/** * @param $userID * @param $tokenType * @param null $token * @return null|string */ public static function createNewToken($userID, $tokenType, $token = null) { global $db; $info = BuckysUser::getUserData($userID); if (!$token) { $token = md5(mt_rand(0, 99999) . time() . mt_rand(0, 99999) . $info['email'] . mt_rand(0, 99999)); } $newID = $db->insertFromArray(TABLE_USERS_TOKEN, ['userID' => $userID, 'userToken' => $token, 'tokenDate' => time(), 'tokenType' => $tokenType]); return $token; }
if ($isAjax) { $resultXML = ['status' => 'error', 'message' => $db->getLastError()]; render_result_xml($resultXML); } else { buckys_redirect($return, $db->getLastError(), MSG_TYPE_ERROR); } } } } } } } exit; } //Getting UserData from Id $userData = BuckysUser::getUserData($userID); $page = isset($_GET['page']) ? $_GET['page'] : 1; if ($type == 'all') { $totalCount = BuckysFriend::getNumberOfFriends($userID); } else { if ($type == 'pending') { $totalCount = BuckysFriend::getNumberOfPendingRequests($userID); } else { if ($type == 'requested') { $totalCount = BuckysFriend::getNumberOfReceivedRequests($userID); } } } //Init Pagination Class $pagination = new Pagination($totalCount, BuckysFriend::$COUNT_PER_PAGE, $page); $page = $pagination->getCurrentPage();
<?php require dirname(__FILE__) . '/includes/bootstrap.php'; //If the user is not logged in, redirect to the index page if (!($userID = buckys_is_logged_in())) { buckys_redirect('/index.php'); } if (isset($_GET['to'])) { $receiver = BuckysUser::getUserData($_GET['to']); } if (isset($_GET['reply'])) { $replyTo = BuckysMessage::getMessage($_GET['reply']); } if (isset($_POST['action'])) { //Check the user id is same with the current logged user id if ($_POST['userID'] != $userID) { echo 'Invalid Request!'; exit; } //Save Address if ($_POST['action'] == 'compose_message') { //Show Results header('Content-type: application/xml'); if (!BuckysMessage::composeMessage($_POST)) { render_result_xml(['status' => 'error', 'message' => buckys_get_messages()]); } else { render_result_xml(['status' => 'success', 'message' => buckys_get_messages()]); } exit; } }
} $bitcoinClass = new BuckysBitcoin(); //Create Wallet if it is not created $bitcoinInfo = BuckysUser::getUserBitcoinInfo($userID); if (!$bitcoinInfo) { $bitcoinInfo = $bitcoinClass->createWallet($TNB_GLOBALS['user']['userID'], $TNB_GLOBALS['user']['email']); } if (isset($_POST['action']) && $_POST['action'] == 'send-bitcoins') { //Check Token if (!buckys_check_form_token()) { buckys_redirect("/wallet.php", MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } $toAddress = $_POST['receiver']; $amount = doubleval($_POST['amount']); $password = $_POST['password']; $user = BuckysUser::getUserData($TNB_GLOBALS['user']['userID']); $is_error = false; if (!$password || !buckys_validate_password($password, $user['password'])) { buckys_redirect("/wallet.php", MSG_CURRENT_PASSWORD_NOT_CORRECT, MSG_TYPE_ERROR); } if (!$toAddress) { buckys_redirect("/wallet.php", MSG_ENTER_BITCOINS_ADDRESS_OF_RECIPIENT, MSG_TYPE_ERROR); } if (!$amount || $amount <= 0) { buckys_redirect("/wallet.php", MSG_INVALID_BITCOIN_AMOUNT, MSG_TYPE_ERROR); } if (!$is_error) { $bitcoinClass->sendBitcoin($userID, $toAddress, $amount); } buckys_redirect("/wallet.php"); }
<?php require dirname(__FILE__) . '/includes/bootstrap.php'; //Getting Current User ID if (!($userID = buckys_is_logged_in())) { buckys_redirect('/index.php', MSG_NOT_LOGGED_IN_USER, MSG_TYPE_ERROR); } $albumID = isset($_REQUEST['albumID']) ? $_REQUEST['albumID'] : ''; if (!$albumID || !BuckysAlbum::checkAlbumOwner($albumID, $userID)) { buckys_redirect("/photo_albums.php", MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } //Getting UserData from Id $userData = BuckysUser::getUserData($profileID); //Getting Album $album = BuckysAlbum::getAlbum($albumID); //Getting Photos $myphotos = BuckysPost::getPhotosByUserID($userID, $userID, BuckysPost::INDEPENDENT_POST_PAGE_ID, true); $albumPhotos = BuckysAlbum::getPhotos($albumID); //Getting Album Photos if (isset($_POST['action'])) { //Create New Album if ($_POST['action'] == 'save-album') { //If the album title is empty, throw error //If the album title is empty, throw error if (trim($_POST['album_name']) == '') { buckys_redirect('/photo_album_edit.php?albumID=' . $_POST['albumID'], MSG_ALBUM_TITLE_EMPTY, MSG_TYPE_ERROR); } BuckysAlbum::updateAlbum($_POST['albumID'], trim($_POST['album_name']), $_POST['visibility'], $_POST['photos']); buckys_redirect("/photo_album_edit.php?albumID=" . $_POST['albumID'], MSG_ALBUM_UPDATED); } else { if ($_POST['action'] == 'remove-from-album' || $_POST['action'] == 'add-to-album') {
