/**
* Vote
* POST
*
* @param Request $request
* @param RPG $rpgLib
* @return Response
*/
public function vote(Request $request, RPG $rpgLib)
{
$user = UserManager::find(Auth::user()->guid);
$time = time();
$this->validate($request, ['out' => 'required|numeric']);
if ($request->out != $rpgLib->getValueOut()) {
return redirect()->back();
} elseif (($time - $user->heurevote) / 60 < 180) {
return redirect()->back();
}
$user->points += config('config.points.vote');
$user->votes += 1;
$user->heurevote = $time;
$user->save();
return redirect()->route('home');
}
/**
* Returns an instance of an RPG_Auth subclass, given the username,
* password, and an adapter class name. If the adapter is not given,
* it will use the authAdapter setting as defined in config.php.
*
* @param string $username
* @param string $password
* @param string $adapter
* @return RPG_Auth subclass
*/
public static function factory($username, $password, $adapter = null)
{
if ($adapter === null) {
$adapter = RPG::config('authAdapter');
}
if (is_string($adapter) and class_exists($adapter) and is_subclass_of($adapter, 'RPG_Auth')) {
return new $adapter($username, $password);
}
}
/**
* Creates a new user record on the local database, if it doesn't exist.
*
* @param array $user
*/
protected function _createLocalRecord(array $user)
{
$db = RPG::database();
$existing = $db->query('SELECT user_id FROM {user}
WHERE user_external_id = :0', $user['userid']);
if ($existing->getNumRows() > 0) {
$userId = $existing->fetchOne();
} else {
/* TODO: this should replace the raw insert()
$obj = RPG::model('user')->getObject();
$obj->user_name = htmlspecialchars_decode($user['username'], ENT_COMPAT);
$obj->user_email = $user['email'];
$obj->user_external_id = $user['userid'];
RPG::model('user')->insert($obj);
*/
$userId = $db->insert('user', array('user_name' => htmlspecialchars_decode($user['username'], ENT_COMPAT), 'user_password' => '', 'user_salt' => RPG::model('user')->generateSalt(5), 'user_email' => $user['email'], 'user_autologin' => '', 'user_autologin_time' => 0, 'user_money' => 0, 'user_external_id' => $user['userid'], 'user_joindate' => RPG_NOW));
}
return $userId;
}
/**
* Fetches a set of entries, given a series of options.
*
* - getBody: Will fetch the body of each entry (true)
* - getUser: Will fetch the author name (true)
* - limit: Max number of entries to fetch (5)
* - offset: Number to start fetching entries (0)
* - where: Optional where clause (array())
* - order: How to order the result (array('news_time' => 'DESC'))
*
* @param array $options List of options.
* @return array News entries referenced by news_id.
*/
public function getEntries(array $options = array())
{
$default = array('getBody' => true, 'getUser' => true, 'limit' => 5, 'offset' => 0, 'where' => array(), 'order' => array('news_time' => 'DESC'));
$options = array_merge($default, $options);
$select = RPG::database()->select('news')->addColumns('news_id', 'news_author', 'news_title', 'news_time');
if ($options['getBody']) {
$select->addColumns('news_body');
}
if ($options['getUser']) {
$select->addColumns('user_name')->addLeftJoin('user', 'user_id = news_author');
}
if ($options['where']) {
// first element is condition, and the rest are bind params
$where = array_shift($options['where']);
$select->addWhere($where);
$select->setBind($options['where']);
}
$select->setOrderBy($options['order'])->setLimit($options['limit'], $options['offset']);
return $select->execute()->fetchMapped('news_id');
}
/**
* Validates the form token given in a request.
*
* @param string $formKey Unique form key.
* @return bool
* @throws RPG_Exception_Token in case of error.
*/
public function checkFormToken($formKey)
{
// pick the token from the request
$userToken = RPG::input()->post('csrf_token', 'string');
// token wasn't there?
if (empty($userToken)) {
throw new RPG_Exception_Token(RPG_Exception_Token::MISSING);
}
// token wasn't set server-side?
if (!isset($_SESSION['_csrf'][$formKey])) {
throw new RPG_Exception_Token(RPG_Exception_Token::INVALID);
}
list($time, $token) = explode('|', $_SESSION['_csrf'][$formKey]);
// token expired?
if (intval($time) < RPG_NOW - self::FORM_TOKEN_MAX_AGE) {
throw new RPG_Exception_Token(RPG_Exception_Token::EXPIRED);
}
// check to make sure tokens match
if ($userToken !== $token) {
throw new RPG_Exception_Token(RPG_Exception_Token::INVALID);
}
// remove existing token and return success.
unset($_SESSION['_csrf'][$formKey]);
return true;
}
/**
* Outputs the page to the browser.
*
* @todo In the future, have multiple output formats? XML, JSON, etc.
