/** * A widget that lists all comments for a given recipe * @param Recipe $recipe A recipe object **/ public function __construct($recipe) { $GLOBALS['RTK']->AddJavascript('/commentview.js'); parent::__construct('CommentView'); if (is_a($recipe, 'Recipe')) { $this->AddChild(new RTK_Header('Comments')); $comments = Comment::LoadComments('R=' . $recipe->GetId()); $box = null; if (sizeof($comments) > 0) { $box = new RTK_Box('Comments'); $this->TraverseComment($box, $comments); } else { if (Login::IsLoggedIn()) { $message = 'No comments yet, be the first to comment on this recipe!'; } else { $message = 'No comments yet, log in and be the first to comment on this recipe!'; } $box = new RTK_Textview($message, false, null, 'commentnone'); } if (Site::HasHttps() && Login::IsLoggedIn()) { $form = new RTK_Form('CommentForm'); $form->AddChild($box); $inputbox = new RTK_Box('NewComment'); $inputbox->AddChild(new HtmlElement('a', array('href' => '#', 'onclick' => 'SelectComment(\'\')'), 'New comment')); $inputbox->AddChild(new HtmlElement('input', array('name' => 'CommentSelect', 'id' => 'CommentSelect', 'type' => 'hidden'))); $inputbox->AddChild(new HtmlElement('input', array('name' => 'CommentInput', 'id' => 'CommentInput', 'type' => 'text', 'autocomplete' => 'off'))); $inputbox->AddChild(new RTK_Button('submit', 'Send')); $form->AddChild($inputbox); $this->AddChild($form); } else { $this->AddChild($box); } } }
/** * A widget that lists all comments for a given article * @param string $articleid The id of the article **/ public function __construct($articleid) { parent::__construct('CommentView'); $this->AddJavascript(RTK_DIRECTORY . 'script/rtk-commentview.js'); if ($articleid != null) { $this->AddChild(new RTK_Header('Comments')); $this->_display = new HtmlElement(); $this->_commentbox = new RTK_Box('Comments'); $this->_comments = Comment::LoadComments($articleid); if (sizeof($this->_comments) > 0) { $this->TraverseComment($this->_commentbox, $this->_comments); } if (Login::IsLoggedIn()) { $message = 'No comments yet, be the first to comment on this recipe!'; } else { $message = 'No comments yet, log in and be the first to comment on this recipe!'; } $this->_nocomments = new RTK_Textview($message, false, null, 'commentnone'); if (Site::HasHttps() && Login::IsLoggedIn()) { $form = new RTK_Form('CommentForm', EMPTYSTRING, 'POST', true, array('autocomplete' => 'off')); $form->AddChild($this->_commentbox); $inputbox = new RTK_Box('NewComment'); $inputbox->AddChild(new HtmlElement('a', array('href' => '#', 'onclick' => 'SelectComment(\'\')'), 'New comment')); $inputbox->AddChild(new HtmlElement('input', array('name' => 'CommentSelect', 'id' => 'CommentSelect', 'type' => 'hidden'))); $inputbox->AddChild(new HtmlElement('input', array('name' => 'CommentInput', 'id' => 'CommentInput', 'type' => 'text', 'autocomplete' => 'off'))); $inputbox->AddChild(new RTK_Button('submit', 'Send')); $form->AddChild($inputbox); $this->_commentbox = $form; } $this->AddChild($this->_display); } }
/** * Returns true if the client is connecting via HTTPS, otherwise it returns false. * @param boolean $forcehttps Specify if the link has to have https */ public static function GetBaseURL($forcehttps = false) { if (Site::HasHttps() || $forcehttps) { return 'https://' . BASEURL; } else { return 'http://' . BASEURL; } }
