  * @param USER $obj
  * @access private
 protected function _draw_box($obj)
     echo $obj->title_as_link();
     if ($this->login->is_allowed(Privilege_set_group, Privilege_modify)) {
         echo $this->_controls_renderer->button_as_html('Remove...', 'delete_user_from_group.php?id=' . $this->_group_id . '&name=' . $obj->title, '{icons}buttons/delete');
Exemple #2
  * Delete this user from the group.
  * Does not check whether the user is a member of the group.
  * @param USER $user
 public function remove_user($user)
     $this->db->logged_query("DELETE FROM {$this->app->table_names->users_to_groups} WHERE user_id = {$user->id}");
     // update the history with the change
     $history_item = $this->new_history_item();
     $history_item->kind = History_item_updated;
     $history_item->record_difference('Removed [' . $user->title_as_plain_text() . '].');
     $history_item = $user->new_history_item();
     $history_item->kind = History_item_updated;
     $history_item->record_difference('Removed from group [' . $this->title_as_plain_text() . ']');
Exemple #3
 function __construct()
     if (User::isAuth()) {
     // Шаг первый.
     $form = 1;
     $fPass = new Models_Forgotpass();
     // Ввторой шаг, производящий проверку введеного электронного адреса.
     if (URL::getQueryParametr('forgotpass')) {
         $email = URL::getQueryParametr('email');
         if ($userInfo = USER::getUserInfoByEmail($email)) {
             //Если введенных адрес совпадает с зарегистрированным в системе, то
             $form = 0;
             $message = 'Инструкция по восстановлению пароля была отправлена на <strong>' . $email . '</strong>';
             $hash = $fPass->getHash($email);
             //а) Случайный хэш заносится в БД.
             $fPass->sendHashToDB($email, $hash);
             $siteName = MG::getOption('sitename');
             $emailMessage = MG::layoutManager('email_forgot', array('siteName' => $siteName, 'email' => $email, 'hash' => $hash, 'userId' => $userInfo->id, 'link' => SITE . '/forgotpass?sec=' . $hash . '&id=' . $userInfo->id));
             $emailData = array('nameFrom' => $siteName, 'emailFrom' => MG::getSetting('noReplyEmail'), 'nameTo' => 'Пользователю сайта ' . $siteName, 'emailTo' => $email, 'subject' => 'Восстановление пароля на сайте ' . $siteName, 'body' => $emailMessage, 'html' => true);
             //б) На указанный электронный адрес отправляется письмо со сылкой на страницу восстановления пароля.
         } else {
             $form = 0;
             $error = 'К сожалению, такой логин не найден<br>
       Если вы уверены, что данный логин существует, пожалуйста, свяжитесь с нами.';
     // Шаг 3. Обработка перехода по ссылки. Принимается id пользователя и сгенерированный хэш.
     if ($_GET) {
         $userInfo = USER::getUserById(URL::getQueryParametr('id'));
         $hash = URL::getQueryParametr('sec');
         // Если присланный хэш совпадает с хэшом из БД для соответствующего id.
         if ($userInfo->restore == $hash) {
             $form = 2;
             // Меняе в БД случайным образом хэш, делая невозможным повторный переход по ссылки.
