/**
* @param Registry $registry
* @return Audit
*/
public static function getInstance($registry)
{
if (empty(Audit::$instance)) {
Audit::$instance = new Audit($registry);
}
return Audit::$instance;
}
function __construct()
{
parent::__construct();
$this->user = new \DB\SQL\Mapper($this->db, 'users');
$this->audit = \Audit::instance();
$this->bcrypt = \BCrypt::instance();
}
private function addPlugin()
{
$audit = \Audit::instance();
$this->f3->scrub($_POST);
$this->f3->set('SESSION.flash', array());
// process form if > 0 plugins have been selected
if ($this->f3->exists('POST.plugins') && count($this->f3->get('POST.plugins')) > 0) {
foreach ($this->f3->get('POST.plugins') as $package) {
// validate plugin
if ($this->plugins->getPackage($package) !== false) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => '"' . $package . '" is already installed. Skipping.'));
} else {
if (!($config = $this->plugins->getRemoteConfig($package))) {
$this->f3->push('SESSION.flash', array('type' => 'danger', 'msg' => '"' . $package . '" could not be installed. (missing mytcg.json config file)'));
} else {
if (!isset($config['name']) || !isset($config['author']) || !isset($config['version']) || !isset($config['description'])) {
$this->f3->push('SESSION.flash', array('type' => 'danger', 'msg' => '"' . $package . '" could not be installed. (invalid mytcg.json config file)'));
}
}
}
// process install if there are no errors
if (count($this->f3->get('SESSION.flash')) === 0) {
if ($this->plugins->install($package, $this->plugins)) {
$this->f3->push('SESSION.flash', array('type' => 'success', 'msg' => '"' . $package . '" has been installed successfully!'));
} else {
$this->f3->push('SESSION.flash', array('type' => 'danger', 'msg' => '"' . $package . '" could not be installed.'));
}
}
}
}
}
private function process()
{
$this->f3->scrub($_POST);
$audit = \Audit::instance();
$this->f3->set('SESSION.flash', array());
// validate form
if (!preg_match("/^[\\w\\- ]{2,30}\$/", $this->f3->get('POST.name'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid name.'));
}
if (!$audit->email($this->f3->get('POST.email'), FALSE)) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid email address'));
}
if (!empty($this->f3->get('POST.url')) && !$audit->url($this->f3->get('POST.url'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid URL.'));
}
if (empty($this->f3->get('POST.message'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Please include a message!'));
}
// honey pot
if ($this->f3->get('POST.username') !== '') {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Please do not use autofill or similar tools!'));
}
// if there are no errors, process the form
if (count($this->f3->get('SESSION.flash')) === 0) {
$this->f3->set('POST.level', $this->f3->get('member')->level + 1);
$mailer = new Mailer();
$message = $mailer->message()->setSubject($this->f3->get('tcgname') . ': Contact Form')->setFrom(array($this->f3->get('noreplyemail') => 'MyTCG'))->setTo(array($this->f3->get('tcgemail')))->setReplyTo(array($this->f3->get('POST.email')))->setBody(Template::instance()->render('app/templates/emails/contact.htm'), 'text/html');
if ($mailer->send($message)) {
$this->f3->push('SESSION.flash', array('type' => 'success', 'msg' => 'Your form has been sent. Thanks for contacting us!'));
} else {
$this->f3->push('SESSION.flash', array('type' => 'danger', 'msg' => 'There was a problem processing your request. Please try again or contact us for assistance!'));
}
}
}
public static function setActive()
{
if (!\Audit::instance()->isbot()) {
if (class_exists('\\Activity\\Models\\Actors')) {
$actor = \Activity\Models\Actors::fetch();
if ($actor->isExcluded()) {
return;
}
}
if (\Dsc\System::instance()->get('input')->get('ping', null, 'int') != 1) {
$fw = \Base::instance();
$path = $fw->hive()['PATH'];
switch ($path) {
// ignore certain paths, even if they aren't specifically pings
case strpos($path, '/minify/') === 0 ? true : false:
case "/minify/css":
case "/minify/js":
break;
default:
(new \Dsc\Mongo\Collections\Sessions())->store();
break;
}
}
}
\Dsc\Mongo\Collections\Sessions::throttledCleanup();
}
/**
* validate email address
* @param string $val
* @param string $context
* @param bool $mx
* @return bool
*/
function email($val, $context = null, $mx = true)
{
$valid = true;
if (!$context) {
$context = 'error.validation.email';
}
if (!empty($val)) {
if (!\Audit::instance()->email($val, false)) {
$val = NULL;
if (!$this->f3->exists($context . '.invalid', $errText)) {
$errText = 'e-mail is not valid';
}
$this->f3->error(400, $errText);
$valid = false;
} elseif ($mx && !\Audit::instance()->email($val, true)) {
$val = NULL;
if (!$this->f3->exists($context . '.host', $errText)) {
$errText = 'unknown mail mx.host';
}
$this->f3->error(400, $errText);
$valid = false;
