public function getListAction()
{
$request = $_GET;
$token = isset($request['TOKEN']) ? trim($request['TOKEN']) : null;
$lastDate = isset($request['lastDate']) ? $request['lastDate'] : null;
if (!$token) {
return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')];
}
if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')];
}
$stream = BuckysPost::getUserPostsStream($userID, $lastDate);
//Format Result Data
$result = [];
foreach ($stream as $post) {
if ($post['pageID'] != BuckysPost::INDEPENDENT_POST_PAGE_ID) {
$pageIns = new BuckysPage();
$pageData = $pageIns->getPageByID($post['pageID']);
}
$pagePostFlag = false;
if (isset($pageData)) {
$pagePostFlag = true;
}
$item = [];
$item['articleId'] = $post['postID'];
$item['posterId'] = $post['poster'];
$item['articleImage'] = "";
$item['articleVideo'] = "";
$item['articleVideoId'] = "";
if ($pagePostFlag) {
$item['posterName'] = $pageData['title'];
$item['posterThumbnail'] = buckys_not_null($pageData['logo']) ? THENEWBOSTON_SITE_URL . DIR_WS_PHOTO . "users/" . $pageData['userID'] . "/resized/" . $pageData['logo'] : THENEWBOSTON_SITE_URL . DIR_WS_IMAGE . "newPagePlaceholder.jpg";
} else {
$item['posterName'] = $post['posterFullName'];
$item['posterThumbnail'] = THENEWBOSTON_SITE_URL . BuckysUser::getProfileIcon($post['poster']);
}
$item['postedDate'] = buckys_api_format_date($userID, $post['post_date']);
$item['purePostedDate'] = $post['post_date'];
$item['articleContent'] = $post['content'];
if ($post['type'] == 'video') {
$item['articleVideo'] = $post['youtube_url'];
$item['articleVideoId'] = buckys_get_youtube_video_id($post['youtube_url']);
} else {
if ($post['type'] == 'image') {
$item['articleImage'] = THENEWBOSTON_SITE_URL . DIR_WS_PHOTO . 'users/' . $post['poster'] . '/resized/' . $post['image'];
}
}
$item['articleLikes'] = $post['likes'];
$item['articleComments'] = $post['comments'];
$item['isLiked'] = !$post['likeID'] ? "no" : "yes";
$result[] = $item;
}
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ["STATUS" => "SUCCESS", "RESULT" => $result]];
}
public function markReadNotificationAction()
{
$data = $_POST;
$token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null;
if (!$token) {
return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')];
}
if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')];
}
if (BuckysActivity::markReadNotifications($userID, $data['postID'])) {
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS']];
} else {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('There was an error to mark read.')];
}
}
public function getFriendListAction()
{
global $TNB_GLOBALS, $db;
$data = $_POST;
$keyword = isset($data['keyword']) ? $data['keyword'] : null;
$token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null;
$sort = "pop";
$page = isset($data['page']) ? $data['page'] : null;
if (!$token) {
return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')];
}
if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')];
}
//Search Results
$searchIns = new BuckysSearch();
$pageIns = new BuckysPage();
$pageFollowerIns = new BuckysPageFollower();
$db_results = $searchIns->search($keyword, BuckysSearch::SEARCH_TYPE_USER_AND_PAGE, $sort, $page);
$results = [];
foreach ($db_results as $item) {
if ($item['type'] == "user") {
//Getting Detail Information
$query = $db->prepare("SELECT \n u.firstName, \n u.lastName, \n u.userID, \n u.thumbnail, \n u.current_city, \n u.current_city_visibility,\n f.friendID \n FROM \n " . TABLE_USERS . " AS u\n LEFT JOIN " . TABLE_FRIENDS . " AS f ON f.userID=%d AND f.userFriendID=u.userID AND f.status='1'\n WHERE u.userID=%d", $userID, $item['userID']);
$data = $db->getRow($query);
if ($data['friendID']) {
$row = [];
$row['id'] = $item['userID'];
$row['name'] = $data['firstName'] . " " . $data['lastName'];
$row['description'] = $data['current_city_visibility'] ? $data['current_city'] : "";
$row['friendType'] = "user";
$row['thumbnail'] = THENEWBOSTON_SITE_URL . BuckysUser::getProfileIcon($data);
$results[] = $row;
}
}
}
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ["STATUS" => "SUCCESS", "RESULT" => $results]];
}
public function deleteAccountAction()
{
$data = $_POST;
$token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null;
if (!$token) {
return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')];
}
if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')];
}
$current = BuckysUser::getUserData($userID);