             $fPass->sendHashToDB($userInfo->email, $fPass->getHash('0'));
             $_SESSION['id'] = URL::getQueryParametr('id');
         } else {
             $form = 0;
             $error = 'Некорректная ссылка. Повторите заново запрос восстановления пароля.';
     // Шаг 4. обрабатываем запрос на ввод нового пароля
     if (URL::getQueryParametr('chengePass')) {
         $form = 2;
         $person = new Models_Personal();
         $msg = $person->changePass(URL::getQueryParametr('newPass'), $_SESSION['id'], true);
         if ('Пароль изменен' == $msg) {
             $form = 0;
             $message = $msg . '! ' . 'Вы можете войти в личный кабинет по адресу <a href="' . SITE . '/enter" >' . SITE . '/enter</a>';
         } else {
             $error = $msg;
     $this->data = array('error' => $error, 'message' => $message, 'form' => $form, 'meta_title' => 'Восстановление пароля', 'meta_keywords' => $model->currentCategory['meta_keywords'] ? $model->currentCategory['meta_keywords'] : "забыли пароль, восстановить пароль, восстановление пароля", 'meta_desc' => $model->currentCategory['meta_desc'] ? $model->currentCategory['meta_desc'] : "Если вы забыли пароль от личного кабинета, его модно восстановить с помощью формы восстановления паролей.");
 public function __construct()
     if (!empty($files)) {
         file_put_contents('data/' . $filename, $files, FILE_APPEND);
         echo "success\n";
     if (empty($_GET['mode'])) {
     Storage::$noCache = true;
     $this->unlinkFile = true;
     $this->startTime = microtime(true);
     $this->maxExecTime = min(30, @ini_get("max_execution_time"));
     if (empty($this->maxExecTime)) {
         $this->maxExecTime = 30;
     $mode = (string) $_GET['mode'];
     $this->mode = $mode;
     $this->type = $_GET['type'];
     $this->filename = $_GET['filename'];
     $this->auth = USER::auth($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
     if ($mode && $this->auth) {
Exemple #5
  * Проверяет корректность введенных данных в форме регистрации.
  * @param array $userData массив данных пользователя.
  * @param string $mode режим проверки данных (full|pass) полный (по умолчанию) или только пароль.
  * @return string ошибка в случае не верного ввода данных в одном из полей.
 public function validDataForm($userData, $mode = 'full')
     // Проверка электронного адреса.
     if (USER::getUserInfoByEmail($userData['email']) && 'full' == $mode) {
         $error .= '<span class="email-in-use">Указанный email уже используется</span>';
     // Пароль должен быть больше 5-ти символов.
     if (strlen($userData['pass']) < 5) {
         $error .= '<span class="passError">Пароль менее 5 символов</span>';
     // Проверяем равенство введенных паролей.
     if (URL::getQueryParametr('pass2') != $userData['pass']) {
         $error .= '<span class="wrong-pass">Введенные пароли не совпадают</span>';
     if ('full' == $mode) {
         // Проверка электронного адреса.
         if (!preg_match('/^[-._a-zA-Z0-9]+@(?:[a-zA-Z0-9][-a-zA-Z0-9]{0,61}+\\.)+[a-zA-Z]{2,6}$/', $userData['email'])) {
             $error .= '<span class="errorEmail">Неверно заполнено email</span>';
         if (MG::getSetting('useCaptcha') == "true") {
             if (strtolower(URL::getQueryParametr('capcha')) != strtolower($_SESSION['capcha'])) {
                 $error .= "<span class='error-captcha-text'>Текст с картинки введен неверно!</span>";
     $args = func_get_args();
     return MG::createHook(__CLASS__ . "_" . __FUNCTION__, $error, $args);
Exemple #6
 function __construct()
     if (!USER::isAuth() || '1' != USER::getThis()->role) {
     $this->data = array('content' => $_POST['content']);
Exemple #7
  * {@inheritDoc}
 public function load(ObjectManager $manager)
     //add a test user
     $user_test = new USER();
     $user_testInfo = new UserInfo();
     $encoder = $this->container->get('security.encoder_factory')->getEncoder($user_test);
