public function testAdd() { $profiler = Profiler::getInstance(); $profiler->add(0.02503434, 'My 1st action'); $profiler->add(0.02303434, 'My 2nd action'); $profiler->add(0.12003434, 'My 3rd action'); $profiler->add(0.62003434, 'My 4th action', true, 10); $profiler->add(0.40003434, 'My 5th action', true); $actions = $profiler->getProfile(); $this->assertEqual($actions[0]['time'], '0.620'); $this->assertEqual($actions[0]['action'], 'My 4th action'); $this->assertEqual($actions[0]['num_rows'], 10); $this->assertEqual($profiler->total_queries, 2); }
public function authControl() { $webapp = Webapp::getInstance(); $owner_dao = DAOFactory::getDAO('OwnerDAO'); $owner = $owner_dao->getByEmail($this->getLoggedInUser()); $this->addToView('owner', $owner); /* Begin plugin-specific configuration handling */ if (isset($_GET['p'])) { // add config js to header $this->addHeaderJavaScript('assets/js/plugin_options.js'); $active_plugin = $_GET['p']; $pobj = $webapp->getPluginObject($active_plugin); $p = new $pobj(); $this->addToView('body', $p->renderConfiguration($owner)); $profiler = Profiler::getInstance(); $profiler->clearLog(); } else { $pld = DAOFactory::getDAO('PluginDAO'); $config = Config::getInstance(); $installed_plugins = $pld->getInstalledPlugins($config->getValue("source_root_path")); $this->addToView('installed_plugins', $installed_plugins); } /* End plugin-specific configuration handling */ if (isset($_POST['changepass']) && $_POST['changepass'] == 'Change password' && isset($_POST['oldpass']) && isset($_POST['pass1']) && isset($_POST['pass2'])) { $origpass = $owner_dao->getPass($this->getLoggedInUser()); if (!$this->app_session->pwdCheck($_POST['oldpass'], $origpass)) { $this->addErrorMessage("Old password does not match or empty."); } elseif ($_POST['pass1'] != $_POST['pass2']) { $this->addErrorMessage("New passwords did not match. Your password has not been changed."); } elseif (strlen($_POST['pass1']) < 5) { $this->addErrorMessage("New password must be at least 5 characters. " . "Your password has not been changed."); } else { $cryptpass = $this->app_session->pwdcrypt($_POST['pass1']); $owner_dao->updatePassword($this->getLoggedInUser(), $cryptpass); $this->addSuccessMessage("Your password has been updated."); } } if ($owner->is_admin) { $instance_dao = DAOFactory::getDAO('InstanceDAO'); $owners = $owner_dao->getAllOwners(); foreach ($owners as $o) { $instances = $instance_dao->getByOwner($o, true); $o->setInstances($instances); } $this->addToView('owners', $owners); } return $this->generateView(); }
/** * @param string $channel * * @return mixed|void */ public function send($channel = '') { $profiler = Profiler::getInstance(); $messages = $profiler->getMilestones(); $started = $profiler->getTimeStart(); if (count($messages) > 0) { // @TODO more options: db, log, email? extend! switch ($channel) { case 'dump': print $this->format($messages, $started); break; case 'hidden': print '<!--' . $this->format($messages, $started) . '-->'; break; case 'none': // fall through to default // fall through to default default: // do nothing break; } } }
/** * Generates plugin page options markup - Calls parent::generateView() * * @return str view markup */ protected function generateView() { // if we have some p[lugin option elements defined // render them and add to the parent view... if (count($this->option_elements) > 0) { $this->setValues(); $view_mgr = new ViewManager(); $view_mgr->disableCaching(); // assign data $view_mgr->assign('option_elements', $this->option_elements); $view_mgr->assign('option_elements_json', json_encode($this->option_elements)); $view_mgr->assign('option_headers', $this->option_headers); $view_mgr->assign('option_not_required', $this->option_not_required); $view_mgr->assign('option_not_required_json', json_encode($this->option_not_required)); $view_mgr->assign('option_required_message', $this->option_required_message); $view_mgr->assign('option_required_message_json', json_encode($this->option_required_message)); $view_mgr->assign('option_select_multiple', $this->option_select_multiple); $view_mgr->assign('option_select_visible', $this->option_select_visible); $view_mgr->assign('plugin_id', $this->plugin_id); $view_mgr->assign('user_is_admin', $this->isAdmin()); $options_markup = ''; if ($this->profiler_enabled) { $view_start_time = microtime(true); $options_markup = $view_mgr->fetch(self::OPTIONS_TEMPLATE); $view_end_time = microtime(true); $total_time = $view_end_time - $view_start_time; $profiler = Profiler::getInstance(); $profiler->add($total_time, "Rendered view (not cached)", false); } else { $options_markup = $view_mgr->fetch(self::OPTIONS_TEMPLATE); } $this->addToView('options_markup', $options_markup); } return parent::generateView(); }