if (!buckys_validate_password($data['password'], $current['password'])) {
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result('Current password is incorrect.')];
} else {
if (BuckysUser::deleteUserAccount($userID)) {
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS']];
} else {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('There was an error to saving your information.')];
}
}
exit;
}
public function deleteAction()
{
$data = $_POST;
$token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null;
if (!$token) {
return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')];
}
if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')];
}
if (BuckysFriend::delete($userID, $data['friendId'])) {
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS']];
} else {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('There was an error to send your message.')];
}
}
/**
* Create new password and send it to user
*
* @param String $email
*/
public function resetPassword($email)
{
global $db;
$email = trim($email);
if (!$email) {
buckys_redirect('/register.php?forgotpwd=1', MSG_EMPTY_EMAIL, MSG_TYPE_ERROR);
return;
}
//Check Email Address
if (!preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\\._-]+)+\$/", $email)) {
buckys_redirect('/register.php?forgotpwd=1', MSG_INVALID_EMAIL, MSG_TYPE_ERROR);
return false;
}
$query = $db->prepare("SELECT userID FROM " . TABLE_USERS . " WHERE email=%s", $email);
$userID = $db->getVar($query);
if (!$userID) {
buckys_redirect('/register.php?forgotpwd=1', MSG_EMAIL_NOT_FOUND, MSG_TYPE_ERROR);
return false;
}
$data = BuckysUser::getUserData($userID);
//Remove Old Token
BuckysUsersToken::removeUserToken($userID, 'password');
//Create New Token
$token = BuckysUsersToken::createNewToken($userID, 'password');
$link = "http://" . $_SERVER['HTTP_HOST'] . "/reset_password.php?token=" . $token;
//Send an email to user with the link
$title = "Reset your password.";
$body = "Dear " . $data['firstName'] . " " . $data['lastName'] . "\n\n" . "Please reset your password by using the below link:\n" . $link . "\n\nBuckysroom.com";
require_once DIR_FS_INCLUDES . "phpMailer/class.phpmailer.php";
buckys_sendmail($data['email'], $data['firstName'] . " " . $data['lastName'], $title, $body);
buckys_redirect('/register.php', MSG_RESET_PASSWORD_EMAIL_SENT, MSG_TYPE_SUCCESS);
return;
}
public function composeMessageAction()
{
$data = $_POST;
$token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null;
if (!$token) {
return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')];
}
if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')];
}
$param['userID'] = $userID;
$param['to'] = $data['to'];
$param['subject'] = $data['subject'];
$param['body'] = $data['body'];
if (BuckysMessage::sendMessage($param)) {
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS']];
} else {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('There was an error to send your message.')];
}
}
buckys_redirect('/index.php', !$info['token'] ? MSG_ACCOUNT_BANNED : MSG_ACCOUNT_NOT_VERIFIED, MSG_TYPE_ERROR);
} else {
//Login Success
//Clear Login Attempts
BuckysTracker::clearLoginAttemps();
//Restart Session
session_regenerate_id(true);
$_SESSION['userID'] = $info['userID'];
//Init Some Session Values
$_SESSION['converation_list'] = [];
//Create Login Cookie Token
$login_token = hash('sha256', time() . buckys_generate_random_string(20, true) . time());
$login_token_secure = md5($login_token);
//Store Login Token
BuckysUsersToken::removeUserToken($info['userID'], "auth");
BuckysUsersToken::createNewToken($info['userID'], "auth", $login_token_secure);
//Slice the login token to three pieces
$login_token_piece1 = substr($login_token, 0, 20);
$login_token_piece2 = substr($login_token, 20, 20);
$login_token_piece3 = substr($login_token, 40);
//If website is using SSL, use secure cookies
if (SITE_USING_SSL == true) {
setcookie('COOKIE_KEEP_ME_NAME1', base64_encode($login_token_piece1), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true);
setcookie('COOKIE_KEEP_ME_NAME2', base64_encode($login_token_piece3), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true);
setcookie('COOKIE_KEEP_ME_NAME3', base64_encode($login_token_piece2), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true);
} else {
setcookie('COOKIE_KEEP_ME_NAME1', base64_encode($login_token_piece1), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN);
