private function validateUsername() { $username = $this->getElementValue('username'); if (empty($username)) { $this->getElement('username')->setValidationError('You must enter a username.'); return; } try { $this->user = User::getUser($this->getElementValue('username')); } catch (\libAllure\UserNotFoundException $e) { $this->setElementError('username', 'User not found'); return; } $sql = 'SELECT bi.id FROM basket_items bi WHERE bi.user = :user AND bi.event = :event '; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':user', $this->user->getId()); $stmt->bindValue(':event', $this->getElementValue('event')); $stmt->execute(); if ($stmt->numRows() != 0) { $this->setElementError('username', 'That user already has a ticket in your basket!'); return; } $sql = 'SELECT status FROM signups WHERE user = :user AND event = :event AND status != "SIGNEDUP" '; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':user', $this->user->getId()); $stmt->bindValue(':event', $this->getElementValue('event')); $stmt->execute(); if ($stmt->numRows() != 0) { $user = $stmt->fetchRow(); $this->setElementError('username', 'This user is already signed up, with status ' . $user['status']); return; } }
public function validateExtended() { try { $this->userId = User::getUser($this->getElementValue('username'))->getId(); } catch (Exception $e) { $this->getElement('username')->setValidationError($e->getMessage()); } }
public function validateExtended() { try { $this->user = User::getUser($this->getElementValue('username')); } catch (\libAllure\UserNotFoundException $e) { $this->setElementError('username', 'User not found!'); return false; } return true; }
public function validateExtended() { try { $user = User::getUser($this->getElementValue('username')); } catch (\libAllure\UserNotFoundException $e) { $this->getElement('username')->setValidationError('Username not found'); return; } $this->validateSiteQuiesse($user); $this->validateUserBan($user); }
private function getAvailableGroups() { global $db; $user = User::getUserById($this->getElementValue('id')); $sql = 'SELECT g.id, g.title FROM groups g WHERE id NOT IN (SELECT gm.id FROM group_memberships gm WHERE gm.user = :userId) AND g.id != :userPrimaryGroup'; $stmt = $db->prepare($sql); $stmt->bindValue(':userId', $user->getId()); $stmt->bindValue(':userPrimaryGroup', $user->getData('group')); $stmt->execute(); return $stmt->fetchAll(); }
private function validateUsername() { if (!is_numeric($this->getElementValue('assignedTo'))) { try { $user = User::getUser($this->getElementValue('assignedTo')); $this->getElement('assignedTo')->setValue($user->getId()); } catch (\libAllure\UserNotFoundException $e) { $this->setElementError('assignedTo', 'Username not found.'); } } }
public function validateExtended() { if (empty($_SESSION['userHidden'])) { try { $this->user = User::getUser($this->getElementValue('username')); if ($this->user->getData('group') == 1) { $this->setElementError('username', 'You cannot SUDO into an admin account.'); } } catch (\libAllure\UserNotFoundException $e) { $this->setElementError('username', 'Username not found'); } } }
public function __construct($userId = null) { parent::__construct('formUpdateProfile', 'Update profile'); if ($userId == null) { $user = Session::getUser(); } else { if ($userId != Session::getUser()->getId()) { requirePrivOrRedirect('EDIT_USERS', 'index.php'); $user = User::getUserById($userId); } else { $user = Session::getUser(); } } $this->user = $user; $this->addSection('Bio'); $this->addElement(new ElementHidden('action', null, 'edit')); $this->addElement(new ElementHidden('user', null, $user->getId())); $this->addElement(new ElementEmail('email', 'E-Mail Address', $user->getData('email'))); $elementRealName = $this->addElement(new ElementAlphaNumeric('realName', 'Real Name', $user->getData('real_name'))); $elementRealName->setMinMaxLengths(0, 32); $elementLocation = $this->addElement(new ElementAlphaNumeric('location', 'Location', $user->getData('location'))); $elementLocation->setMinMaxLengths(0, 64); $this->addElement(new ElementInputRegex('mobileNo', 