public function authControl() { $this->disableCaching(); $webapp = Webapp::getInstance(); $owner_dao = DAOFactory::getDAO('OwnerDAO'); $invite_dao = DAOFactory::getDAO('InviteDAO'); $owner = $owner_dao->getByEmail($this->getLoggedInUser()); $this->addToView('owner', $owner); $this->addToView('logo_link', ''); $this->view_mgr->addHelp('api', 'userguide/api/posts/index'); $this->view_mgr->addHelp('application_settings', 'userguide/settings/application'); $this->view_mgr->addHelp('users', 'userguide/settings/allaccounts'); $this->view_mgr->addHelp('backup', 'install/backup'); //process password change if (isset($_POST['changepass']) && $_POST['changepass'] == 'Change password' && isset($_POST['oldpass']) && isset($_POST['pass1']) && isset($_POST['pass2'])) { $origpass = $owner_dao->getPass($this->getLoggedInUser()); if (!$this->app_session->pwdCheck($_POST['oldpass'], $origpass)) { $this->addErrorMessage("Old password does not match or empty.", 'password'); } elseif ($_POST['pass1'] != $_POST['pass2']) { $this->addErrorMessage("New passwords did not match. Your password has not been changed.", 'password'); } elseif (strlen($_POST['pass1']) < 5) { $this->addErrorMessage("New password must be at least 5 characters. " . "Your password has not been changed.", 'password'); } else { // verify CSRF token $this->validateCSRFToken(); $cryptpass = $this->app_session->pwdcrypt($_POST['pass1']); $owner_dao->updatePassword($this->getLoggedInUser(), $cryptpass); $this->addSuccessMessage("Your password has been updated.", 'password'); } } // process invite if (isset($_POST['invite']) && $_POST['invite'] == 'Create Invitation') { // verify CSRF token $this->validateCSRFToken(); $invite_code = substr(md5(uniqid(rand(), true)), 0, 10); $invite_added = $invite_dao->addInviteCode($invite_code); if ($invite_added == 1) { //invite generated and inserted $server = $_SERVER['HTTP_HOST']; $invite_link = 'http' . (isset($_SERVER['HTTPS']) ? 's' : '') . '://' . $server . THINKUP_BASE_URL . 'session/register.php?code=' . $invite_code; $this->addSuccessMessage("Invitation created!<br />Copy this link and send it to someone you want to " . 'invite to register on your ThinkUp installation.<br /><a href="' . $invite_link . '">' . $invite_link . '</a><br /> Good for one new registration. Expires in 7 days.', 'invite'); } else { $this->addErrorMessage("There was an error creating a new invite. Please try again.", 'invite'); } } //process service user deletion if (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['instance_id']) && is_numeric($_POST['instance_id'])) { $owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO'); $instance_dao = DAOFactory::getDAO('InstanceDAO'); $instance = $instance_dao->get($_POST['instance_id']); if (isset($instance)) { // verify CSRF token $this->validateCSRFToken(); if ($this->isAdmin()) { //delete all owner_instances $owner_instance_dao->deleteByInstance($instance->id); //delete instance $instance_dao->delete($instance->network_username, $instance->network); $this->addSuccessMessage('Account deleted.', 'account'); } else { if ($owner_instance_dao->doesOwnerHaveAccess($owner, $instance)) { //delete owner instance $total_deletions = $owner_instance_dao->delete($owner->id, $instance->id); if ($total_deletions > 0) { //delete instance if no other owners have it $remaining_owner_instances = $owner_instance_dao->getByInstance($instance->id); if (sizeof($remaining_owner_instances) == 0) { $instance_dao->delete($instance->network_username, $instance->network); } $this->addSuccessMessage('Account deleted.', 'account'); } } else { $this->addErrorMessage('Insufficient privileges.', 'account'); } } } else { $this->addErrorMessage('Instance doesn\'t exist.', 'account'); } } $this->view_mgr->clear_all_cache(); /* Begin plugin-specific configuration handling */ if (isset($_GET['p'])) { // add config js to header if ($this->isAdmin()) { $this->addHeaderJavaScript('assets/js/plugin_options.js'); } $active_plugin = $_GET['p']; $pobj = $webapp->getPluginObject($active_plugin); $p = new $pobj(); $this->addToView('body', $p->renderConfiguration($owner)); $profiler = Profiler::getInstance(); $profiler->clearLog(); } else { $pld = DAOFactory::getDAO('PluginDAO'); $config = Config::getInstance(); $installed_plugins = $pld->getInstalledPlugins($config->getValue("source_root_path")); $this->addToView('installed_plugins', $installed_plugins); } /* End plugin-specific configuration handling */ if ($owner->is_admin) { if (!isset($instance_dao)) { $instance_dao = DAOFactory::getDAO('InstanceDAO'); } $owners = $owner_dao->getAllOwners(); foreach ($owners as $o) { $instances = $instance_dao->getByOwner($o, true); $o->setInstances($instances); } $this->addToView('owners', $owners); $this->addToView('public_instances', $instance_dao->getPublicInstances()); } return $this->generateView(); }
/** * Executes the query, with the bound values * @param str $sql * @param array $binds * @return PDOStatement */ protected final function execute($sql, $binds = array()) { if ($this->profiler_enabled) { $start_time = microtime(true); } $sql = preg_replace("/#prefix#/", self::$prefix, $sql); $sql = preg_replace("/#gmt_offset#/", self::$gmt_offset, $sql); $stmt = self::$PDO->prepare($sql); if (is_array($binds) and count($binds) >= 1) { foreach ($binds as $key => $value) { if (is_int($value)) { $stmt->bindValue($key, $value, PDO::PARAM_INT); } else { $stmt->bindValue($key, $value, PDO::PARAM_STR); } } } try { $stmt->execute(); } catch (PDOException $e) { $config = Config::getInstance(); $exception_details = 'Database error! '; if ($config->getValue('debug')) { $exception_details .= '<br>ThinkUp could not execute the following query:<br> ' . str_replace(chr(10), "", $stmt->queryString) . ' <br>PDOException: ' . $e->getMessage(); } else { $exception_details .= '<br>To see the technical details of what went wrong, set debug = true in ThinkUp\'s config file.'; } throw new PDOException($exception_details); } if ($this->profiler_enabled) { $end_time = microtime(true); $total_time = $end_time - $start_time; $profiler = Profiler::getInstance(); $sql_with_params = Utils::mergeSQLVars($stmt->queryString, $binds); $profiler->add($total_time, $sql_with_params, true, $stmt->rowCount()); } return $stmt; }