setcookie('COOKIE_KEEP_ME_NAME2', base64_encode($login_token_piece3), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN);
setcookie('COOKIE_KEEP_ME_NAME3', base64_encode($login_token_piece2), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN);
}
buckys_redirect($returnUrl ? base64_decode($returnUrl) : '/account.php');
<?php
require dirname(__FILE__) . '/includes/bootstrap.php';
//Getting Current User ID
$userID = buckys_is_logged_in();
//If the parameter is null, goto homepage
if ($userID) {
buckys_redirect('/account.php');
}
$token = isset($_REQUEST['token']) ? $_REQUEST['token'] : '';
if (!$token) {
buckys_redirect('/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR);
}
if (!($userID = BuckysUsersToken::checkTokenValidity($token, 'password'))) {
buckys_redirect('/register.php?forgotpwd=1', MSG_USER_TOKEN_LINK_NOT_CORRECT, MSG_TYPE_ERROR);
}
if (isset($_POST['action']) && $_POST['action'] == 'reset-password') {
if (!$_POST['password'] || !$_POST['password']) {
buckys_add_message(MSG_EMPTY_PASSWORD, MSG_TYPE_ERROR);
} else {
if ($_POST['password'] != $_POST['password']) {
buckys_add_message(MSG_NOT_MATCH_PASSWORD, MSG_TYPE_ERROR);
} else {
$pwd = buckys_encrypt_password($_POST['password']);
BuckysUser::updateUserFields($userID, ['password' => $pwd]);
buckys_redirect('/index.php', MSG_PASSWORD_UPDATED);
}
}
}
buckys_enqueue_stylesheet('register.css');
buckys_enqueue_javascript('register.js');
public function followAction()
{
$data = $_POST;
$token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null;
$pageID = isset($data['pageID']) ? $data['pageID'] : null;
if (!$token) {
return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')];
}
if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')];
}
$pageFollowerIns = new BuckysPageFollower();
$result = $pageFollowerIns->addFollower($pageID, $userID);
if ($result) {
$count = $pageFollowerIns->getNumberOfFollowers($pageID);
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ["STATUS" => "SUCCESS", "MESSAGE" => MSG_FOLLOW_PAGE_SUCCESS, "FOLLOWERS" => $count . " follower" . ($count > 1 ? "s" : "")]];
} else {
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_FOLLOW_PAGE_FAIL)];
}
}
/**
* Check Cookie values for keep me signed in
*/
function buckys_check_cookie_for_login()
{
global $db;
if (isset($_COOKIE['COOKIE_KEEP_ME_NAME1']) && isset($_COOKIE['COOKIE_KEEP_ME_NAME2']) && isset($_COOKIE['COOKIE_KEEP_ME_NAME3'])) {
$token1 = base64_decode($_COOKIE['COOKIE_KEEP_ME_NAME1']);
$token3 = base64_decode($_COOKIE['COOKIE_KEEP_ME_NAME2']);
$token2 = base64_decode($_COOKIE['COOKIE_KEEP_ME_NAME3']);
$login_token = md5($token1 . $token2 . $token3);
if ($userID = BuckysUsersToken::checkTokenValidity($login_token, "auth")) {
$query = $db->prepare("SELECT userID FROM users WHERE userID=%s AND status=1", $userID);
$userID = $db->getVar($query);
if ($userID) {
$_SESSION['userID'] = $userID;
//Init Some Session Values
$_SESSION['converation_list'] = [];
return $userID;
}
}
//Remove Cookies
setcookie('COOKIE_KEEP_ME_NAME1', null, time() - 1000, "/", TNB_DOMAIN);
setcookie('COOKIE_KEEP_ME_NAME2', null, time() - 1000, "/", TNB_DOMAIN);
setcookie('COOKIE_KEEP_ME_NAME3', null, time() - 1000, "/", TNB_DOMAIN);
}
return false;
}
public function likePostAction()
{
$data = $_POST;
$token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null;
$postID = isset($data['postID']) ? $data['postID'] : null;
$actionType = isset($data['actionType']) ? $data['actionType'] : null;
if (!$token) {
return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')];
}
if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) {
return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')];
}
if (!$postID || !$actionType) {
return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result(MSG_INVALID_REQUEST)];
}
$post = BuckysPost::getPostById($postID);
if (!$post || $post['post_status'] != 1) {
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_INVALID_REQUEST)];
exit;
}
$r = BuckysPost::likePost($userID, $postID, $actionType, false);
$message = buckys_get_pure_messages();
if (!$r) {
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result($message)];
exit;
} else {
$likes = BuckysPost::getPostLikesCount($postID);
return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS', 'MESSAGE' => $message, 'LIKES' => $likes, 'isLiked' => $actionType == 'likePost' ? 'yes' : 'no']];
}
}
