
        if ($password == $confirm) {
            $mysqli = Database::connection();
            $password = Database::sanitize($password);
            $sql = "UPDATE users SET password = '******' WHERE user_id = '$user->user_id' LIMIT 1";
            $result = $mysqli->query($sql)
            or die ($mysqli->error);
            http_response_code(200);
        }
        else {
            throw new UnexpectedValueException('Passwords do not match');
        }
    }
    else {
        throw new UnexpectedValueException('UnexpectedValueException occured on request, no user is currently logged in');
    }
}
catch (Exception $e) {
    http_response_code(400);
    Database::print_exception($e);
}
Example #12
0
$password = $data->password;
$email = $data->email;
$confirm_password = $data->confirm_password;
/*$email = '*****@*****.**';
$username = '******';
$password = '******';
$confirm_password = '******';*/
$user = User::get_current_user();
try {
	if (!$user->user_id) {
		//Check input fields
		if ((strlen($password) >= 4) && ($confirm_password == $password) && (strlen($username) >= 2)) {
			$mysqli = Database::connection();

			//Sanitize user inputs
			list($password, $confirm_password, $username, $email) = Database::sanitize(array($password, $confirm_password, $username, $email));

			//Check if this email is not in the database
			if (!User::email_exists($email)) {
				$token = User::generate_token();
				$hashed_token = password_hash($token, PASSWORD_BCRYPT);

				$hashed_password = password_hash($password, PASSWORD_BCRYPT);

				$sql = "INSERT INTO users (email, password, type, token) VALUES ('$email', '$hashed_password', '0', '$hashed_token')";
				$result = $mysqli->query($sql)
				or die ($mysqli->error);

				$user_id = $mysqli->insert_id;