}
}
if (!$valid) {
\Flash::instance()->setKey($context, 'has-error');
}
return $valid;
}
/**
* validate and set a email address for this user
* @param $email
* @return mixed
*/
public function set_email($email)
{
if (\Audit::instance()->email($email) == false) {
// no valid email address
$this->throwValidationError('email');
}
return $email;
}
function __construct()
{
$f3 = Base::instance();
$db = new DB\SQL($f3->get('db_dns') . $f3->get('db_name'), $f3->get('db_user'), $f3->get('db_pass'));
$audit = \Audit::instance();
$this->f3 = $f3;
$this->db = $db;
$this->audit = $audit;
}
protected function install()
{
$audit = \Audit::instance();
$this->f3->scrub($_POST);
$this->f3->set('SESSION.flash', array());
if (!$this->f3->exists('POST.tag') || $this->f3->get('POST.tag') === '') {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid request. Please try again.'));
}
// process form if there are no errors
if (count($this->f3->get('SESSION.flash')) === 0) {
$this->releases->install($this->f3->get('POST.tag'));
}
}
public function edit($id = '')
{
/***********************************
Edit form
************************************/
$this->f3->scrub($_POST);
$members = new Members($this->db);
$this->f3->set('member', $members->read(array('id=?', $id), [])[0]);
$this->f3->set('SESSION.flash', array());
$this->f3->set('status', array('Active', 'Hiatus'));
$cards = new Cards($this->db);
$this->f3->set('decks', $cards->allAlpha());
$this->f3->set('months', array('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'));
// form submitted
if ($this->f3->exists('POST.edit')) {
$audit = \Audit::instance();
// validate form
if (!preg_match("/^[\\w\\-]{2,30}\$/", $this->f3->get('POST.name'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid name. Only letters, numbers, underscores (_), and dashes (-) are allowed.'));
}
if (!$audit->email($this->f3->get('POST.email'), FALSE)) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid email address'));
}
if (!$audit->url($this->f3->get('POST.url'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid trade post URL.'));
}
if (!in_array($this->f3->get('POST.birthday'), $this->f3->get('months'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid birthday'));
}
if ($cards->count(array('id=?', $this->f3->get('POST.collecting'))) == 0) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid collecting deck.'));
}
if ($this->f3->get('member')->status !== 'Pending' && !in_array($this->f3->get('POST.status'), $this->f3->get('status'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid status.'));
}
// if there are no errors, process the form
if (count($this->f3->get('SESSION.flash')) === 0) {
$this->f3->set('collectingID', $this->f3->get('POST.collecting'));
$this->f3->set('POST.collecting', $cards->getById($this->f3->get('POST.collecting'))->filename);
if ($members->edit($this->f3->get('POST.id'))) {
$this->f3->push('SESSION.flash', array('type' => 'success', 'msg' => 'Member ' . $this->f3->get('POST.name') . ' edited!'));
$this->f3->reroute('/mytcg/members');
} else {
$this->f3->push('SESSION.flash', array('type' => 'danger', 'msg' => 'There was a problem processing your request. Please try again!'));
}
}
}
$this->f3->set('content', 'app/views/mytcg/members_edit.htm');
echo Template::instance()->render('app/templates/admin.htm');
}
public function save($f3)
{
if (!$this->configuration->load()) {
$audit = \Audit::instance();
$values = $f3->get('POST');
if (!strlen($values['site-name']) || !strlen($values['password']) || !strlen($values['repeat-password']) || $values['password'] != $values['repeat-password'] || !$audit->email($values['admin-email'])) {
$f3->set('SESSION.form_values', $values);
$messages = array();
if (!$audit->email($values['admin-email'])) {
$messages[] = 'The email must be a valid email';
}
if (!strlen($values['password'])) {
$messages[] = 'The password field are required';
}
if ($values['password'] != $values['repeat-password']) {
$messages[] = 'The password must be equal';
}
if (!strlen($values['site-name'])) {
$messages[] = 'The site name are required';
}
$f3->set('SESSION.form_messages', $messages);
$f3->reroute('/setup');
} else {
$configuration = $this->configuration;
$user = array("firstName" => "Administrator", "lastName" => "", "userName" => "admin", "password" => password_hash($values['password'], PASSWORD_DEFAULT), "email" => $values['admin-email'], "phone" => "", "country" => "", "city" => "", "address" => "");
$f3->set('users', new \DB\Jig\Mapper($this->db, 'users.json'));
$f3->get('users')->copyFrom((array) $user);
$users = $f3->get('users')->save();
$users = $this->db->read('users.json');
reset($users);
$user_id = key($users);
$configuration = array('system_name' => $values['site-name'], 'theme' => 'basic', 'date_format' => 'YYYY');