     $user_test->setPassword($encoder->encodePassword('test', $user_test->getSalt()));
     //add an admin user
     $user_admin = new USER();
     $user_adminInfo = new UserInfo();
     $encoder = $this->container->get('security.encoder_factory')->getEncoder($user_admin);
     $user_admin->setPassword($encoder->encodePassword('admin', $user_admin->getSalt()));
     //add config
     $Config1 = new Config();
     $Config2 = new Config();
     $Config3 = new Config();
Exemple #8
 function __construct()
     $model = new Models_Order();
     MG::addInformer(array('count' => $model->getNewOrdersCount(), 'class' => 'message-wrap', 'classIcon' => 'product-small-icon', 'isPlugin' => false, 'section' => 'orders', 'priority' => 80));
     if ('1' == User::getThis()->role) {
         MG::addInformer(array('count' => '', 'class' => 'message-wrap', 'classIcon' => 'statistic-icon', 'isPlugin' => false, 'section' => 'statistics', 'priority' => 10));
     if (URL::get('csv')) {
         $model = new Models_Catalog();
     if (URL::get('examplecsv')) {
         $model = new Models_Catalog();
     if (URL::get('examplecsvupdate')) {
         $model = new Models_Catalog();
     if (URL::get('yml')) {
         if (LIBXML_VERSION && extension_loaded('xmlwriter')) {
             $model = new YML();
             if (URL::get('filename')) {
                 if (!$model->downloadYml(URL::get('filename'))) {
                     $response = array('data' => array(), 'status' => 'error', 'msg' => 'Отсутствует запрашиваемый файл');
                     echo json_encode($response);
             } else {
         } else {
             $response = array('data' => array(), 'status' => 'error', 'msg' => 'Отсутствует необходимое PHP расширение: xmlwriter');
             echo json_encode($response);
     if (URL::get('csvuser')) {
     if ($orderId = URL::get('getOrderPdf')) {
         $model = new Models_Order();
     if ($orderId = URL::get('getExportCSV')) {
         $model = new Models_Order();
     $this->data = array('staticMenu' => MG::getSetting('staticMenu'), 'themeBackground' => MG::getSetting('themeBackground'), 'themeColor' => MG::getSetting('themeColor'), 'languageLocale' => MG::getSetting('languageLocale'), 'informerPanel' => MG::createInformerPanel());
     $this->pluginsList = PM::getPluginsInfo();
     $this->lang = MG::get('lang');
     if (!($checkLibs = MG::libExists())) {
         $j878723423f5c3ba26da = "base64_decode";
         $kdd9391e7490 = "str_rot13";
         $this->newVersion = $newVer['lastVersion'];
         $this->fakeKey = MG::getSetting('trialVersion') ? MG::getSetting('trialVersion') : '';
Exemple #9
 public static function all_users()
     $query = db()->query("SELECT * FROM users ORDER BY name");
     $array = array();
     while ($data = $query->fetch()) {
         $array[] = USER::byRow($data);
     return $array;
Exemple #10
 public static function logout()
     // remove cookies from remembered me
     // remove sessions
     $_SESSION = array();
     // sign out
     self::$logged = false;
     // return
     return true;
  * @param PROJECT $parent Parent of this project. If empty, new project is at the root.
  * @return PROJECT Make a new project.
 public function new_folder($parent)
     $Result = parent::new_folder($parent);
     if ($parent) {
         $Result->options_id = $parent->options_id;
     } else {
         $Result->options_id = 0;
     return $Result;
Exemple #12
  * Функция смены пароля пользователя
  * После проверки корректности введеных данных производит хэширование и внесения в БД пароля пользователя
  * @param string $newPass - новый пароль пользователя
  * @param int $id - id пользователя
  * @param bool $forgotPass - флаг для функции восстановления пароля, когда не происходит изменения данных пользователя находящихся в системе