public function authControl() { $this->disableCaching(); //passsswd reset validation $this->addHeaderCSS('assets/css/validate_password.css'); $this->addHeaderJavaScript('assets/js/jquery.validate.min.js'); $this->addHeaderJavaScript('assets/js/jquery.validate.password.js'); $this->addHeaderJavaScript('assets/js/validate_password.js'); $webapp = Webapp::getInstance(); $owner_dao = DAOFactory::getDAO('OwnerDAO'); $invite_dao = DAOFactory::getDAO('InviteDAO'); $owner = $owner_dao->getByEmail($this->getLoggedInUser()); $this->addToView('owner', $owner); $this->addToView('logo_link', ''); $this->view_mgr->addHelp('api', 'userguide/api/posts/index'); $this->view_mgr->addHelp('application_settings', 'userguide/settings/application'); $this->view_mgr->addHelp('users', 'userguide/settings/allaccounts'); $this->view_mgr->addHelp('backup', 'install/backup'); $this->view_mgr->addHelp('account', 'userguide/settings/account'); //process password change if (isset($_POST['changepass']) && $_POST['changepass'] == 'Change password' && isset($_POST['oldpass']) && isset($_POST['pass1']) && isset($_POST['pass2'])) { // Check their old password is correct if (!$owner_dao->isOwnerAuthorized($this->getLoggedInUser(), $_POST['oldpass'])) { $this->addErrorMessage("Old password does not match or empty.", 'password'); } elseif ($_POST['pass1'] != $_POST['pass2']) { $this->addErrorMessage("New passwords did not match. Your password has not been changed.", 'password'); } elseif (!preg_match("/(?=.{8,})(?=.*[a-zA-Z])(?=.*[0-9])/", $_POST['pass1'])) { $this->addErrorMessage("Your new password must be at least 8 characters and contain both numbers " . "and letters. Your password has not been changed.", 'password'); } else { // verify CSRF token $this->validateCSRFToken(); // Try to update the password if ($owner_dao->updatePassword($this->getLoggedInUser(), $_POST['pass1']) < 1) { $this->addErrorMessage("Your password has NOT been updated.", 'password'); } else { $this->addSuccessMessage("Your password has been updated.", 'password'); } } } //reset api_key if (isset($_POST['reset_api_key']) && $_POST['reset_api_key'] == 'Reset API Key') { $this->validateCSRFToken(); $api_key = $owner_dao->resetAPIKey($owner->id); if (!$api_key) { throw new Exception("Unbale to update user's api_key, something bad must have happened"); } $this->addSuccessMessage("Your API Key has been reset! Please update your ThinkUp RSS feed subscription.", 'api_key'); $owner->api_key = $api_key; } // process invite if (isset($_POST['invite']) && $_POST['invite'] == 'Create Invitation') { // verify CSRF token $this->validateCSRFToken(); $invite_code = substr(md5(uniqid(rand(), true)), 0, 10); $invite_added = $invite_dao->addInviteCode($invite_code); if ($invite_added == 1) { //invite generated and inserted $server = $_SERVER['HTTP_HOST']; $invite_link = Utils::getApplicationURL() . 'session/register.php?code=' . $invite_code; $this->addSuccessMessage("Invitation created!<br />Copy this link and send it to someone you want to " . 'invite to register on your ThinkUp installation.<br /><a href="' . $invite_link . '" id="clippy_12345">' . $invite_link . '</a> <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="100" height="14" class="clippy" id="clippy" > <param name="movie" value="' . Utils::getApplicationURL() . 'assets/flash/clippy.swf"/> <param name="allowScriptAccess" value="always" /> <param name="quality" value="high" /> <param name="scale" value="noscale" /> <param NAME="FlashVars" value="id=clippy_12345&copied=copied!&copyto=copy to clipboard"> <param name="bgcolor" value="#D5F0FC"> <param name="wmode" value="opaque"> <embed src="' . Utils::getApplicationURL() . 'assets/flash/clippy.swf" width="100" height="14" name="clippy" quality="high" allowScriptAccess="always" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" FlashVars="id=clippy_12345&copied=copied!