public function deleteAccountAction() { $data = $_POST; $token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')]; } if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')]; } $current = BuckysUser::getUserData($userID); if (!buckys_validate_password($data['password'], $current['password'])) { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result('Current password is incorrect.')]; } else { if (BuckysUser::deleteUserAccount($userID)) { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS']]; } else { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('There was an error to saving your information.')]; } } exit; }
$userIns = new BuckysUser(); if (!$view['myRatingInfo']) { $view['myRatingInfo'] = []; } ?> <section id="main_section"> <?php buckys_get_panel('trade_top_search'); ?> <section id="feedback-left-panel"> <?php $myInfo = $userIns->getUserBasicInfo($view['myID']); $myData = BuckysUser::getUserData($view['myID']); $totalRating = 'No'; $positiveRating = ''; if ($view['myRatingInfo']['totalRating'] != '' && $view['myRatingInfo']['totalRating'] > 0) { $totalRating = $view['myRatingInfo']['totalRating']; if (is_numeric($view['myRatingInfo']['positiveRating'])) { $positiveRating = number_format($view['myRatingInfo']['positiveRating'] / $totalRating * 100, 2, '.', '') . '% Positive'; } } ?> <div class="titles"> <?php echo trim($myInfo['firstName'] . ' ' . $myInfo['lastName']); ?> </div> <div class="feedback-user-img" style="margin:5px 0px;">
/** * Remove Post and Comment * * @param mixed $userID * @param mixed $postID * @return bool */ public static function deletePost($userID, $postID) { global $db; $query = $db->prepare("SELECT postID, type, image, poster FROM " . TABLE_POSTS . " WHERE postID=%s AND poster=%s", $postID, $userID); $row = $db->getRow($query); if ($row) { //Getting Comments and Likes $comments = $db->getVar('SELECT count(*) FROM ' . TABLE_POSTS_COMMENTS . " WHERE postID=" . $row['postID']); $likes = $db->getVar('SELECT count(*) FROM ' . TABLE_POSTS_LIKES . " WHERE postID=" . $row['postID']); //Update Stats BuckysUser::updateStats($row['poster'], 'comments', -1 * $comments); BuckysUser::updateStats($row['poster'], 'likes', -1 * $likes); $db->query('DELETE FROM ' . TABLE_POSTS . " WHERE postID=" . $row['postID']); $db->query('DELETE FROM ' . TABLE_COMMENTS . " WHERE postID=" . $row['postID']); $db->query('DELETE FROM ' . TABLE_ALBUMS_PHOTOS . " WHERE post_id=" . $row['postID']); $db->query('DELETE FROM ' . TABLE_MAIN_ACTIVITIES . " WHERE objectID=" . $row['postID']); $db->query('DELETE FROM ' . TABLE_REPORTS . " WHERE objectID=" . $row['postID']); $db->query('DELETE FROM ' . TABLE_POSTS_LIKES . " WHERE postID=" . $row['postID']); $db->query('DELETE FROM ' . TABLE_POSTS_HITS . " WHERE postID=" . $row['postID']); //Remove Image if ($row['type'] == 'image') { @unlink(DIR_FS_PHOTO . "users/" . $userID . "/resized/" . $row['image']); @unlink(DIR_FS_PHOTO . "users/" . $userID . "/original/" . $row['image']); @unlink(DIR_FS_PHOTO . "users/" . $userID . "/thumbnail/" . $row['image']); //Remove From Albums $db->query('DELETE FROM ' . TABLE_ALBUMS_PHOTOS . ' WHERE post_id=' . $row['postID']); $user = BuckysUser::getUserData($userID); //If current image is a profile image, remove it from the profile image if ($user['thumbnail'] == $row['image']) { BuckysUser::updateUserFields($userID, ['thumbnail' => '']); } } return true; } else { return false; } }