*/
public function render()
{
// set the styles/css/javascript, and render to $output
$output = $this->getLayout()->set(array('styleSheets' => $this->_styleSheets, 'inlineCss' => $this->_inlineCss, 'scriptFiles' => $this->_scriptFiles, 'inlineScript' => $this->_inlineScript, 'navigation' => $this->_navigation, 'subNavigation' => $this->_subNavigation, 'navbits' => $this->_navbits))->render();
$gzworked = false;
// gzip the output if we can.
// headers can't be sent or else we won't be able to set content-encoding.
// only gzipping if output is >1kb, make this configurable?
if (RPG::config('usegzip') and !RPG::isRegistered('nogzip') and isset($_SERVER['HTTP_ACCEPT_ENCODING']) and strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false and !headers_sent() and strlen($output) > 1024) {
$output = $this->getGzippedText($output, $gzworked);
}
if (!headers_sent()) {
// send encoding headers if gzip worked
if ($gzworked) {
header('Content-Encoding: gzip');
header('Vary: Accept-Encoding', false);
}
header('Content-Length: ' . strlen($output));
header('Cache-Control: private');
header('Pragma: private');
}
echo $output;
}
?>
">Admin CP</a>
<a href="<?php
echo $this->url('home');
?>
">Home</a>
<a href="#top">Top</a>
</div>
Crindigan Version <?php
echo RPG_VERSION;
?>
, Copyright © 2009-2010 Steven Harris
</div>
<?php
if (RPG::config('debug') and !empty(RPG::$debugMessages)) {
?>
<br />
<div class="block">
<div class="block-header">Debugging Output</div>
<div class="block-body">
<ul>
<?php
foreach (RPG::$debugMessages as $__debug_msg) {
echo '<li>', nl2br($__debug_msg), "</li>\n";
}
?>
<li><a href="<?php
echo $this->url('*/debug-list-actions');
?>
">View Controller Actions</a></li>
/**
* Returns the path info for the request.
*
* @param bool $includeQuery If true, does not remove the query string
* @param bool $includeBase If true, does not remove the base path
* @return string
*/
public function getPath($includeQuery = false, $includeBase = false)
{
// First we'll need a request URI
$path = $_SERVER['REQUEST_URI'];
if (isset($_SERVER['HTTP_HOST']) and strpos($path, $_SERVER['HTTP_HOST']) !== false) {
$path = preg_replace('#^[^:]*://[^/]*/#', '/', $path);
}
// Remove the query string if it's present
if (!$includeQuery and ($query = strpos($path, '?')) !== false) {
$path = substr($path, 0, $query);
}
// Remove the base URL
$baseUrl = RPG::config('baseUrl');
if (!$includeBase and !empty($baseUrl)) {
$baseUrl = rtrim($baseUrl, '/');
$path = substr($path, strlen($baseUrl));
}
$this->_path = $path;
return $path;
}
public function doDelete($key)
{
$db = RPG::database();
$db->delete('hello', array('hello_key = :0', $key));
}
//
try {
// Initialize the system
RPG::setConfig($config);
RPG_Template::setPath($config['viewPath']);
RPG_Model::setPath($config['modelPath']);
RPG::session();
RPG::user(RPG::model('user'));
// add this now, so controllers can include CSS that overrides defaults
RPG::view()->addStyleSheet('media/styles/light.css');
// Process the request
RPG::router($config['controllerPath'])->processRequest();
// stop the timer - needs to be here so it can get rendered via templates
RPG::debug('Execution Time (pre-render): ' . round(microtime(true) - RPG::get('__debug_time'), 4));
// Render the output - TODO: handle styles differently later
RPG::view()->render();
} catch (RPG_Exception $ex) {
// Basic error page
echo '<html>
<head>
<title>Application Error</title>
<style type="text/css">
body { font-family: sans-serif; }
</style>
</head>
<body>
<h1>Application Error</h1>', "\n";
if (isset($config['debug']) and $config['debug'] === true) {
echo $ex;
} else {
echo "There has been an internal error within Crindigan.\n";
/**
* Exchange money with an external system.
*/
public function doMoney()
{
RPG::view()->setNavCurrent('user', 'user/money')->setTitle('Exchange Money');
}
/**
* Returns the path to the temporary file for the given session ID, using
* the session path configured in the config file as a base.
*
* @param string $sessionId
* @return string Path to temporary file: {$sessionPath}/sess_{$sessionId}
*/
protected function _getFile($sessionId)
{
return RPG::config('sessionPath') . '/sess_' . $sessionId;
}
public function updateAutoLogin($userId, $key = '', $time = 0)
{
$affected = RPG::database()->update('user', array('user_autologin' => $key, 'user_autologin_time' => $time), array('user_id = :0', $userId));
}
/**
* Displays the source code of the given action name.