$f3->set('sysconfig', new \DB\Jig\Mapper($this->db, 'sysconfig.json'));
$f3->get('sysconfig')->copyFrom((array) $configuration);
$f3->get('sysconfig')->save();
$f3->set('roles', new \DB\Jig\Mapper($this->db, 'roles.json'));
$role = array('role' => 'Administrator', 'status' => 1, 'users' => array($user_id), 'qty' => 0);
$f3->get('roles')->copyFrom((array) $role);
$f3->get('roles')->save();
$f3->set('roles', new \DB\Jig\Mapper($this->db, 'roles.json'));
$role = array('role' => 'Guest', 'status' => 1, 'users' => array(), 'qty' => 0);
$f3->get('roles')->copyFrom((array) $role);
$f3->get('roles')->save();
echo Template::instance()->render('templates/setup-created.html');
}
} else {
echo Template::instance()->render('templates/setup-created.html');
}
}
protected function postSite()
{
parent::postSite();
if (!\Audit::instance()->isbot()) {
$actor = \Activity\Models\Actors::fetch();
$app = \Base::instance();
// Track the site visit if it hasn't been done today for this actor
if (empty($actor->last_visit) || $actor->last_visit < date('Y-m-d', strtotime('today'))) {
\Activity\Models\Actions::track('Visited Site');
$actor->set('last_visit', date('Y-m-d', strtotime('today')))->set('visited', time())->save();
}
if ($this->input->get('ping', null, 'int') != 1) {
$actor->markActive(!empty($this->auth->getIdentity()->id));
}
}
}
public function generic_request(\Base $f3)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'websaccre_generic_request.html';
$audit_instance = \Audit::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.url')) {
$error = true;
\Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning');
} else {
$audited_url = $audit_instance->url($f3->get('POST.url'));
if ($audited_url == TRUE) {
/**
*
Shared Hosting Servers Have an issue ..safemode and openbasedir setr and curl gives error enable the lines below and comment out the $request_successful one
$options = array('follow_location'=>FALSE);
$request_successful=$web->request($f3->get('POST.url'),$options);
*
*/
//handle POST data
$postReceive = $f3->get('Post.postReceive');
$postData = explode("&", $postReceive);
$postData = array_map("trim", $postData);
$address = $f3->get('POST.url');
if ($f3->get('POST.means') == "POST") {
$options = array('method' => $f3->get('POST.means'), 'content' => http_build_query($postData));
} else {
$options = array('method' => $f3->get('POST.means'));
}
$request_successful = $web->request($address, $options);
if (!$request_successful) {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'warning');
} else {
$result_body = $request_successful['body'];
$result_headers = $request_successful['headers'];
$engine = $request_successful['engine'];
$headers_max = implode("\n", $result_headers);
$myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine;
$this->response->data['content'] = $myFinalRequest;
}
} else {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger');
}
}
}
}
/**
* Handles Your little Hurl.it like service to make requests to remote servers using various methods
* @package Controller
*/
public function generic_request(\Base $f3)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'websaccre_generic_request.html';
$audit_instance = \Audit::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.url')) {
$error = true;
\Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning');
} else {
$audited_url = $audit_instance->url($f3->get('POST.url'));
if ($audited_url == TRUE) {
//handle POST data
$postReceive = $f3->get('POST.postReceive');
$createPostArray = parse_str($postReceive, $postData);
if (ini_get('safe_mode')) {
$follow_loc = FALSE;
} else {
$follow_loc = TRUE;
}
$address = $f3->get('POST.url');
if ($f3->get('POST.means') == "POST") {
$options = array('method' => $f3->get('POST.means'), 'content' => http_build_query($postData), 'follow_location' => $follow_loc);
$request_successful = $web->request($address, $options);
} elseif ($f3->get('POST.means') == "GET" or $f3->get('POST.means') == "TRACE" or $f3->get('POST.means') == "OPTIONS" or $f3->get('POST.means') == "HEAD") {
$options = array('method' => $f3->get('POST.means'), 'follow_location' => $follow_loc);
$request_successful = $web->request($address, $options);
} else {
\Flash::instance()->addMessage('Unsupported Header Method', 'danger');
}
if (!$request_successful) {
\Flash::instance()->addMessage('Something went wrong your request could not be completed.', 'warning');
} else {
$result_body = $request_successful['body'];
$result_headers = $request_successful['headers'];
$engine = $request_successful['engine'];
$headers_max = implode("\n", $result_headers);
$myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine;
$this->response->data['content'] = $myFinalRequest;
}
} else {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger');
}
}
}
}
function __construct()