				//Mail the user the email
Example #13
0
 public static function create($model)
 {
     $table = self::table_name(get_called_class());
     $create_keys = [];
     $create_values = [];
     foreach ($model as $key => $value) {
         $create_keys[] = Database::sanitize($key, TRUE);
         $create_values[] = Database::sanitize($value);
     }
     $create_keys = implode(',', $create_keys);
     $create_values = implode(',', $create_values);
     $res = Database::query("INSERT INTO {$table} ({$create_keys}) VALUES ({$create_values});");
     if ($errors = Database::$mysql->error) {
         return ['error' => $errors];
     } else {
         if ($res) {
             $model['_class'] = $table;
             $model['id'] = Database::$mysql->insert_id;
             return $model;
         } else {
             return ['error' => '500'];
         }
     }
 }
Example #14
0
<?php
header("Content-Type: application/json"); //Set header for outputing the JSON information
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php';
$request = file_get_contents('php://input');
$data = json_decode($request);
$level = $data->level;
$program = $data->program;
$commuter = $data->commuter;
$accolades = $data->accolades;
$playingLevel = $data->playingLevel;
$user = User::get_current_user(); //The user to edit on
try {
    if ($user instanceof User) {
        if (is_numeric($level) && is_numeric($commuter)) {
            $program = Database::sanitize($program);
            $edit = new ProfileUser(array(
                'level' => $level,
                'program' => $program,
                'commuter' => $commuter,
                'bio' => $bio,
                'playing_level' => $playingLevel,
                'accolades' => $accolades)
            );
            $result = $user->edit_self($edit);
            if ($result) {
                http_response_code(200);
            }
            else {
                throw new RuntimeException('RuntimeException occured on request, could not edit for some reason');
            }
        }
Example #15
0
	public static function email_exists($email) {
		/*
		(Str) -> Bool
		Checks to see if an email exists in the database
		 */
		if ($email) {
			$mysqli = Database::connection();
			$email = Database::sanitize($email);
			$sql = "SELECT user_id FROM users WHERE email = '$email' AND type != 0";
			$result = $mysqli->query($sql)
			or die ($mysqli->error);
			return ($result->num_rows == 1);
		}
		else {
			return false;
		}
	}
Example #16
0
<?php
header("Content-Type: application/json"); //Set header for outputing the JSON information
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php';
$request = file_get_contents('php://input');
$data = json_decode($request);
$message_text = $data->message_text;
$parent_id = $data->parent_id;
$user = User::get_current_user();
try {
	if (is_numeric($parent_id) && ($message_text) && ($user instanceof User)) {
		$message_text = Database::sanitize($message_text);
		$mysqli = Database::connection();
		$result = $user->post_reply($message, $reply);
		if ($result) {
			$result->message_text = $data->message_text;
			echo json_encode($result, JSON_PRETTY_PRINT);
			http_response_code(200);
		}
		else {
			throw new RuntimeException('RuntimeException occured on request, could not insert reply for some reason');
		}
	}
	else {
		throw new UnexpectedValueException('UnexpectedValueException occured on request');
	}
}
catch (Exception $e) {
	http_response_code(400);
	Database::print_exception($e);
}
header("Content-Type: application/json"); //Set header for outputing the JSON information
function __autoload($class_name) {
	/*
	Last chance for PHP script to call a class name
	 */
	$class_name = ($class_name == 'OutgoingTranslation' || $class_name == 'IncomingTranslation') ? 'Translate' : $class_name;
	require_once $_SERVER['DOCUMENT_ROOT']. "/includes/$class_name.php";
}
$request = file_get_contents('php://input');
$data = json_decode($request);
$username = $data->username;
/*$username = '******';*/
require_once __DIR__ . '/../../includes/Database.php';
try {
	if ($username) {
		$username = Database::sanitize($username); //Sanitize the user input
		$mysqli = Database::connection(); //Initiate the Mysqli Connection variable
		$sql = "SELECT user_id FROM users WHERE username = '******'";
		$result = $mysqli->query($sql)
		or die ($mysqli->error);
		if ($result->num_rows > 0) {
			http_response_code(400);
		}
		else {
			http_response_code(200); //The username does not yet exist
		}
	}
	else {
		throw new UnexpectedValueException('UnexpectedValueException');
	}
}
Example #18
0
<?php
header("Content-Type: application/json"); //Set header for outputing the JSON information
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/autoload.php';
$request = file_get_contents('php://input');
$data = json_decode($request);
$thread_id = $data->thread_id;
$comment_text = $data->comment_text;
$parent_id = $data->parent_id;
/*$thread_id = 11;
$comment_text = 'hihih hiiii';
$parent_id = null;*/
$user = User::get_current_user();
try {
	if (is_numeric($thread_id) && ($comment_text) && ($user instanceof User) && (!$parent_id XOR (is_numeric($parent_id)))) {
		$comment_text = Database::sanitize($comment_text);
		$thread = new Thread(array(
			'thread_id' => $thread_id)
		);
		$comment = new ThreadComment(array(
			'comment_text' => $comment_text,
			'thread' => $thread
			)
		);
		$result_post = $user->post_thread_comment($thread, $comment);
		if ($result_post) {
			http_response_code(200);
			echo json_encode($result_post, JSON_PRETTY_PRINT);
		}
		else {
			throw new RuntimeException('RuntimeException occured on request, could not post comment for some reason');
		}
$begin_datetime = $data->begin_datetime;
$datename = ($data->datename) ? $data->datename : DEFAULT_BADMINTON_DATE_NAME;
$end_datetime = $data->end_datetime;
$visibility = $data->visibility;
$summary = $data->summary;
$group_id = $data->group_id;
$user = User::get_current_user();
$max_attendants = $data->max_attendants;
/*$begin_datetime = '2015-09-06 12:00:00';
$end_datetime = '2015-09-06 13:00:00';*/
/*$begin_datetime = '2015-09-21 00:00:00';
$end_datetime = '2015-09-22 00:00:00';*/
try {
	if (($user instanceof CurrentUser) && $end_datetime && $begin_datetime) {
		//Attempt to create a new badminton date
		list($datetime, $datename, $summary) = Database::sanitize(array($datetime, $datename, $summary));
		if (!is_numeric($group_id))  {
			//The date is a public date
			$badminton_date = new PublicProposedDate(array(
				'summary' => $summary,
				'datename' => $datename,
				'begin_datetime' =>  $begin_datetime,
				'end_datetime' =>  $end_datetime,
				'creator' => $user,
				'max_attendants' => $max_attendants)
			);
		}
		else {
			//The date is a group date
			$group = new Group(array(
				'group_id' => $group_id)
Example #20
0
$commuter = $data->commuter;
$accolades = $data->accolades;
$bio = $data->bio;
// $commuter = 2;
// $level = 'AngularJS Level';
// $program = 'Object Oriented';   
// $level = 1;
// $playingLevel = $data->playingLevel;
// $commuter = 1;
// $bio = 'hey there';
// $playingLevel = 1;  
$user = User::get_current_user(); //The user to edit on
try {
    if ($user instanceof CurrentUser) {
        if (is_numeric($level) && is_numeric($commuter)) {
            list($program, $accolades, $bio) = Database::sanitize(array($program, $accolades, $bio));
            $edit = new ProfileUser(array(
                'level' => $level,
                'program' => $program,
                'commuter' => $commuter,
                'bio' => $bio,
                'accolades' => $accolades)
            );
            $result = $user->edit_self($edit);
            if ($result) {
                http_response_code(200);
            }
            else {
                throw new RuntimeException('RuntimeException occured on request, could not edit for some reason');
            }
        }