*
* @param string $actionName Name of the controller's action method.
*/
public function doDebugViewAction($actionName)
{
if (RPG::config('debug') === true and strpos($actionName, 'do') === 0) {
$method = new ReflectionMethod($this, $actionName);
$out = '<h2>' . $method->getDeclaringClass()->getName() . "::{$actionName}()</h2>\n" . '<a href="' . RPG::url('*/debug-list-actions') . '">« Action List</a><br /><br />';
$start = $method->getStartLine() - 1;
$end = $method->getEndLine();
$file = file($method->getFileName());
$lines = array_slice($file, $start, $end - $start);
$out .= "<pre>\n " . str_replace("\t", ' ', $method->getDocComment()) . "\n";
foreach ($lines as $line) {
$out .= htmlentities(str_replace("\t", ' ', $line));
}
$out .= '</pre>';
RPG::view()->setLayout('layouts/empty.php')->setContent($out);
}
}
/**
* Adds query information to the debug area of the output.
*
* @param string $sql The query text.
* @param int $time The time taken to run the query.
*/
protected function _writeDebug($sql, $time)
{
RPG::debug("<strong>Query #{$this->_queryCount} - {$time}s:</strong> <a href=\"#\" onclick=\"RPG.toggle(this); RPG.toggle('#rpg_debug_query_{$this->_queryCount}'); return false;\">[Show Query]</a><div style=\"display:none\" id=\"rpg_debug_query_{$this->_queryCount}\">{$sql}</div>");
}
public function doIndex()
{
// just go to HomeController
RPG::view()->redirect('home');
}
/**
* Returns an escaped internal URL given the path as
* "controller/action/param1/.../paramN" and an array of elements to
* include in the query string.
*
* @param string $path
* @param array $query
* @return string Escaped URL.
* @see RPG::url()
*/
public function url($path, array $query = array())
{
return $this->escape(RPG::url($path, $query), true);
}
/**
* Displays more news articles and a navigable archive.
*/
public function doNews()
{
RPG::view()->setNavCurrent('home', 'home/news')->setTitle('News');
}
/**
* Creates the SQL and executes the query.
*
* @return RPG_Database_Result
*/
public function execute()
{
return RPG::database()->query($this->getSql(), $this->_bind);
}
/**
* Generates a new autologin key, saves it to the database, and updates
* the user's cookie.
*/
public function refreshAutoLogin()
{
$loginKey = sha1($this->_model->generateSalt(20));
$this->_model->updateAutoLogin($this->id, $loginKey, RPG_NOW);
// set httponly cookie for 30 days
$this->_input->setCookie('autologin', sha1($loginKey . RPG::config('cookieSalt')), 86400 * 30, true);
$this->_input->setCookie('userid', $this->id, 86400 * 30, true);
}
/**
* Fetches an instance of the router library, initializing if necessary.
*
* @param string $controllerPath Path where controllers are located.
* @return RPG_Router
*/
public static function router($controllerPath = '')
{
if (self::$_router === null) {
if (empty($controllerPath)) {
throw new RPG_Exception('Controller path cannot be empty on first call to RPG::router()');
}
self::$_router = RPG_Router::getInstance();
self::$_router->setControllerPath($controllerPath);
}
return self::$_router;
}
/**
* Logs the user out of the system.
*
* GET Parameters
* - hash: string
* - returnto: string
*/
public function doLogout()
{
$user = RPG::user();
$hash = RPG::input()->get('hash', 'string');
if ($hash === sha1($user->id . sha1($user->salt) . sha1($user->name) . sha1(RPG::config('cookieSalt')))) {
$user->clearAutoLogin();
RPG::session()->regenerateId();
RPG::session()->loggedIn = false;
RPG::session()->userId = 0;
$user->setupGuest();
RPG::session()->setFlash('frontend_message', 'Logged out successfully.');
} else {
RPG::session()->setFlash('frontend_error', 'Invalid logout hash.');
}
$returnTo = urldecode(RPG::input()->get('returnto', 'string'));
$query = array();
if (strpos($returnTo, '?') !== false) {
list($path, $queryString) = explode('?', $returnTo);
parse_str($queryString, $query);
} else {
$path = $returnTo;
}
RPG::view()->redirect($path, $query);
}
/**
* Processes the current request, handing it off to the proper
* controller and action.
*/
public function processRequest()
{
$path = RPG::input()->getPath();
$parts = $this->getUrlParts($path);
$controller = $this->_getController($parts['controller']);
$action = $this->_getActionName($parts['action']);
$this->_parameters = $parts['params'];
if (!method_exists($controller, $action)) {
array_unshift($parts['params'], $this->_action);
$action = 'do404';
$this->_action = '404';
//throw new RPG_Exception('Action "' . $action . '" does not exist.');
}
call_user_func_array(array($controller, $action), $parts['params']);
}