'Mobile No.', $user->getData('mobileNo')))->setMinMaxLengths(0, 16); $this->getElement('mobileNo')->setPattern('#^[\\d ]+$#', 'numbers and spaces'); $this->getElement('mobileNo')->setMinMaxLengths(11, 15); $this->addSection('Preferences'); $this->addElement(new ElementCheckbox('mailingList', 'Mailing list', $user->getData('mailingList'))); $now = date_create(); $elementDateFormat = $this->addElement(new ElementSelect('dateFormat', 'Date format', $user->getData('dateFormat'))); $elementDateFormat->addOption('ISO date format (recommended): ' . formatDt($now, 'Y-m-d'), 'Y-m-d H:i'); $elementDateFormat->addOption('UK, numeric date format: ' . formatDt($now, 'd-m-Y'), 'd-m-Y'); $elementDateFormat->addOption('UK, long date format: ' . formatDt($now, 'jS M Y'), 'jS M Y'); $elementDateFormat->addOption('USA, numeric date format: ' . formatDt($now, 'm-d-Y'), 'm-d-Y'); $elementDateFormat->addOption('Opus date format: ' . formatDtOpus($now), 'opus'); $this->addSection('Change password'); if (Session::getUser()->getUsername() == $user->getUsername()) { $this->addElement(new ElementPassword('passwordCurrent', 'Current password', null, 'Fill this field out if you would like to change your password.')); $this->getElement('passwordCurrent')->setOptional(true); } $this->addElement(new ElementPassword('password1', 'New Password', null))->setOptional(true); $this->addElement(new ElementPassword('password2', 'New Password (confirm)', null))->setOptional(true); if (Session::getUser()->hasPriv('EDIT_BANS')) { $this->addSection('Banning and admin stuff'); $this->addElement(new ElementInput('bannedReason', 'Banned reason', $user->getData('bannedReason'), 'Enter a reason to ban this user. Leave it blank to keep the user active.')); $this->getElement('bannedReason')->addSuggestedValue('', 'Clear ban'); $this->getElement('bannedReason')->setMinMaxLengths(0, 256); $this->addElement(new ElementCheckbox('emailFlagged', 'Email flagged?', $user->getData('emailFlagged'))); } $this->addButtons(Form::BTN_SUBMIT); }
require_once 'includes/widgets/footer.php'; break; case 'revoke': $priv = $sanitizer->filterUint('priv'); $groupId = $sanitizer->filterUint('group'); $sql = 'DELETE FROM privileges_g WHERE permission = :priv AND `group` = :groupId '; $stmt = $db->prepare($sql); $stmt->bindValue(':priv', $priv); $stmt->bindValue(':groupId', $groupId); $stmt->execute(); redirect('group.php?action=view&id=' . $groupId, 'Permision revoked'); break; case 'kick': Session::requirePriv('GROUP_KICK'); $group = new Group($sanitizer->filterUint('group')); $user = User::getUserById($sanitizer->filterUint('user')); $sql = 'DELETE FROM group_memberships WHERE user = :userId AND `group` = :groupId LIMIT 1'; $stmt = $db->prepare($sql); $stmt->bindValue(':userId', $user->getId()); $stmt->bindValue(':groupId', $group->getId()); $stmt->execute(); redirect('group.php?action=view&id=' . $group->getId(), 'User kicked from group.'); break; case 'edit': $id = $sanitizer->filterUint('id'); $group = new Group($id); $f = new FormGroupEdit(); $f->addElement(new ElementHidden('action', null, 'edit')); if ($f->validate()) { $f->process(); }
{ $sql = 'SELECT a.id FROM authenticated_machines a WHERE a.user = :user AND a.event = :event'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':user', $user); $stmt->bindValue(':event', $event); $stmt->execute(); $authenticatedMachines = $stmt->fetchAll(); return $authenticatedMachines; } $sanitizer = Sanitizer::getInstance(); $username = $sanitizer->filterString('username'); $password = $sanitizer->filterString('password'); $isStaff = $sanitizer->filterString('fullrequest'); try { Session::checkCredentials($username, $password); $user = User::getUser($username); } catch (\libAllure\UserNotFoundException $e) { apiReturn('reject-authentication', 'User not found'); } catch (\libAllure\IncorrectPasswordException $e) { apiReturn('reject-authentication', 'Password is incorrect'); } $event = getEvent(); $signupStatus = getSignupStatus($user->getId(), $event['id']); switch ($signupStatus) { case 'PAID': $authenticatedMachines = getAuthenticatedMachines($user->getId(), $event['id']); $sql = 'SELECT s.numberMachinesAllowed FROM signups s WHERE s.user = :user AND s.event = :event'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':user', $user->getId()); $stmt->bindValue(':event', $event['id']); $stmt->execute();