{
global $f3;
$this->f3 = $f3;
$this->log = new Log('error.log');
$this->db = new \DB\SQL('mysql:host=' . $this->dbinfo['dbhost'] . ';port=' . $this->dbinfo['dbport'] . ';dbname=' . $this->dbinfo['dbname'], $this->dbinfo['dbuser'], $this->dbinfo['dbpass']);
$this->smtp = new SMTP($this->EmailInfo['host'], $this->EmailInfo['port'], $this->EmailInfo['scheme'], $this->EmailInfo['user'], $this->EmailInfo['pass']);
$this->smtp->set('Errors-to', '');
$this->smtp->set('From', '');
$this->smtp->set('CC', '');
$this->smtp->set('In-Reply-To', '');
$this->geo = \Web\Geo::instance();
$this->md = \Markdown::instance();
$this->audit = \Audit::instance();
$this->theme = new theme();
$this->theme->set_siteURL($this->site);
$this->request['ip-address'] = $this->get_remote_address();
}
public function request()
{
$affiliates = new Affiliates($this->db);
if ($this->f3->exists('POST.request')) {
$audit = \Audit::instance();
$this->f3->scrub($_POST);
$this->f3->set('SESSION.flash', array());
// validate form
if (!preg_match("/^[\\w\\- ]{2,30}\$/", $this->f3->get('POST.name'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid name.'));
}
if (!$audit->email($this->f3->get('POST.email'), FALSE)) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid email address'));
}
if (!preg_match("/^.{2,30}\$/", $this->f3->get('POST.tcgname'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid TCG Name.'));
}
if (!$audit->url($this->f3->get('POST.url'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid URL.'));
}
if (!$audit->url($this->f3->get('POST.button'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid button URL.'));
}
// process form if there are no errors
if (count($this->f3->get('SESSION.flash')) === 0) {
$this->f3->set('POST.status', 'Pending');
$mailer = new Mailer();
$message = $mailer->message()->setSubject($this->f3->get('tcgname') . ': Affiliation Request')->setFrom(array($this->f3->get('noreplyemail') => 'MyTCG'))->setTo(array($this->f3->get('tcgemail')))->setReplyTo(array($this->f3->get('POST.email')))->setBody(Template::instance()->render('app/themes/' . $this->f3->get('theme') . '/templates/emails/affiliation.htm'), 'text/html');
// send email & save to db
if ($mailer->send($message) && $affiliates->add()) {
$this->f3->push('SESSION.flash', array('type' => 'success', 'msg' => 'Your affiliation request has been sent successfully!'));
} else {
$this->f3->push('SESSION.flash', array('type' => 'danger', 'msg' => 'There was a problem processing your request. Please try again or contact us for assistance!'));
}
}
}
$this->f3->reroute('/affiliates');
}
public function cookie_based_lfi($method, $blankurl, $url, $payload)
{
$web = \Web::instance();
$f3 = \Base::instance();
$options = array('method' => $method, 'header' => array('Accept: */*', 'User-Agent: Mth3l3m3ntFramework/4.0 (compatible; MSIE 6.0; HackingtoshTuxu 4.0; .NET CLR 1.1.4322)', 'Cookie: ' . $payload, 'Connection: Close', 'Pragma: no-cache', 'Cache-Control: no-cache'));
$audit_instance = \Audit::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($blankurl) {
$error = true;
\Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning');
} else {
$audited_url = $audit_instance->url($url);
if ($audited_url == TRUE) {
$request_successful = $web->request($url, $options);
if (!$request_successful) {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'warning');
} else {
$result_body = $request_successful['body'];
$result_headers = $request_successful['headers'];
$response_header = $result_headers["0"];
$engine = $request_successful['engine'];
$headers_max = implode("\n", $result_headers);
if (strpos($response_header, '200 OK') !== false) {
$myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine;
$this->response->data['content'] = $myFinalRequest;
} else {
$this->response->data['content'] = "Not Exploitable Application Returned the response below: \n\n " . $headers_max;
}
//convert array header to string
}
} else {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger');
}
}
}
}
public function index()
{
$cards = new Cards($this->db);
$members = new Members($this->db);
$this->f3->set('months', array('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'));
if ($this->f3->exists('POST.join')) {
$audit = \Audit::instance();
$this->f3->scrub($_POST);
$this->f3->set('SESSION.flash', array());
// validate form
if (!preg_match("/^[\\w\\-]{2,30}\$/", $this->f3->get('POST.name'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid name. Only letters, numbers, underscores (_), and dashes (-) are allowed.'));
}
if ($members->count(array('name=?', $this->f3->get('POST.name'))) != 0) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Your name is already taken by another player. Please select a different name and try again!'));
}