&copyto=copy to clipboard" bgcolor="#D5F0FC" wmode="opaque"/></object> <br /> Good for one new registration. Expires in 7 days.', 'invite', true); } else { $this->addErrorMessage("There was an error creating a new invite. Please try again.", 'invite'); } } //process service user deletion if (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['instance_id']) && is_numeric($_POST['instance_id'])) { $owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO'); $instance_dao = DAOFactory::getDAO('InstanceDAO'); $instance = $instance_dao->get($_POST['instance_id']); if (isset($instance)) { // verify CSRF token $this->validateCSRFToken(); if ($this->isAdmin()) { //delete all owner_instances $owner_instance_dao->deleteByInstance($instance->id); //delete instance $instance_dao->delete($instance->network_username, $instance->network); $this->addSuccessMessage('Account deleted.', 'account'); } else { if ($owner_instance_dao->doesOwnerHaveAccessToInstance($owner, $instance)) { //delete owner instance $total_deletions = $owner_instance_dao->delete($owner->id, $instance->id); if ($total_deletions > 0) { //delete instance if no other owners have it $remaining_owner_instances = $owner_instance_dao->getByInstance($instance->id); if (sizeof($remaining_owner_instances) == 0) { $instance_dao->delete($instance->network_username, $instance->network); } $this->addSuccessMessage('Account deleted.', 'account'); } } else { $this->addErrorMessage('Insufficient privileges.', 'account'); } } } else { $this->addErrorMessage('Instance doesn\'t exist.', 'account'); } } $this->view_mgr->clear_all_cache(); /* Begin plugin-specific configuration handling */ if (isset($_GET['p'])) { // add config js to header if ($this->isAdmin()) { $this->addHeaderJavaScript('assets/js/plugin_options.js'); } $active_plugin = $_GET['p']; $pobj = $webapp->getPluginObject($active_plugin); $p = new $pobj(); $this->addToView('body', $p->renderConfiguration($owner)); $profiler = Profiler::getInstance(); $profiler->clearLog(); } else { $plugin_dao = DAOFactory::getDAO('PluginDAO'); $config = Config::getInstance(); $installed_plugins = $plugin_dao->getInstalledPlugins(); $this->addToView('installed_plugins', $installed_plugins); } /* End plugin-specific configuration handling */ if ($owner->is_admin) { if (!isset($instance_dao)) { $instance_dao = DAOFactory::getDAO('InstanceDAO'); } $owners = $owner_dao->getAllOwners(); foreach ($owners as $o) { $instances = $instance_dao->getByOwner($o, true); $o->setInstances($instances); } $this->addToView('owners', $owners); $this->addToView('public_instances', $instance_dao->getPublicInstances()); } $whichphp = @exec('which php'); $php_path = !empty($whichphp) ? $whichphp : 'php'; $email = $this->getLoggedInUser(); //rss_crawl_url $rss_crawl_url = Utils::getApplicationURL() . sprintf('crawler/rss.php?un=%s&as=%s', urlencode($email), $owner->api_key); $this->addToView('rss_crawl_url', $rss_crawl_url); //cli_crawl_command $cli_crawl_command = 'cd ' . THINKUP_WEBAPP_PATH . 'crawler/;export THINKUP_PASSWORD=yourpassword; ' . $php_path . ' crawl.php ' . $email; $this->addToView('cli_crawl_command', $cli_crawl_command); //help link $this->view_mgr->addHelp('rss', 'userguide/datacapture'); return $this->generateView(); }
/** * Invoke the controller * * Always use this method, not control(), to invoke the controller. * @TODO show get 500 error template on Exception * (if debugging is true, pass the exception details to the 500 template) */ public function go() { try { $this->initalizeApp(); // are we in need of a database migration? $classname = get_class($this); if ($classname != 'InstallerController' && $classname != 'BackupController' && UpgradeDatabaseController::isUpgrading($this->isAdmin(), $classname)) { $this->setViewTemplate('install.upgradeneeded.tpl'); $this->disableCaching(); $option_dao = DAOFactory::getDAO('OptionDAO'); $option_dao->clearSessionData(OptionDAO::APP_OPTIONS); return $this->generateView(); } else { $results = $this->control(); if ($this->profiler_enabled && !isset($this->json_data) && strpos($this->content_type, 'text/javascript') === false && strpos($this->content_type, 'text/csv') === false) { $end_time = microtime(true); $total_time = $end_time - $this->start_time; $profiler = Profiler::getInstance(); $this->disableCaching(); $profiler->add($total_time, "total page execution time, running " . $profiler->total_queries . " queries."); $this->setViewTemplate('_profiler.tpl'); $this->addToView('profile_items', $profiler->getProfile()); return $results . $this->generateView(); } else { return $results; } } } catch (ControllerAuthException $e) { Utils::setDefaultTimezonePHPini(); $this->setErrorTemplateState(); $this->addToView('error_type', get_class($e)); $config = Config::getInstance(); $message = 'You must <a href="' . $config->getValue('site_root_path') . 'session/login.php">log in</a> to do this.'; $this->addErrorMessage($message, null, true); return $this->generateView(); } catch (ConfigurationException $e) { $this->setErrorTemplateState(); $this->addToView('error_type', get_class($e)); $message = 'ThinkUp\'s configuration file does not exist! Try <a href="' . Utils::getSiteRootPathFromFileSystem() . 'install/">installing ThinkUp.</a>'; $this->addErrorMessage($message, null, true); return $this->generateView(); } catch (Exception $e) { Utils::setDefaultTimezonePHPini(); $this->setErrorTemplateState(); $this->addToView('error_type', get_class($e)); $disable_xss = false; // if we are an installer exception, don't filter XSS, we have markup, and we trust this content if (get_class($e) == 'InstallerException') { $disable_xss = true; } $this->addErrorMessage($e->getMessage(), null, $disable_xss); return $this->generateView(); } }