<?php require_once 'includes/common.php'; require_once 'includes/classes/FormAddUserToGroup.php'; use libAllure\Session; use libAllure\User; try { if (isset($_REQUEST['id'])) { $user = User::getUserById($_REQUEST['id']); } else { $user = Session::getUser(); } } catch (Exception $e) { $tpl->error('Could not find user.'); } if (Session::hasPriv('GROUP_EDIT')) { $formAddUserToGroup = new FormAddUserToGroup($user->getId()); if ($formAddUserToGroup->validate()) { $formAddUserToGroup->process(); } } require_once 'includes/widgets/header.php'; require_once 'includes/widgets/sidebar.php'; $userArray = array('username' => $user->getData('username'), 'realName' => $user->getData('real_name'), 'registered' => $user->getData('registered')); $avatarUrl = 'resources/images/avatars/' . $user->getId() . '.png'; if (file_exists($avatarUrl)) { $userArray['avatar'] = $avatarUrl; } if (Session::isLoggedIn() && Session::getUser()->hasPriv('VIEW_PROFILE_PRIVATE')) { $userArray['canSeePrivate'] = true; $userArray['lastLogin'] = $user->getData('lastLogin');
<?php require_once 'includes/common.php'; require_once 'includes/classes/FormSendEmail.php'; use libAllure\Session; use libAllure\Sanitizer; use libAllure\User; Session::requirePriv('SENDEMAIL'); $userId = Sanitizer::getInstance()->filterUint('userId'); $user = User::getUserById($userId); $email = $user->getData('email'); if (empty($email)) { redirect('account.php', 'Cannot send email to a user with a blank email address.'); } $f = new FormSendEmail($email); $f->addElementHidden('userId', $userId); if ($f->validate()) { $f->process(); redirect('profile.php?id=' . $userId, 'Your contribution to the spam on the internet has been completed.'); } else { require_once 'includes/widgets/header.php'; $tpl->assignForm($f); $tpl->display('form.tpl'); } require_once 'includes/widgets/footer.php';
<?php require_once 'includes/common.php'; use libAllure\Session; use libAllure\User; use libAllure\Sanitizer; use libAllure\SimpleFatalError; if (!Session::isLoggedIn()) { $tpl->error('You must be logged in to view the page.'); } $users = User::getAllLocalUsers(); $sanitizer = new Sanitizer(); $action = $sanitizer->filterString('action'); switch ($action) { case 'delete': $id = Sanitizer::getInstance()->filterUint('id'); if ($id == Session::getUser()->getId()) { throw new SimpleFatalError('Err, you cannot delete yourself. Try jumping off a tall building instead.'); } if ($id == -1) { throw new SimpleFatalError('Woooah! Are you trying to make the world explode? You cannot delete the SYSTEM user account!'); } if (!Session::getUser()->hasPriv('USER_DELETE')) { throw new SimpleFatalError('Oh gnoes! You dont have permission to do that.'); } $sql = 'DELETE FROM users WHERE id = "' . $id . '" LIMIT 1 '; $result = $db->query($sql); logActivity('User deleted: ' . $id); redirect('users.php', 'Used deleted... I hope they dont mind..'); break; case 'edit':
<?php require_once 'includes/widgets/header.php'; use libAllure\User; use libAllure\Session; use libAllure\Sanitizer; if (!Session::isLoggedIn()) { redirect('index.php', 'Guests do not have attendance records.'); } if (!Session::hasPriv('VIEW_ATTENDANCE')) { redirect('account.php', 'Do you not have permission to view your attendance record'); } if (!isset($_REQUEST['user'])) { $user = Session::getUser(); } else { $user = User::getUserById(Sanitizer::getInstance()->filterUint('user')); } $attendance = getUserSignups($user->getId()); require_once 'includes/widgets/sidebar.php'; $tpl->assign('stats', getSignupStatistics($attendance)); $tpl->assign('username', $user->getUsername()); $tpl->assign('userId', $user->getId()); $tpl->assign('attendance', $attendance); $tpl->assign('privViewSignupComments', Session::hasPriv('VIEW_SIGNUP_COMMENTS')); $tpl->display('attendanceRecord.tpl'); require_once 'includes/widgets/footer.php';