if (!$audit->email($this->f3->get('POST.email'), FALSE)) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid email address'));
}
if ($members->count(array('email=?', $this->f3->get('POST.email'))) != 0) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Your email address is already in use by another player.'));
}
if (!$audit->url($this->f3->get('POST.url'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid trade post URL.'));
}
if (!preg_match("/^.{6,}\$/", $this->f3->get('POST.password'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Your password must contain at least 6 characters.'));
}
if ($this->f3->get('POST.password') !== $this->f3->get('POST.password2')) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Your passwords don\'t match!'));
}
if (!in_array($this->f3->get('POST.birthday'), $this->f3->get('months'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid birthday'));
}
if ($cards->count(array('id=?', $this->f3->get('POST.collecting'))) == 0) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid collecting deck.'));
}
if ($this->f3->get('POST.refer') !== '' && $members->count(array('name=?', $this->f3->get('POST.refer'))) == 0) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid referral - that player\'s name doesn\'t exist in our database. Please check your spelling and try again!'));
}
// honey pot
if ($this->f3->get('POST.username') !== '') {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Please do not use autofill or similar tools!'));
}
// process form if there are no errors
if (count($this->f3->get('SESSION.flash')) === 0) {
$this->f3->set('POST.status', 'Pending');
$this->f3->set('POST.level', 1);
$this->f3->set('POST.membercard', 'No');
$this->f3->set('POST.mastered', 'None');
$this->f3->set('POST.wishlist', 'Coming soon.');
$this->f3->set('POST.biography', 'Coming soon.');
$this->f3->set('POST.password', password_hash($this->f3->get('POST.password'), PASSWORD_DEFAULT));
$this->f3->set('collectingID', $this->f3->get('POST.collecting'));
$this->f3->set('POST.collecting', $cards->getById($this->f3->get('POST.collecting'))->filename);
$mailer = new Mailer();
$message = $mailer->message()->setSubject($this->f3->get('tcgname') . ': New Member')->setFrom(array($this->f3->get('noreplyemail') => 'MyTCG'))->setTo(array($this->f3->get('tcgemail')))->setReplyTo(array($this->f3->get('POST.email')))->setBody(Template::instance()->render('app/themes/' . $this->f3->get('theme') . '/templates/emails/newmember.htm'), 'text/html');
// send email & save to db
if ($mailer->send($message) && $members->add()) {
$this->f3->set('sp', array());
// random choice cards
for ($i = 0; $i < $this->f3->get('num_startchoice'); $i++) {
$this->f3->push('sp', $cards->random(array('id=?', $this->f3->get('collectingID'))));
}
// random regular cards
for ($i = 0; $i < $this->f3->get('num_startreg'); $i++) {
$this->f3->push('sp', $cards->random(array('worth=?', 1)));
}
// random special cards
for ($i = 0; $i < $this->f3->get('num_startspc'); $i++) {
$this->f3->push('sp', $cards->random(array('worth=?', 2)));
}
$mailer = new Mailer();
$message = $mailer->message()->setSubject($this->f3->get('tcgname') . ': Starter Pack')->setFrom(array($this->f3->get('noreplyemail') => $this->f3->get('tcgname')))->setTo(array($this->f3->get('POST.email')))->setReplyTo(array($this->f3->get('tcgemail')))->setBody(Template::instance()->render('app/templates/emails/starterpack.htm'), 'text/html');
$result = $mailer->send($message);
// load welcome message
$this->f3->set('content', 'app/themes/' . $this->f3->get('theme') . '/views/welcome.htm');
} else {
$this->f3->push('SESSION.flash', array('type' => 'danger', 'msg' => 'There was a problem processing your request. Please try again or contact us for assistance!'));
}
}
}
if (!$this->f3->exists('content')) {
$this->f3->set('content', 'app/themes/' . $this->f3->get('theme') . '/views/join.htm');
}
$this->f3->set('decks', $cards->allAlpha());
echo Template::instance()->render('app/themes/' . $this->f3->get('theme') . '/templates/default.htm');
}
/**
* Determine if the provided email is valid and exists
*
* Usage: '<index>' => 'valid_email'
*
* @param string $field
* @param array $input
* @param null $param
*
* @return mixed
*/
protected function validate_valid_email($field, $input, $param = null)
{
if (!isset($input[$field]) || empty($input[$field])) {
return;
}
if (!Audit::instance()->email($input[$field], true)) {
return array('field' => $field, 'value' => $input[$field], 'rule' => __FUNCTION__, 'param' => $param);
}
}
/**
* send rally point information by mail
*/
protected function sendRallyPointMail()
{
$recipient = Config::getNotificationMail('RALLY_SET');
if ($recipient && \Audit::instance()->email($recipient)) {
$updatedCharacterId = (int) $this->get('updatedCharacterId', true);
/**