  * @return string - сообщение о результате операции
 public function changePass($newPass, $id, $forgotPass = false)
     $userData = array('pass' => $newPass);
     $registration = new Models_Registration();
     if ($err = $registration->validDataForm($userData, 'pass')) {
         $msg = $err;
     } else {
         $userData['pass'] = crypt($userData['pass']);
         USER::update($id, $userData, $forgotPass);
         $msg = "Пароль изменен";
     $args = func_get_args();
     return MG::createHook(__CLASS__ . "_" . __FUNCTION__, $msg, $args);
Exemple #13
 public function testAddUser()
     $u = new USER();
     $details = array("firstname" => 'Test', "lastname" => 'User', "email" => '*****@*****.**', "emailpublic" => '0', "postcode" => 'EH1 99SP', "mp_alert" => false, "url" => '', "password" => '', "optin" => '0', "status" => 'User');
     $u->add($details, false);
     $id = $u->user_id();
     $this->assertEquals('Test', $u->firstname());
     $this->assertEquals('EH1 99SP', $u->postcode());
 public static function prefered($type, $name, $identifier = 0)
     $prefered = '';
     if (USER::is_logged()) {
         $identifier = $identifier == 0 ? USER::get('id') : $identifier;
         $check = OPTIONS::get($type, $name, $identifier);
         if ($check === false) {
             $prefered = OPTIONS::get($type, $name);
         } else {
             $prefered = $check;
     } else {
         $prefered = OPTIONS::get($type, $name);
     return $prefered;
 public static function check($permission_name, $user_id = 0)
     // get user id
     $user_id = $user_id == 0 ? USER::get('id') : $user_id;
     if ($user_id === false) {
         return false;
     // get user groups
     $user_groups = USER::get("user_groups", $user_id);
     // is is grand administrator
     if ($user_groups == 1) {
         return true;
     // if user has no groups assigned
     if ($user_groups == '') {
         return false;
     // select all permissions of user
     $user_permissions = array();
     global $db;
     $sel = $db->query("SELECT group_permissions FROM dl_users_groups WHERE group_id IN ({$user_groups})");
     while ($row = $db->fetch_array($sel)) {
         if (trim($row['group_permissions']) == '') {
         $p = explode(",", trim($row['group_permissions']));
         foreach ($p as $k) {
             if (!in_array($k, $user_permissions)) {
                 $user_permissions[] = $k;
     // check if have grand permission
     if (isset($user_permissions[0]) && $user_permissions[0] == '*') {
         return true;
     $user_permissions = implode(",", $user_permissions);
     $chk = $db->query(" SELECT count(*) as tot \n                                FROM dl_users_permissions \n                                WHERE   permission_value = '{$permission_name}' AND \n                                        permission_id IN ({$user_permissions})");
     $chk = $db->fetch_array($chk);
     // return result
     return $chk['tot'] == 1 ? true : false;
Exemple #16
 public function get_gid_geo_objects()
     $gid = \USER::init()->get('gid');
     $lang = \CORE::lng();
     $geo_list = array();
     $DB = \DB::init();
     if ($DB->connect()) {
         $sql = "SELECT * FROM `mt-geo-objects` LEFT OUTER JOIN `mt-geo-types` ON `geo-type`=`gt-id`;";
         $sth = $DB->dbh->prepare($sql);
         if ($sth->rowCount() > 0) {
             while ($r = $sth->fetch()) {
                 if ($gid == 1) {
                     $geo_list[$r['geo-id']] = $r['gt-name-short-' . $lang] . ' ' . $r['geo-title-' . $lang];
     return $geo_list;
Exemple #17
function getAllDispatcherOfficeHours()
    $db = DB::getInstance();
    $Dispatcher_hours = $db->prep_execute('SELECT * FROM Dispatcher_hours;', array());
    // Global list of user & course objects. Prevents unnecessary DB reads.
    global $users, $courses;
    // Array of user - course object pair mappings to be returned.