buckys_enqueue_javascript('trade.js'); $TNB_GLOBALS['content'] = 'feedback'; //$TNB_GLOBALS['headerType'] = 'trade'; $paramCurrentPage = get_secure_integer($_REQUEST['page']); $paramType = get_secure_string($_REQUEST['type']); $userID = get_secure_integer($_REQUEST['user']); $userIns = new BuckysUser(); if ($userID == '') { if (!($userID = buckys_is_logged_in())) { buckys_redirect('/index.php', MSG_NOT_LOGGED_IN_USER, MSG_TYPE_ERROR); } } else { if (!is_numeric($userID)) { buckys_redirect('/index.php', MSG_NOT_LOGGED_IN_USER, MSG_TYPE_ERROR); } else { $userData = $userIns->getUserData($userID); if ($userData['status'] != BuckysUser::STATUS_USER_ACTIVE) { buckys_redirect('/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } } } //Calc base URL $baseURLParts = []; if ($paramType == 'given') { $baseURLParts[] = "type=" . $paramType; } else { $paramType = 'received'; } if ($userID != buckys_is_logged_in()) { $baseURLParts[] = "user=" . $userID; }
?> <section id="main_content" class="search-result-panel"> <?php render_result_messages(); ?> <div class="search-result-list"> <?php if (count($searcuResult) > 0) { foreach ($searcuResult as $data) { if ($data['type'] == 'user') { //Display user $userData = $userIns->getUserData($data['userID']); if (empty($userData)) { continue; } $profileLink = '/profile.php?user='******'userID']; $sendMessageLink = '/messages_compose.php?to=' . $userData['userID']; ?> <div class="node"> <div class="img-cont"><?php render_profile_link($userData, 'thumbIcon'); ?> </div> <div class="desc"> <a href="<?php echo $profileLink; ?>
$BUCKYS_GLOBALS['content'] = 'trade/view'; $BUCKYS_GLOBALS['headerType'] = 'trade'; $paramItemID = get_secure_integer($_REQUEST['id']); $view = array(); $tradeItemIns = new BuckysTradeItem(); $tradeCatIns = new BuckysTradeCategory(); $countryIns = new BuckysCountry(); $userIns = new BuckysUser(); $tradeOfferIns = new BuckysTradeOffer(); $view['item'] = $tradeItemIns->getItemById($paramItemID); $view['myID'] = $userID; if (!isset($view['item']) || $view['item']['status'] == BuckysTradeItem::STATUS_ITEM_INACTIVE) { buckys_redirect('/trade/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } //Check if the items owner is active one $userData = $userIns->getUserData($view['item']['userID']); if ($userData['status'] == BuckysUser::STATUS_USER_BANNED) { buckys_redirect('/trade/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } //Read more info from DB $catData = $tradeCatIns->getCategoryByID($view['item']['catID']); $view['item']['categoryName'] = isset($catData) ? $catData['name'] : ''; $countryData = $countryIns->getCountryById($view['item']['locationID']); $view['item']['locationName'] = isset($countryData) ? $countryData['country_title'] : ''; $view['item']['userInfo'] = $userIns->getUserBasicInfo($view['item']['userID']); if (!isset($view['item']['userInfo'])) { buckys_redirect('/trade/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } //Check if you can make an offer to this user. If this user decline your offer before for this item, then you can't send again $view['offerDisabled'] = false; if (!$userID || $userID == $view['item']['userID']) {
/** * Create new password and send it to user * * @param String $email */ public function resetPassword($email) { global $db; $email = trim($email); if (!$email) { buckys_redirect('/register.php?forgotpwd=1', MSG_EMPTY_EMAIL, MSG_TYPE_ERROR); return; } //Check Email Address if (!preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\\._-]+)+\$/", $email)) { buckys_redirect('/register.php?forgotpwd=1', MSG_INVALID_EMAIL, MSG_TYPE_ERROR); return false; } $query = $db->prepare("SELECT userID FROM " . TABLE_USERS . " WHERE email=%s", $email); $userID = $db->getVar($query); if (!$userID) { buckys_redirect('/register.php?forgotpwd=1', MSG_EMAIL_NOT_FOUND, MSG_TYPE_ERROR); return false; } $data = BuckysUser::getUserData($userID); //Remove Old Token BuckysUsersToken::removeUserToken($userID, 'password'); //Create New Token $token = BuckysUsersToken::createNewToken($userID, 'password'); $link = "http://" . $_SERVER['HTTP_HOST'] . "/reset_password.php?token=" . $token; //Send an email to user with the link $title = "Reset your password."; $body = "Dear " . $data['firstName'] . " " . $data['lastName'] . "\n\n" . "Please reset your password by using the below link:\n" . $link . "\n\nBuckysroom.com"; require_once DIR_FS_INCLUDES . "phpMailer/class.phpmailer.php"; buckys_sendmail($data['email'], $data['firstName'] . " " . $data['lastName'], $title, $body); buckys_redirect('/register.php', MSG_RESET_PASSWORD_EMAIL_SENT, MSG_TYPE_SUCCESS); return; }