* @var $character CharacterModel
*/
$character = $this->rel('updatedCharacterId');
$character->getById($updatedCharacterId);
if (!$character->dry()) {
$body = [];
$body[] = "Map:\t\t" . $this->mapId->name;
$body[] = "System:\t\t" . $this->name;
$body[] = "Region:\t\t" . $this->region;
$body[] = "Security:\t" . $this->security;
$body[] = "Character:\t" . $character->name;
$body[] = "Time:\t\t" . date('g:i a; F j, Y', strtotime($this->rallyUpdated));
$bodyMsg = implode("\r\n", $body);
(new MailController())->sendRallyPoint($recipient, $bodyMsg);
}
}
}
/**
* send mail with registration key
* -> check INVITE in pathfinder.ini
* @param $f3
* @throws Exception
*/
public function sendInvite($f3)
{
$data = $f3->get('POST.settingsData');
$return = (object) [];
// check invite limit
// get handed out key count
$tempRegistrationKeyModel = Model\BasicModel::getNew('RegistrationKeyModel');
$tempRegistrationKeyModels = $tempRegistrationKeyModel->find(['
email != "" AND
active = 1']);
$totalKeys = 0;
if (is_object($tempRegistrationKeyModels)) {
$totalKeys = $tempRegistrationKeyModels->count();
}
if ($f3->get('PATHFINDER.REGISTRATION.INVITE') == 1 && $totalKeys < $f3->get('PATHFINDER.REGISTRATION.INVITE_LIMIT')) {
// key limit not reached
if (isset($data['email']) && !empty($data['email'])) {
$email = trim($data['email']);
// check if mail is valid
if (\Audit::instance()->email($email)) {
// new key for this mail is allowed
$registrationKeyModel = $this->findRegistrationKey($email, 0);
if ($registrationKeyModel === false) {
// check for total number of invites (active and inactive) -> prevent spamming
$allRegistrationKeysByMail = $this->findRegistrationKey($email);
if ($allRegistrationKeysByMail == false || $allRegistrationKeysByMail->count() < 3) {
// get a fresh key
$registrationKeyModel = Model\BasicModel::getNew('RegistrationKeyModel');
$registrationKeyModel->load(['
used = 0 AND
active = 1 AND
email = "" ', ':email' => $email], ['limit' => 1]);
} else {
$validationError = (object) [];
$validationError->type = 'warning';
$validationError->message = 'The number of keys is limited by Email. You can not get more keys';
$return->error[] = $validationError;
}
} else {
$registrationKeyModel = $registrationKeyModel[0];
}
// send "old" key again or send a new key
if (is_object($registrationKeyModel)) {
$msg = 'Your personal Registration Key: ' . $registrationKeyModel->registrationKey;
$mailController = new MailController();
$status = $mailController->sendInviteKey($email, $msg);
if ($status) {
$registrationKeyModel->email = $email;
$registrationKeyModel->ip = $this->f3->get('IP');
$registrationKeyModel->save();
}
}
} else {
$validationError = (object) [];
$validationError->type = 'error';
$validationError->field = 'email';
$validationError->message = 'Email is not valid';
$return->error[] = $validationError;
}
}
} else {
$validationError = (object) [];
$validationError->type = 'warning';
$validationError->message = 'The pool of beta keys has been exhausted, please try again in a few days/weeks';
$return->error[] = $validationError;
}
echo json_encode($return);
}
private function deleteGame()
{
$audit = \Audit::instance();
$this->f3->scrub($_POST);
$this->f3->set('SESSION.flash', array());
// process form if there are no errors
if (count($this->f3->get('SESSION.flash')) === 0) {
// delete record
if ($this->games->delete($this->f3->get('POST.id')) && unlink('storage/jig/games/' . $this->f3->get('POST.id') . '.json')) {
$this->f3->push('SESSION.flash', array('type' => 'success', 'msg' => 'Game removed successfully!'));
} else {
$this->f3->push('SESSION.flash', array('type' => 'danger', 'msg' => 'There was a problem processing the request. Game data may not have been completely removed. Please try again.'));
}
}
}
private function audit()
{
return \Audit::instance();
}
/**
* Obtains the criteria to search, based on a specified resource
* identifier.
*
* This function works out the type of resource being requested (e.g.
* URL or e-mail), then supplies the appropriate path(s) to search
* for.
* @param string $resource the resource identifier
* @return array an array of criteria paths and their corresponding
* values
*/
protected function getResourceCriteria($resource)
{
$audit = \Audit::instance();
if ($audit->url($resource)) {
return array('openid.identity' => $resource);
}
// If it begins with acct: or mailto:, strip it out
if (stristr($resource, 'acct:') !== false || stristr($resource, 'mailto:') !== false) {
list(, $email) = explode(':', $resource, 2);
if ($audit->email($email)) {
return array('webfinger.acct' => $email, 'userinfo.email' => $email);
}
}
return null;
}
/**
* @return Audit
*/
public static function audit()
{
return Audit::instance();
}
private function mcrequest()
{
/***********************************
Process Member Card Request!