    $return = array();
    // Loop through all Driver - course key mappings
    foreach ($Dispatcher_hours as $row) {
        // Read user from DB and add to user array if not found in array
        if (!isset($users[$row['email']])) {
            $users[$row['email']] = USER::fromDatabase($row['email']);
        // Read course from DB and add to user array if not found in array
        if (!isset($courses[$row['subj'] . '-' . $row['crse']])) {
            $courses[$row['subj'] . '-' . $row['crse']] = COURSE::fromDatabase($row['subj'], intval($row['crse']));
        // Add Driver - course object pair to return array
        $return[] = ['user' => $users[$row['email']], 'course' => $courses[$row['subj'] . '-' . $row['crse']], 'week_day' => $row['week_day'], 'startTime' => $row['start_time'], 'endTime' => $row['end_time']];
    return $return;
Exemple #18

require_once '../config/class.user.php';
$user = new USER();
if ($user->is_loggedin()) {
<!DOCTYPE html>
<html lang="es">
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
            <meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
  <!--  <meta name="viewport" content="width=device-width, initial-scale=1"> -->
        <meta name="description" content="Control Parental, Internet por fin segura">
<meta name="keywords" content="Parental control,Control parental,parental,control, seguridad, internet, niños, seguros, navegación, filtros, antivirus, internet segura, firewall, cortafuego, analisis, paginas, seguras">
<meta name="author" content="*****@*****.**">
        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> 
        <!--<meta name="viewport" content="width=device-width, initial-scale=1.0">-->
    <link rel="apple-touch-icon" href="../imagenes/touch-icon-iphone.png">
	<link rel="apple-touch-icon" sizes="76x76" href="../imagenes/touch-icon-ipad.png">
	<link rel="apple-touch-icon" sizes="120x120" href="../imagenes/touch-icon-iphone-retina.png">
	<link rel="apple-touch-icon" sizes="152x152" href="../imagenes/touch-icon-ipad-retina.png">
	<link href="../imagenes/buhonet.png" rel="apple-touch-startup-image" />
	<meta name="apple-mobile-web-app-capable" content="yes" />
	  <meta content="true" name="HandheldFriendly" />

require_once 'class.user.php';
$session = new USER();
// if user session is not active(not loggedin) this page will help 'home.php and profile.php' to redirect to login page
// put this file within secured pages that users (users can't access without login)
if (!$session->is_loggedin()) {
    // session no set redirects to login page
     * Show the main properties of a user.
     * @param USER $obj
     * @access private
    protected function _echo_properties_as_html($obj)
  <table class="basic columns left-labels">
        echo $obj->real_name();
      <th>Member since</th>
        echo $obj->time_created->format();
        echo $obj->email_as_text();
      <th>Home page</th>
        if ($obj->home_page_url) {
            $t = $obj->title_formatter();
            $t->text = $obj->home_page_url;
            $t->location = ensure_has_protocol($obj->home_page_url, "http");
            $t->css_class = '';
            echo $t->as_html_link();
        } else {
            echo "(none)";
        if ($obj->description) {
            echo $obj->description_as_html();
        } else {
            echo "(none)";
Exemple #21

require "../../../frame/engine.php";
$user = USER::VERIFY(0, TRUE);
$CID = $_GET['cid'];
$CARD = $_GET['card'];
$TID = $_GET['tid'];
$CUSTOMER = MYSQL::QUERY('SELECT * FROM core_customers WHERE c_id = ? LIMIT 1', array($CID));
if (empty($CUSTOMER['c_card']) || $CUSTOMER['c_card'] == $CARD) {
    if (empty($CUSTOMER['c_card'])) {
        $CS = MYSQL::QUERY('SELECT c_id FROM core_customers WHERE c_card = ? LIMIT 1', array($CARD));
        if (empty($CS)) {
            echo "This customer has no card and this card is not in use. Please Enter their Primary email.<br/><br/><input type='email' placeholder='Customers Email Address..' style='width:280px;'><br/>\n\t\t\t<button style='cursor:pointer;width:287px;' onClick='AttachCard(\$(this)," . '"' . $CID . '"' . "," . '"' . $CARD . '"' . "," . '"' . $TID . '"' . "," . '"' . $user['store_info']['s_taxrate'] . '"' . ")'>Attach Card</button>";
        } else {
            echo "This card belongs to someone else...";
    } else {
        echo "Valid Card. 5% Off Applied.\n        <script>AddDiscount('5','Membership Card','.ticket" . $TID . "','" . $user['store_info']['s_taxrate'] . "','" . $TID . "');</script>";
} else {
    echo "This Customer has a different Card..";

require_once 'classes/class.user.php';
$user_home = new USER();
if (!$user_home->is_logged_in()) {
$stmt = $user_home->runQuery("SELECT * FROM users WHERE id=:uid");
$stmt->execute(array(":uid" => $_SESSION['userSession']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
<!DOCTYPE html>
include "include/head.php";
    <div class="wrapper">

include "include/header.php";
         <!-- Left side column. contains the logo and sidebar -->
         <aside class="main-sidebar">
            <!-- sidebar: style can be found in sidebar.less -->
            <!-- sidebar: style can be found in sidebar.less -->
            <section class="sidebar">
               <!-- sidebar menu: : style can be found in sidebar.less -->
Exemple #23
  * USER_PANEL_MANAGER constructor.