public function authControl() { $webapp = Webapp::getInstance(); $owner_dao = DAOFactory::getDAO('OwnerDAO'); $owner = $owner_dao->getByEmail($this->getLoggedInUser()); $this->addToView('owner', $owner); //proces password change if (isset($_POST['changepass']) && $_POST['changepass'] == 'Change password' && isset($_POST['oldpass']) && isset($_POST['pass1']) && isset($_POST['pass2'])) { $origpass = $owner_dao->getPass($this->getLoggedInUser()); if (!$this->app_session->pwdCheck($_POST['oldpass'], $origpass)) { $this->addErrorMessage("Old password does not match or empty."); } elseif ($_POST['pass1'] != $_POST['pass2']) { $this->addErrorMessage("New passwords did not match. Your password has not been changed."); } elseif (strlen($_POST['pass1']) < 5) { $this->addErrorMessage("New password must be at least 5 characters. " . "Your password has not been changed."); } else { $cryptpass = $this->app_session->pwdcrypt($_POST['pass1']); $owner_dao->updatePassword($this->getLoggedInUser(), $cryptpass); $this->addSuccessMessage("Your password has been updated."); } } //process account deletion if (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['instance_id']) && is_numeric($_POST['instance_id'])) { $owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO'); $instance_dao = DAOFactory::getDAO('InstanceDAO'); $instance = $instance_dao->get($_POST['instance_id']); if (isset($instance)) { if ($this->isAdmin()) { //delete all owner_instances $owner_instance_dao->deleteByInstance($instance->id); //delete instance $instance_dao->delete($instance->network_username, $instance->network); $this->addSuccessMessage('Account deleted.'); } else { if ($owner_instance_dao->doesOwnerHaveAccess($owner, $instance)) { //delete owner instance $total_deletions = $owner_instance_dao->delete($owner->id, $instance->id); if ($total_deletions > 0) { //delete instance if no other owners have it $remaining_owner_instances = $owner_instance_dao->getByInstance($instance->id); if (sizeof($remaining_owner_instances) == 0) { $instance_dao->delete($instance->network_username, $instance->network); } $this->addSuccessMessage('Account deleted.'); } } else { $this->addErrorMessage('Insufficient privileges.'); } } } else { $this->addErrorMessage('Instance doesn\'t exist.'); } } $this->view_mgr->clear_all_cache(); /* Begin plugin-specific configuration handling */ if (isset($_GET['p'])) { // add config js to header if ($this->isAdmin()) { $this->addHeaderJavaScript('assets/js/plugin_options.js'); } $active_plugin = $_GET['p']; $pobj = $webapp->getPluginObject($active_plugin); $p = new $pobj(); $this->addToView('body', $p->renderConfiguration($owner)); $profiler = Profiler::getInstance(); $profiler->clearLog(); } else { $pld = DAOFactory::getDAO('PluginDAO'); $config = Config::getInstance(); $installed_plugins = $pld->getInstalledPlugins($config->getValue("source_root_path")); $this->addToView('installed_plugins', $installed_plugins); } /* End plugin-specific configuration handling */ if ($owner->is_admin) { if (!isset($instance_dao)) { $instance_dao = DAOFactory::getDAO('InstanceDAO'); } $owners = $owner_dao->getAllOwners(); foreach ($owners as $o) { $instances = $instance_dao->getByOwner($o, true); $o->setInstances($instances); } $this->addToView('owners', $owners); } return $this->generateView(); }
/** * Invoke the controller * * Always use this method, not control(), to invoke the controller. * @TODO show get 500 error template on Exception * (if debugging is true, pass the exception details to the 500 template) */ public function go() { try { $this->initalizeApp(); $results = $this->control(); if ($this->profiler_enabled && !isset($this->json_data) && strpos($this->content_type, 'text/javascript') === false) { $end_time = microtime(true); $total_time = $end_time - $this->start_time; $profiler = Profiler::getInstance(); $this->disableCaching(); $profiler->add($total_time, "total page execution time, running " . $profiler->total_queries . " queries."); $this->setViewTemplate('_profiler.tpl'); $this->addToView('profile_items', $profiler->getProfile()); return $results . $this->generateView(); } else { return $results; } } catch (Exception $e) { //Explicitly set TZ (before we have user's choice) to avoid date() warning about using system settings date_default_timezone_set('America/Los_Angeles'); $content_type = $this->content_type; if (strpos($content_type, ';') !== FALSE) { $content_type = array_shift(explode(';', $content_type)); } switch ($content_type) { case 'application/json': $this->setViewTemplate('500.json.tpl'); break; case 'text/plain': $this->setViewTemplate('500.txt.tpl'); break; default: $this->setViewTemplate('500.tpl'); } $this->addToView('error_type', get_class($e)); $this->addErrorMessage($e->getMessage()); return $this->generateView(); } }