************************************/
$this->f3->scrub($_POST);
$audit = \Audit::instance();
$members = new Members($this->db);
$this->f3->set('member', $members->read(array('id=?', $this->f3->get('SESSION.userID')), [])[0]);
$this->f3->set('SESSION.flash', array());
// validate the form!
if (!$audit->url($this->f3->get('POST.image'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid image URL.'));
}
// if there are no errors, process the form
if (count($this->f3->get('SESSION.flash')) === 0) {
$mailer = new Mailer();
$message = $mailer->message()->setSubject($this->f3->get('tcgname') . ': Member Card Request (' . $this->f3->get('member')->name . ')')->setFrom(array($this->f3->get('noreplyemail') => 'MyTCG'))->setTo(array($this->f3->get('tcgemail')))->setReplyTo(array($this->f3->get('member')->email))->setBody(Template::instance()->render('app/templates/emails/mcrequest-notif.htm'), 'text/html');
if ($mailer->send($message)) {
$this->f3->push('SESSION.flash', array('type' => 'success', 'msg' => 'Your member card request has been sent!'));
} else {
$this->f3->push('SESSION.flash', array('type' => 'danger', 'msg' => 'There was a problem processing your request. Please try again or contact us for assistance!'));
}
}
}
/**
* Handles Decoding Functions
* @param \Base $f3
*/
public function decoder_multi(\Base $f3)
{
$this->response->data['SUBPART'] = 'dencoder_decoder_multi.html';
$audit_instance = \Audit::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.encoded')) {
$error = true;
\Flash::instance()->addMessage('Please enter Some text to decode e.g. 0xaaaa ', 'warning');
} else {
$encoded_text_string = $f3->get('POST.encoded');
$encodedFormat = $f3->get('POST.encodedFormat');
switch ($encodedFormat) {
case "base64":
$decoded = trim($encoded_text_string);
if (base64_encode(base64_decode($decoded)) === $decoded) {
$decoded = base64_decode($decoded, true);
$this->response->data['content'] = $decoded;
} else {
\Flash::instance()->addMessage('Please enter a valid base 64 string e.g. dGVzdG1l ', 'warning');
}
break;
case "hex":
$decoded = trim($encoded_text_string);
if (is_numeric('0x' . $decoded)) {
if (function_exists('hex2bin')) {
$decoded = hex2bin($decoded);
$this->response->data['content'] = $decoded;
} else {
\Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning');
}
} else {
\Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning');
}
break;
case "hex_0x":
$clear_prefix = str_replace("0x", "", $encoded_text_string);
$clear_prefix = trim($clear_prefix);
if (is_numeric('0x' . $clear_prefix)) {
if (function_exists('hex2bin')) {
$decoded = hex2bin($clear_prefix);
$this->response->data['content'] = $decoded;
} else {
\Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning');
}
} else {
\Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning');
}
break;
case "hex_slash_x":
$clear_prefix = str_replace("\\x", "", $encoded_text_string);
$clear_prefix = trim($clear_prefix);
if (is_numeric('0x' . $clear_prefix)) {
if (function_exists('hex2bin')) {
$decoded = hex2bin($clear_prefix);
$this->response->data['content'] = $decoded;
} else {
\Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning');
}
} else {
\Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning');
}
break;
case "rot13":
$decoded = str_rot13(trim($encoded_text_string));
$this->response->data['content'] = $decoded;
break;
default:
\Flash::instance()->addMessage('Seems You have Broken something or text is invalid \\n I can\'t process', 'warning');
}
}
}
}
private function deleteCards()
{
$audit = \Audit::instance();
$this->f3->scrub($_POST);
$this->f3->set('SESSION.flash', array());
// determine whether to update the cards or upcoming table
switch ($this->f3->get('POST.status')) {
case "Upcoming":
$cards = $this->upcoming;
break;
case "Released":
$cards = $this->cards;
break;
default:
$this->f3->error(404);
}
// process form if there are no errors
if (count($this->f3->get('SESSION.flash')) === 0) {
// delete record
if ($cards->delete($this->f3->get('POST.id'))) {
$this->f3->push('SESSION.flash', array('type' => 'success', 'msg' => 'Deck record removed successfully!'));
} else {
$this->f3->push('SESSION.flash', array('type' => 'danger', 'msg' => 'There was a problem processing the request. Please try again.'));
}
}
}
private function approveAffiliate($affiliates)
{
/***********************************
Process Approve Affiliate Form!