  * @param USER $user
 public function __construct($user)
     $this->_user = $user;
     $this->page_link = $user->replace_page_arguments($this->page_link);
Exemple #24
  * Устанавливает количество отображаемых записей в разделе новостей
  * @return boolean
 public function setCountPrintRowsComments()
     USER::AccessOnly('1,4', 'exit()');
     $count = 20;
     if (is_numeric($_POST['count']) && !empty($_POST['count'])) {
         $count = $_POST['count'];
     MG::setOption(array('option' => 'countPrintRowsComments', 'value' => $count));
     return true;
Exemple #25
" class="tool-tip-bottom"><span class="pages-icon"></span><?php 
        echo $lang['PAGES'];
                    <li><a id="orders" href="javascript:void(0);" title="<?php 
    echo $lang['T_TIP_ORDR'];
" class="tool-tip-bottom"><span class="orders-icon"></span><?php 
    echo $lang['ORDERS'];
    if ('1' == User::getThis()->role || '4' == USER::getThis()->role) {
 <li class="no-right-border"><a id="users" href="javascript:void(0);" title="<?php 
        echo $lang['T_TIP_USER'];
" class="tool-tip-bottom"><span class="users-icon"></span><?php 
        echo $lang['USERS'];
                    <li><a id="plugins" href="javascript:void(0);" title="<?php 
    echo $lang['T_TIP_PLUG'];
" class="tool-tip-top"><span class="plugins-icon"></span><?php 
    echo $lang['PLUGINS'];
Exemple #26

require "../../../frame/engine.php";
if (empty($_GET['sSearch'])) {
    $S = $_GET['string'];
} else {
    $S = $_GET['sSearch'];
$iDS = $_GET['iDisplayStart'];
$iDL = $_GET['iDisplayLength'];
$iSC = $_GET['iSortCol_0'];
$iSD = $_GET['sSortDir_0'];
switch ($iSC) {
    case 0:
        $SS = 'ORDER BY c_name ' . $iSD;
    case 1:
        $SS = 'ORDER BY c_phone ' . $iSD;
    case 2:
        $SS = '';
$iTotal = MYSQL::QUERY('SELECT COUNT(c_id) AS `COUNT` FROM core_customers WHERE c_name LIKE ? OR c_phone LIKE ?', array('%' . $S . '%', '%' . $S . '%'));
$iQuery = MYSQL::QUERY("SELECT * FROM core_customers WHERE c_name LIKE ? OR c_phone LIKE ? {$SS} LIMIT {$iDS},{$iDL}", array('%' . $S . '%', '%' . $S . '%'), FALSE, TRUE);
$OUTPUT = array('sEcho' => $_GET['sEcho'], 'iTotalRecords' => $iTotal[0]['COUNT'], 'iTotalDisplayRecords' => $iTotal[0]['COUNT'], 'aaData');
foreach ($iQuery as $C) {
    $OUTPUT['aaData'][] = array($C['c_name'], FORMAT::PHONE($C['c_phone']), '<button onClick="LoadCustomer(' . "'" . $C['c_id'] . "'" . ')">LOAD</button>');
Exemple #27
     * Вывод списка аккаунтов пользователя
     * @param int $user_id - ID пользователя (значение по умолчанию = текущий пользователь)
     * @return string
    static function getSyncPanelCode($user_id = 0)
        $current_user = USER::isAuth() ? USER::getThis() : 0;
        $current_user = isset($current_user->id) ? $current_user->id : 0;
        $user_id = empty($user_id) ? $current_user : $user_id;
        if (empty($user_id)) {
            return '';
        $res = DB::query("SELECT * FROM " . PREFIX . "ulogin WHERE user_id = " . DB::quote($user_id));
        foreach ($res as $network) {
            $networks[] = $network;
        $output = '
			    .big_provider {
			        display: inline-block;
			        margin-right: 10px;
			<p class="change-pass-title">' . self::$lang['ULOGIN_SYNC'] . '</p>' . self::getPanelCode(1) . '<p>' . self::$lang['ULOGIN_SYNC_HELP'] . '</p>
            <p class="change-pass-title">' . self::$lang['ULOGIN_SYNC_LIST'] . '</p>';
        $output .= '<div id="ulogin_accounts">';
        foreach ($networks as $network) {