$TNB_GLOBALS['content'] = 'shop/view'; $TNB_GLOBALS['headerType'] = 'shop'; $paramShopID = get_secure_integer($_REQUEST['id']); $view = []; $shopProductIns = new BuckysShopProduct(); $catIns = new BuckysShopCategory(); $countryIns = new BuckysCountry(); $userIns = new BuckysUser(); $shippingInfoIns = new BuckysTradeUser(); $view['product'] = $shopProductIns->getProductById($paramShopID); $view['myID'] = $userID; if (!isset($view['product']) || $view['product']['status'] == BuckysShopProduct::STATUS_INACTIVE) { buckys_redirect('/shop/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } //Check if the items owner is active one $userData = $userIns->getUserData($view['product']['userID']); if ($userData['status'] == BuckysUser::STATUS_USER_BANNED) { buckys_redirect('/shop/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } //Read more info from DB $catData = $catIns->getCategoryByID($view['product']['catID']); $view['product']['categoryName'] = isset($catData) ? $catData['name'] : ''; $countryData = $countryIns->getCountryById($view['product']['locationID']); $view['product']['locationName'] = isset($countryData) ? $countryData['country_title'] : ''; $view['product']['userInfo'] = $userIns->getUserBasicInfo($view['product']['userID']); if (!isset($view['product']['userInfo'])) { buckys_redirect('/shop/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } $view['my_product_flag'] = false; $view['available_shipping_price'] = null; $view['my_shipping_info'] = $myShippingData = $shippingInfoIns->getUserByID($userID);
public function getFriendsAction() { $data = $_POST; $token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null; $page = isset($data['page']) ? $data['page'] : 1; $profileID = isset($data['profileId']) ? $data['profileId'] : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')]; } if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')]; } $userData = BuckysUser::getUserData($profileID); if (!buckys_not_null($profileID) || !buckys_not_null($userData) || !BuckysUser::checkUserID($profileID, true)) { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_INVALID_REQUEST)]; } $canViewPrivate = $userID == $profileID || BuckysFriend::isFriend($userID, $profileID) || BuckysFriend::isSentFriendRequest($profileID, $userID); //Getting Photos //Get Friends $friends = BuckysFriend::getAllFriends($profileID, $page, BuckysFriend::$COUNT_PER_PAGE); $resultFriends = []; foreach ($friends as $data) { $row['id'] = $data['userID']; $row['name'] = $data['firstName'] . " " . $data['lastName']; $row['description'] = $data['current_city_visibility'] ? $data['current_city'] : ""; $row['friendType'] = BuckysFriend::getRelationType($userID, $data['userID']); $row['thumbnail'] = THENEWBOSTON_SITE_URL . BuckysUser::getProfileIcon($data); $resultFriends[] = $row; } return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ["STATUS" => "SUCCESS", "FRIENDS" => $resultFriends]]; }
/** * Remove Post and Comment * * * @param mixed $userID * @param mixed $postID */ public function deletePost($userID, $postID) { global $db; $query = $db->prepare("SELECT postID, type, image FROM " . TABLE_POSTS . " WHERE postID=%s AND poster=%s", $postID, $userID); $row = $db->getRow($query); if ($row) { $db->query('DELETE FROM ' . TABLE_POSTS . " WHERE postID=" . $row['postID']); $db->query('DELETE FROM ' . TABLE_COMMENTS . " WHERE postID=" . $row['postID']); $db->query('DELETE FROM ' . TABLE_ALBUMS_PHOTOS . " WHERE post_id=" . $row['postID']); $db->query('DELETE FROM ' . TABLE_ACTIVITES . " WHERE objectID=" . $row['postID']); $db->query('DELETE FROM ' . TABLE_REPORTS . " WHERE objectType='post' AND objectID=" . $row['postID']); $db->query('DELETE FROM ' . TABLE_POSTS_LIKES . " WHERE postID=" . $row['postID']); $db->query('DELETE FROM ' . TABLE_POSTS_HITS . " WHERE postID=" . $row['postID']); //Remove Image if ($row['type'] == 'image') { @unlink(DIR_FS_PHOTO . "users/" . $userID . "/resized/" . $row['image']); @unlink(DIR_FS_PHOTO . "users/" . $userID . "/original/" . $row['image']); @unlink(DIR_FS_PHOTO . "users/" . $userID . "/thumbnail/" . $row['image']); //Remove From Albums $db->query('DELETE FROM ' . TABLE_ALBUMS_PHOTOS . ' WHERE post_id=' . $row['postID']); $user = BuckysUser::getUserData($userID); if ($user['thumbnail'] == $row['image']) { BuckysUser::updateUserFields($userID, array('thumbnail' => '')); } } return true; } else { return false; } }