public static function Insert($message, $recipe, $id = EMPTYSTRING) { $result = false; if (Site::HasHttps() && Login::IsLoggedIn()) { if (Value::SetAndNotEmpty($message) && Value::SetAndNotNull($recipe)) { $path = 'R=' . $recipe; if ($id != EMPTYSTRING) { if ($stmt = Database::GetLink()->prepare('SELECT `comment_path` FROM `Comment` WHERE `comment_path` LIKE ?;')) { $stmt->bindParam(1, $path, PDO::PARAM_STR, 255); $stmt->execute(); $stmt->bindColumn(1, $result); $stmt->fetch(); $stmt->closeCursor(); if ($result != null && _string::StartsWith($result, $path)) { $path = $result . '>' . $id; } else { $path = null; } } } if ($path != null) { $userid = Login::GetId(); $timestamp = time(); if ($stmt = Database::GetLink()->prepare('INSERT INTO `Comment` (`user_id`, `comment_path`, `comment_contents`, `sent_at`) VALUES (?, ?, ?, ?);')) { $stmt->bindParam(1, $userid, PDO::PARAM_INT); $stmt->bindParam(2, $path, PDO::PARAM_STR, 255); $stmt->bindParam(3, $message, PDO::PARAM_STR, 255); $stmt->bindParam(4, $timestamp, PDO::PARAM_INT); $stmt->execute(); $stmt->closeCursor(); } } } } return $result; }
// Handle the login if (!Login::IsLoggedIn() && Site::CheckSecurityToken()) { if (Login::TryToLogin()) { Site::BackToHome(); } } // Page Output include_once 'Pages/OnAllPages.php'; $RTK->AddJavascript('/jquery-2.1.4.min.js'); $RTK->AddJavascript('/login.js'); if (Login::GetError() != EMPTYSTRING) { $RTK->AddElement(new RTK_Textview(Login::GetError())); } $loginbox = new RTK_Box('loginbox'); if (Login::IsLoggedIn()) { // If a user is logged in $loginbox->AddChild(new RTK_Textview('You are logged in as: ' . Login::GetUsername())); $loginbox->AddChild(new RTK_Link('Logout' . URLPAGEEXT, 'click here for log out', true)); } elseif (Site::HasHttps()) { // If a user is not logged in, but the site is running secure $loginform = new RTK_Form('loginform', EMPTYSTRING, 'POST'); $loginform->AddTextField('loginname', 'Username:'******'loginpass', 'Password:'******'submit', 'log in'); $loginbox->AddChild($loginform); } else { // If a user is not logged in, and the site is not running secure $loginbox->AddChild(new RTK_Textview('You are not running secure and therefore cannot be allowed to log in.')); $loginbox->AddChild(new RTK_Link('Login' . URLPAGEEXT, 'click here for encrypted login', true)); } $RTK->AddElement($loginbox);
/** * Tries to login, given that all the requirements are met. **/ public static function TryToLogin() { $result = false; // Check if the site is connected to via https, and if there is input from the login form if (Site::HasHttps() && Login::HasLoginInput()) { $username = hash('sha512', $_POST['loginname']); $password = $_POST['loginpass']; $salt1 = STATIC_SALT; // Static salt $salt2 = Login::FetchUserSalt($username); // Dynamic salt if ($salt2 != EMPTYSTRING) { $password = hash('sha512', $salt1 . $password . $salt2 . $username); if ($password != EMPTYSTRING) { $id = Login::FetchUserId($username, $password); if ($id > 0) { Login::SetId($id); Login::SetUsername(Login::FetchUsername($id)); Login::SetAttempts(0); $result = true; } } } Login::LogAttempt($username, $result); } return $result; }
<?php // Page Logic if (!Site::HasHttps() || Login::IsLoggedIn()) { Site::BackToHome(); } $errors = null; $userName = EMPTYSTRING; $firstName = EMPTYSTRING; $lastName = EMPTYSTRING; $email = EMPTYSTRING; $telNo = EMPTYSTRING; if (Value::SetAndNotNull($_POST, 'Submit') && Site::CheckSecurityToken()) { $errors = array(); $userName = Site::GetPostValueSafely("UserName"); // need to be hashed client-side $password = Site::GetPostValueSafely("Password"); // need to be hashed client-side $password2 = Site::GetPostValueSafely("Password2"); // need to be hashed client-side $firstName = Site::GetPostValueSafely("FirstName"); $lastName = Site::GetPostValueSafely("LastName"); $email = Site::GetPostValueSafely("email"); $telNo = Site::GetPostValueSafely("telNo"); Site::ValidateUserName($userName, $errors); Site::ValidatePassword($password, $password2, $errors); Site::ValidateEmail($email, $errors); Site::ValidatePhoneNo($telNo, $errors); if (sizeof($errors) == 0) { $user = new User(); $user->create($userName, $password, $firstName, $lastName, $email, $telNo);