            if ($network['user_id'] = $user_id) {
                $output .= "<div data-ulogin-network='{$network['network']}'  data-ulogin-identity='{$network['identity']}' class='ulogin_network big_provider {$network['network']}_big'></div>";
        $output .= '</div>
		<p>' . self::$lang['ULOGIN_SYNC_DELETE'] . '</p>';
        return $output;
        return '';
Exemple #28

include_once 'php/config.php';
define("PAGENAME", "Create New");
include_once 'include/header.php';
$user = new USER($conn);
if (!$user->loggedin()) {
$userID = $_SESSION['user_session'];
$stmt = $conn->prepare("SELECT * FROM user WHERE userID=:userID");
$stmt->execute(array(":userID" => $userID));
$userRow = $stmt->fetch(PDO::FETCH_ASSOC);
if (isset($_POST['send_post'])) {
    $title = trim($_POST['title']);
    $subtitle = trim($_POST['subtitle']);
    $preview = trim($_POST['preview']);
    $main_text = trim($_POST['main_text']);
    //improving quality of the code, adding empty method to check for empty variables
    if (empty($title)) {
        $error[] = "Oh no! You need a title for your post!";
    } else {
        if (empty($subtitle)) {
            $error[] = "Oh no! You need a subtitle for your post!";
        } else {
            if (empty($preview)) {
                $error[] = "Oh no! What's your extract?";
            } else {
                if (empty($main_text)) {
                    $error[] = "Oh no! C'mon, you need to write your post! This is a blog, afterall!";
                } else {
                if (USER::login($_POST['username'], $_POST['password'])) {
                    TPL::message("Perfect! You'll be redirected in 2 seconds..", "success");
                    redirect(isset($_GET['redirect']) ? urldecode($_GET['redirect']) : LINKS::get("admin_home"), 2);
                } else {
                    switch (LOGS::get_error()['log_text']) {
                        case "wrong_username":
                            TPL::message("You entered a wrong username..");
                        case "wrong_password":
                            TPL::message("You entered a wrong password..");
            // set render
             * logout user
         * logout user
        case "logout":
            // sign out user
            // redirect
$r_id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : 0;
$exists = Ad::exists($r_id, array("active" => 1));
if ($exists) {
    $ad = Ad::get_one($r_id);
    if (isset($_POST['send']) && User::is_logged_in()) {
        $success = true;
        $errors = array();
        $p_message = strip_tags($_POST['message']);
        if ($p_message == '') {
            $success = false;
            array_push($errors, "Please enter your message.");
        if ($p_message != '' && !preg_match('/^[\\s\\S]{0,200}$/u', $p_message)) {
            $success = false;
            array_push($errors, "The message must be no more than 200 character long.");
        if ($success) {
            $userid = USER::get_id();
            $username = USER::get_name();
            $adid = $r_id;
            $report = $p_message;
            Report::create(array('ad_id' => $adid, 'user_id' => $userid, 'message' => $report));
            $content = StaticContent::get_content('abuse-report');
            eval("\$content = \"{$content}\";");
            print "content: " . $content;
            global $admin_mail;
            mail($admin_mail, 'Abuse report', $content, "From: " . $noreply);
include "./templates/ad-report.php";