public function authControl() { $this->disableCaching(); $this->addHeaderJavaScript('assets/js/jqBootstrapValidation.js'); $this->addHeaderJavaScript('assets/js/validate-fields.js'); $this->addHeaderJavaScript('assets/js/jstz-1.0.4.min.js'); $owner_dao = DAOFactory::getDAO('OwnerDAO'); $invite_dao = DAOFactory::getDAO('InviteDAO'); $owner = $owner_dao->getByEmail($this->getLoggedInUser()); $this->addToView('owner', $owner); $this->addToView('notification_options', $this->notification_frequencies); $this->addToView('tz_list', Installer::getTimeZoneList()); $this->view_mgr->addHelp('api', 'userguide/api/posts/index'); $this->view_mgr->addHelp('application_settings', 'userguide/settings/application'); $this->view_mgr->addHelp('users', 'userguide/settings/allaccounts'); $this->view_mgr->addHelp('backup', 'install/backup'); $this->view_mgr->addHelp('account', 'userguide/settings/account'); //process password change if (isset($_POST['changepass']) && $_POST['changepass'] == 'Change password' && isset($_POST['oldpass']) && isset($_POST['pass1']) && isset($_POST['pass2'])) { // Check their old password is correct if (!$owner_dao->isOwnerAuthorized($this->getLoggedInUser(), $_POST['oldpass'])) { $this->addErrorMessage("Password is incorrect.", 'password'); } elseif ($_POST['pass1'] != $_POST['pass2']) { $this->addErrorMessage("New passwords did not match. Your password has not been changed.", 'password'); } elseif (!preg_match("/(?=.{8,})(?=.*[a-zA-Z])(?=.*[0-9])/", $_POST['pass1'])) { $this->addErrorMessage("Your new password must be at least 8 characters and contain both numbers " . "and letters. Your password has not been changed.", 'password'); } else { // verify CSRF token $this->validateCSRFToken(); // Try to update the password if ($owner_dao->updatePassword($this->getLoggedInUser(), $_POST['pass1']) < 1) { $this->addErrorMessage("Your password has NOT been updated.", 'password'); } else { $this->addSuccessMessage("Your password has been updated.", 'password'); } } } //reset api_key if (isset($_POST['reset_api_key']) && $_POST['reset_api_key'] == 'Reset API Key') { $this->validateCSRFToken(); $api_key = $owner_dao->resetAPIKey($owner->id); if (!$api_key) { throw new Exception("Unbale to update user's api_key, something bad must have happened"); } $this->addSuccessMessage("Your API Key has been reset! Please update your ThinkUp RSS feed subscription.", 'api_key'); $owner->api_key = $api_key; } // process invite if (isset($_POST['invite']) && $_POST['invite'] == 'Create Invitation') { // verify CSRF token $this->validateCSRFToken(); $invite_code = substr(md5(uniqid(rand(), true)), 0, 10); $invite_added = $invite_dao->addInviteCode($invite_code); if ($invite_added == 1) { //invite generated and inserted $invite_link = Utils::getApplicationURL() . 'session/register.php?code=' . $invite_code; $this->addSuccessMessage("Invitation created!<br />Copy this link and send it to someone you want to " . 'invite to register on your ThinkUp installation.<br /><a href="' . $invite_link . '" id="clippy_12345">' . $invite_link . '</a> <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="100" height="14" class="clippy" id="clippy" > <param name="movie" value="' . Utils::getApplicationURL() . 'assets/flash/clippy.swf"/> <param name="allowScriptAccess" value="always" /> <param name="quality" value="high" /> <param name="scale" value="noscale" /> <param NAME="FlashVars" value="id=clippy_12345&copied=copied!&copyto=copy to clipboard"> <param name="bgcolor" value="#D5F0FC"> <param name="wmode" value="opaque"> <embed src="' . Utils::getApplicationURL() . 'assets/flash/clippy.swf" width="100" height="14" name="clippy" quality="high" allowScriptAccess="always" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" FlashVars="id=clippy_12345&copied=copied!&copyto=copy to clipboard" bgcolor="#dff0d8" wmode="opaque"/></object> <br /> Good for one new registration. Expires in 7 days.', 'invite', true); } else { $this->addErrorMessage("There was an error creating a new invite. Please try again.", 'invite'); } } //process service user deletion if (isset($_POST['action']) && $_POST['action'] == 'Delete' && isset($_POST['instance_id']) && is_numeric($_POST['instance_id']) && !isset($_POST['hashtag_id']) && !isset($_POST['new_hashtag_name'])) { $owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO'); $instance_dao = DAOFactory::getDAO('InstanceDAO'); $instancehashtag_dao = DAOFactory::getDAO('InstanceHashtagDAO'); $hashtagpost_dao = DAOFactory::getDAO('HashtagPostDAO'); $hashtag_dao = DAOFactory::getDAO('HashtagDAO'); $instance = $instance_dao->get($_POST['instance_id']); $message = ''; if (isset($instance)) { // verify CSRF token $this->validateCSRFToken(); if ($this->isAdmin()) { //Retrieve this instance's saved searches $instances_hashtags = $instancehashtag_dao->getByInstance($instance->id); $deleted_searches = 0; foreach ($instances_hashtags as $instance_hashtag) { $hashtag_id = $instance_hashtag->hashtag_id; $deleted_searches += $instancehashtag_dao->delete($instance_hashtag->instance_id, $hashtag_id); //Continue deletions if no other owner has saved this search if (!$instancehashtag_dao->isHashtagSaved($hashtag_id)) { $deleted_searchposts = $hashtagpost_dao->deleteHashtagsPostsByHashtagID($hashtag_id); $deleted_hashtag = $hashtag_dao->deleteHashtagByID($hashtag_id); } } //delete all owner_instances $owner_instance_dao->deleteByInstance($instance->id); //delete instance $instance_dao->delete($instance->network_username, $instance->network); $this->addSuccessMessage('Account ' . ($deleted_searches > 0 ? 'and its saved searches ' : '') . 