************************************/
$audit = \Audit::instance();
$this->f3->scrub($_POST);
$this->f3->set('SESSION.flash', array());
// process form if there are no errors
if (count($this->f3->get('SESSION.flash')) === 0) {
$this->f3->set('POST.status', 'Active');
// save to db
if ($affiliates->edit($this->f3->get('POST.id'))) {
$mailer = new Mailer();
$message = $mailer->message()->setSubject($this->f3->get('tcgname') . ': Affiliation Approved')->setFrom(array($this->f3->get('noreplyemail') => $this->f3->get('tcgname')))->setTo(array($affiliates->read(array('id=?', $this->f3->get('POST.id')), [])[0]->email))->setReplyTo(array($this->f3->get('tcgemail')))->setBody(Template::instance()->render('app/templates/emails/affiliate-approved.htm'), 'text/html');
// send email & save to db
if ($mailer->send($message)) {
$this->f3->push('SESSION.flash', array('type' => 'success', 'msg' => 'Approval email sent.'));
}
$this->f3->push('SESSION.flash', array('type' => 'success', 'msg' => 'Affiliate approved!'));
} else {
$this->f3->push('SESSION.flash', array('type' => 'danger', 'msg' => 'There was a problem processing the request. Please try again.'));
}
}
}
public function settings()
{
if ($this->f3->exists('SESSION.userID')) {
$cards = new Cards($this->db);
$members = new Members($this->db);
$this->f3->set('status', array('Active', 'Hiatus'));
$this->f3->set('decks', $cards->allAlpha());
$this->f3->set('member', $members->read(array('id=?', $this->f3->get('SESSION.userID')), [])[0]);
if ($this->f3->exists('POST.update')) {
$audit = \Audit::instance();
$this->f3->scrub($_POST);
$this->f3->set('SESSION.flash', array());
// validate form
if (!$audit->email($this->f3->get('POST.email'), FALSE)) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid email address.'));
}
if ($this->f3->get('POST.email') != $this->f3->get('member')->email && $members->count(array('email=?', $this->f3->get('POST.email'))) != 0) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Your email address is already in use by another player.'));
}
if (!$audit->url($this->f3->get('POST.url'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid trade post URL.'));
}
if ($this->f3->get('POST.password') !== '' && !preg_match("/^.{6,}\$/", $this->f3->get('POST.password'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Your password must contain at least 6 characters.'));
}
if ($this->f3->get('POST.password') !== '' && $this->f3->get('POST.password') !== $this->f3->get('POST.password2')) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Your passwords don\'t match!'));
}
if ($this->f3->get('member')->status !== 'Pending' && !in_array($this->f3->get('POST.status'), $this->f3->get('status'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid status.'));
}
if ($cards->count(array('id=?', $this->f3->get('POST.collecting'))) == 0) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Invalid collecting deck.'));
}
if (!preg_match("/^.{0,875}\$/", $this->f3->get('POST.biography')) || !preg_match("/^.{0,875}\$/", $this->f3->get('POST.wishlist'))) {
$this->f3->push('SESSION.flash', array('type' => 'warning', 'msg' => 'Please limit your Profile details to 875 characters.'));
}
// process form if there are no errors
if (count($this->f3->get('SESSION.flash')) === 0) {
if ($this->f3->get('member')->status == 'Pending') {
// If they're pending, don't let them change their status!
$this->f3->set('POST.status', 'Pending');
}
if ($this->f3->exists('POST.password') && $this->f3->get('POST.password') != '') {
// if password was changed, hash it
$this->f3->set('POST.password', password_hash($this->f3->get('POST.password'), PASSWORD_DEFAULT));
} else {
$this->f3->clear('POST.password');
}
$this->f3->set('collectingID', $this->f3->get('POST.collecting'));
$this->f3->set('POST.collecting', $cards->getById($this->f3->get('POST.collecting'))->filename);
// update settings in db
if ($members->edit($this->f3->get('SESSION.userID'), array('email', 'url', 'status', 'password', 'level', 'collecting', 'wishlist', 'biography'))) {
$this->f3->push('SESSION.flash', array('type' => 'success', 'msg' => 'Your settings have been updated!'));
$this->f3->set('member', $members->read(array('id=?', $this->f3->get('SESSION.userID')), [])[0]);
} else {
$this->f3->push('SESSION.flash', array('type' => 'danger', 'msg' => 'There was a problem processing your request. Please try again or contact us for assistance!'));
}
}
}
$this->f3->set('content', 'app/themes/' . $this->f3->get('theme') . '/views/settings.htm');
echo Template::instance()->render('app/themes/' . $this->f3->get('theme') . '/templates/default.htm');
} else {
$this->f3->reroute('/members/login');
}
}