'deleted.', 'account'); } else { if ($owner_instance_dao->doesOwnerHaveAccessToInstance($owner, $instance)) { //delete owner instance $total_deletions = $owner_instance_dao->delete($owner->id, $instance->id); if ($total_deletions > 0) { //delete instance if no other owners have it $remaining_owner_instances = $owner_instance_dao->getByInstance($instance->id); $deleted_searches = 0; if (sizeof($remaining_owner_instances) == 0) { //Retrieve this instance's saved searches $instances_hashtags = $instancehashtag_dao->getByInstance($instance->id); foreach ($instances_hashtags as $instance_hashtag) { $hashtag_id = $instance_hashtag->hashtag_id; $deleted_searches += $instancehashtag_dao->delete($instance_hashtag->instance_id, $hashtag_id); //Continue deletions if no other owner has saved this search if (!$instancehashtag_dao->isHashtagSaved($hashtag_id)) { $deleted_searchposts = $hashtagpost_dao->deleteHashtagsPostsByHashtagID($hashtag_id); $deleted_hashtag = $hashtag_dao->deleteHashtagByID($hashtag_id); } } $instance_dao->delete($instance->network_username, $instance->network); } $this->addSuccessMessage('Account ' . ($deleted_searches > 0 ? 'and its saved searches ' : '') . 'deleted.', 'account'); } } else { $this->addErrorMessage('Insufficient privileges.', 'account'); } } } else { $this->addErrorMessage('Instance doesn\'t exist.', 'account'); } } //process hashtag deletion if (isset($_POST['action']) && $_POST['action'] == 'Delete' && isset($_POST['hashtag_id']) && is_numeric($_POST['hashtag_id']) && isset($_POST['instance_id']) && is_numeric($_POST['instance_id'])) { $instancehashtag_dao = DAOFactory::getDAO('InstanceHashtagDAO'); $hashtag_dao = DAOFactory::getDAO('HashtagDAO'); $hashtagpost_dao = DAOFactory::getDAO('HashtagPostDAO'); $hashtag_id = $_POST['hashtag_id']; $instance_id = $_POST['instance_id']; $instance_dao = DAOFactory::getDAO('InstanceDAO'); $instance = $instance_dao->get($instance_id); if (isset($instance)) { $instances_hashtags_deleted = $instancehashtag_dao->delete($instance_id, $hashtag_id); if (!$instancehashtag_dao->isHashtagSaved($hashtag_id)) { $deleted_searchposts = $hashtagpost_dao->deleteHashtagsPostsByHashtagID($hashtag_id); $deleted_hashtag = $hashtag_dao->deleteHashtagByID($hashtag_id); } $message = "Deleted saved search."; $this->addSuccessMessage($message, 'account'); } else { $this->addErrorMessage('Instance doesn\'t exist.', 'account'); } } //process service user hashtag addition if (isset($_POST['action']) && $_POST['action'] == 'Save search' && isset($_POST['new_hashtag_name']) && $_POST['new_hashtag_name'] != '' && isset($_POST['instance_id']) && is_numeric($_POST['instance_id'])) { $instancehashtag_dao = DAOFactory::getDAO('InstanceHashtagDAO'); $hashtag_dao = DAOFactory::getDAO('HashtagDAO'); $instance_id = $_POST['instance_id']; $new_hashtag_name = $_POST['new_hashtag_name']; //Check if $new_hashtag_name is an individual word (no spaces) if (strpos($new_hashtag_name, " ") === false) { $instance_dao = DAOFactory::getDAO('InstanceDAO'); $instance = $instance_dao->get($instance_id); if (isset($instance)) { $hashtag = $hashtag_dao->getHashtag($new_hashtag_name, $instance->network); if (!isset($hashtag)) { $hashtag_id = $hashtag_dao->insertHashtag($new_hashtag_name, $instance->network); $row_inserted = $instancehashtag_dao->insert($instance_id, $hashtag_id); $message = "Saved search for " . $new_hashtag_name . "."; $this->addSuccessMessage($message, 'account'); } else { $row_inserted = $instancehashtag_dao->insert($instance_id, $hashtag->id); $message = "Saved search for " . $new_hashtag_name . "."; $this->addSuccessMessage($message, 'account'); } } else { $this->addErrorMessage('Instance doesn\'t exist.', 'account'); } } else { $this->addErrorMessage('You can only search for an individual keyword or hashtag, not a phrase. ' . 'Please try again.', 'account'); } } //process change to notification frequency if (isset($_POST['updatefrequency'])) { $this->validateCSRFToken(); $new_freq = isset($_POST['notificationfrequency']) ? $_POST['notificationfrequency'] : null; $updates = 0; if ($new_freq && isset($this->notification_frequencies[$new_freq])) { $updates = $owner_dao->setEmailNotificationFrequency($this->getLoggedInUser(), $new_freq); } if ($updates > 0) { // Update the user in the view to match $owner->email_notification_frequency = $new_freq; $this->addToView('owner', $owner); $this->addSuccessMessage('Your email notification frequency has been updated.', 'notifications'); } } //process change to timezone if (isset($_POST['updatetimezone'])) { $this->validateCSRFToken(); $new_tz = isset($_POST['timezone']) ? $_POST['timezone'] : null; $updates = 0; if (isset($new_tz)) { $possible_timezones = timezone_identifiers_list(); if (in_array($new_tz, $possible_timezones)) { $updates = $owner_dao->setTimezone($this->getLoggedInUser(), $new_tz); } } if ($updates > 0) { // Update the user in the view to match $owner->timezone = $new_tz; $this->addToView('owner', $owner); $this->addSuccessMessage('Your time zone has been saved.', 'timezone'); } } $this->view_mgr->clear_all_cache(); /* Begin plugin-specific configuration handling */ if (isset($_GET['p']) && !isset($_GET['u'])) { // add config js to header if ($this->isAdmin()) { $this->addHeaderJavaScript('assets/js/plugin_options.js'); } $active_plugin = $_GET['p']; $webapp_plugin_registrar = PluginRegistrarWebapp::getInstance(); $pobj = $webapp_plugin_registrar->getPluginObject($active_plugin); $p = new $pobj(); $this->addToView('body', $p->renderConfiguration($owner)); $this->addToView('force_plugin', true); $profiler = Profiler::getInstance(); $profiler->clearLog(); } elseif (isset($_GET['p']) && isset($_GET['u']) && isset($_GET['n'])) { if ($this->isAdmin()) { $this->addHeaderJavaScript('assets/js/plugin_options.js'); } $active_plugin = $_GET['p']; $instance_username = $_GET['u']; $instance_network = $_GET['n']; $webapp_plugin_registrar = PluginRegistrarWebapp::getInstance(); $pobj = $webapp_plugin_registrar->getPluginObject($active_plugin); $p = new $pobj(); $this->addToView('body', $p->renderInstanceConfiguration($owner, $instance_username, $instance_network)); $this->addToView('force_plugin', true); $profiler = Profiler::getInstance(); $profiler->clearLog(); } $plugin_dao = DAOFactory::getDAO('PluginDAO'); $config = Config::getInstance(); $installed_plugins = $plugin_dao->getInstalledPlugins(); $this->addToView('installed_plugins', $installed_plugins); /* End plugin-specific configuration handling */ if ($owner->is_admin) { if (!isset($instance_dao)) { $instance_dao = DAOFactory::getDAO('InstanceDAO'); } $owners = $owner_dao->getAllOwners(); foreach ($owners as $o) { $instances = $instance_dao->getByOwner($o, true); $o->setInstances($instances); } $this->addToView('owners', $owners); $this->addToView('public_instances', $instance_dao->getPublicInstances()); } $whichphp = @exec('which php'); $php_path = !empty($whichphp) ? $whichphp : 'php'; $email = $this->getLoggedInUser(); //rss_crawl_url $rss_crawl_url = Utils::getApplicationURL() . sprintf('crawler/rss.php?un=%s&as=%s', urlencode($email), $owner->api_key); $this->addToView('rss_crawl_url', $rss_crawl_url); //cli_crawl_command $cli_crawl_command = 'cd ' . THINKUP_WEBAPP_PATH . 'crawler/;export THINKUP_PASSWORD=yourpassword; ' . $php_path . ' crawl.php ' . $email; $this->addToView('cli_crawl_command', $cli_crawl_command); //help link $this->view_mgr->addHelp('rss', 'userguide/datacapture'); return $this->generateView(); }
/** * Invoke the controller * * Always use this method, not control(), to invoke the controller. * @TODO show get 500 error template on Exception * (if debugging is true, pass the exception details to the 500 template) */ public function go() { try { $this->initalizeApp(); // are we in need of a database migration? $classname = get_class($this); if ($classname != 'InstallerController' && $classname != 'BackupController' && UpgradeController::isUpgrading($this->isAdmin(), $classname)) { $this->setViewTemplate('install.upgradeneeded.tpl'); $this->disableCaching(); $option_dao = DAOFactory::getDAO('OptionDAO'); $option_dao->clearSessionData(OptionDAO::APP_OPTIONS); return $this->generateView(); } else { $results = $this->control(); if ($this->profiler_enabled && !isset($this->json_data) && strpos($this->content_type, 'text/javascript') === false && strpos($this->content_type, 'text/csv') === false) { $end_time = microtime(true); $total_time = $end_time - $this->start_time; $profiler = Profiler::getInstance(); $this->disableCaching(); $profiler->add($total_time, "total page execution time, running " . $profiler->total_queries . " queries."); $this->setViewTemplate('_profiler.tpl'); $this->addToView('profile_items', $profiler->getProfile()); return $results . $this->generateView(); } else { return $results; } } } catch (Exception $e) { //Explicitly set TZ (before we have user's choice) to avoid date() warning about using system settings date_default_timezone_set('America/Los_Angeles'); $content_type = $this->content_type; if (strpos($content_type, ';') !== false) { $exploded = explode(';', $content_type); $content_type = array_shift($exploded); } switch ($content_type) { case 'application/json': $this->setViewTemplate('500.json.tpl'); break; case 'text/plain': $this->setViewTemplate('500.txt.tpl'); break; default: $this->setViewTemplate('500.tpl'); } $this->addToView('error_type', get_class($e)); $this->addErrorMessage($e->getMessage()); return $this->generateView(); } }
/** * Executes the query, with the bound values * @param str $sql * @param array $binds * @return PDOStatement */ protected final function execute($sql, $binds = array()) { if ($this->profiler_enabled) { $start_time = microtime(true); } $sql = preg_replace("/#prefix#/", $this->prefix, $sql); $sql = preg_replace("/#gmt_offset#/", $this->gmt_offset, $sql); $stmt = self::$PDO->prepare($sql); if (is_array($binds) and count($binds) >= 1) { foreach ($binds as $key => $value) { if (is_int($value)) { $stmt->bindValue($key, $value, PDO::PARAM_INT); } else { $stmt->bindValue($key, $value, PDO::PARAM_STR); } } } $stmt->execute(); if ($this->profiler_enabled) { $end_time = microtime(true); $total_time = $end_time - $start_time; $profiler = Profiler::getInstance(); $profiler->add($total_time, $sql, true, $stmt->rowCount()); } return $stmt; }