private static function setStatic($username)
{
$user = User::findUserByUsername($username);
//the above function returns an instance of the user object
self::$username = $user->attributes['username'];
self::$password = $user->attributes['password'];
}
public function run()
{
$msg = '';
if (!empty($_POST['submit'])) {
if (!empty($_POST['password'])) {
$user = new User();
if ($user->findUserByUsername($_POST['username'])) {
if ($user->getForgot_hash() == $_REQUEST['token']) {
$password = '******' . Utils::encryptPassword($_POST['password']);
$user->setPassword($password)->setForgot_hash(md5(uniqid()))->save();
Utils::sendTemplateEmail($_POST['username'], 'changed_pass', array('app_name' => APP_NAME));
Utils::redirect('./');
}
} else {
$msg = 'The link to reset your password has expired or is invalid. <a href="./forgot">Please try again.</a>';
}
} else {
$msg = "Please enter a password!";
}
}
if (empty($_REQUEST['token'])) {
// no required information specified, redirect user
$this->view = null;
Utils::redirect('./');
}
$this->write('msg', $msg);
$this->write('un', isset($_REQUEST['un']) ? base64_decode($_REQUEST['un']) : "");
$this->write('token', $_REQUEST['token']);
parent::run();
}
function insertPost($dbc)
{
//Setting username (currently hard coded, will use SESSION variable later)
$username = "******";
$user = User::findUserByUsername($username);
var_dump($user);
$userid = $user->userid;
$errors = [];
try {
$title = Input::getString('title');
} catch (Exception $e) {
array_push($errors, $e->getMessage());
}
try {
$description = Input::getString('description');
} catch (Exception $e) {
array_push($errors, $e->getMessage());
}
try {
$location = Input::getString('location');
} catch (Exception $e) {
array_push($errors, $e->getMessage());
}
try {
$email = Input::getString('email');
} catch (Exception $e) {
array_push($errors, $e->getMessage());
}
try {
$price = Input::getString('price');
} catch (Exception $e) {
array_push($errors, $e->getMessage());
}
if (Input::has('title')) {
if ($_FILES) {
// Create variable for the uploads direc for images in our server
$uploads_directory = 'img/uploads/';
$filename = $uploads_directory . basename($_FILES['image']['name']);
if (move_uploaded_file($_FILES['image']['tmp_name'], $filename)) {
// echo '<p>The file '. basename( $_FILES['image']['name']). ' has been uploaded.</p>';
} else {
//alert("Sorry, there was an error uploading your file.");
}
}
}
$date = date('Y-m-d');
$insert_table = "INSERT INTO posts (userid, post_date, title, price, description, email, location, image) VALUES (:userid, :post_date, :title, :price, :description, :email, :location, :image)";
$stmt = $dbc->prepare($insert_table);
$stmt->bindValue(':userid', $userid, PDO::PARAM_STR);
$stmt->bindValue(':post_date', $date, PDO::PARAM_STR);
$stmt->bindValue(':title', $title, PDO::PARAM_STR);
$stmt->bindValue(':price', $price, PDO::PARAM_STR);
$stmt->bindValue(':description', $description, PDO::PARAM_STR);
$stmt->bindValue(':email', $email, PDO::PARAM_STR);
$stmt->bindValue(':location', $location, PDO::PARAM_STR);
$stmt->bindValue(':image', $filename, PDO::PARAM_STR);
$stmt->execute();
return $errors;
}
public static function attempt($username, $password)
{
$user = User::findUserByUsername($username);
if (password_verify($password, $user->password)) {
$_SESSION['LOGGED_IN_USER'] = $username;
return true;
}
return false;
}
function pageController()
{
session_start();
if (!Auth::check()) {
header('Location: /auth/login');
exit;
}
$username = Auth::user();
$user = User::findUserByUsername($username);
$user_id = $user->attributes['id'];
$ads_list = Ad::findByUserId($user_id);
return array('username' => $username, 'ads_list' => $ads_list);
}
public static function attempt($username, $password)
{
$log = new Log();
$user = User::findUserByUsername($username);
if ($username == $user->username && password_verify($password, $user->password)) {
$_SESSION['LOGGED_IN_USER'] = $username;
$log->info("{$username} logged in successfully");
return true;
} else {
$log->error("{$username} failed to login");
return false;
}
}
public function run()
{
$msg = "";
$to = 1;
$user = new User();
if (isset($_REQUEST['str'])) {
$email = mysql_real_escape_string(base64_decode($_REQUEST['str']));
$confirm_string = substr($_REQUEST['cs'], 0, 10);
// verify the email belongs to a user
if ($user->findUserByUsername($email) && substr($user->getConfirm_string(), 0, 10) == $confirm_string) {
$sql = "\n UPDATE " . USERS . "\n SET\n confirm_string = '',\n confirm = 1,\n is_active = 1\n WHERE username = '******'";
mysql_query($sql);
// send welcome email
Utils::sendTemplateEmail($user->getUsername(), 'welcome', array('nickname' => $user->getNickname()), 'Worklist <*****@*****.**>');
User::login($user, false);
//Optionally can login with confirm URL
$jumbotron = "\n <h2>Welcome to Worklist!</h2>\n <p>\n Click on a job and add your bid, or come join us in our \n <a href='https://gitter.im/highfidelity/worklist' target='_blank'>public chat room</a>.\n Questions? Check out the <a href='./help'>help tab</a>.\n </p>";
} else {
Utils::redirect('./');
}
} elseif (isset($_REQUEST['ppstr'])) {
// paypal address confirmation
$paypal_email = mysql_real_escape_string(base64_decode($_REQUEST['ppstr']));
$hash = mysql_real_escape_string($_REQUEST['pp']);
// verify the email belongs to a user
if (!$user->findUserByPPUsername($paypal_email, $hash)) {
// hacking attempt, or some other error
Utils::redirect('./');
} else {
$user->setPaypal_verified(true);
$user->setPaypal_hash('');
$user->save();
$jumbotron = "\n <h2>Thank you for confirming your Paypal address.</h2>\n <p>You can now bid on items in the Worklist!</p>";
}
} elseif (isset($_REQUEST['emstr'])) {
// new email address confirmation
$new_email = mysql_real_escape_string(base64_decode($_REQUEST['emstr']));
if (!$user->findUserByUsername($_SESSION['username'])) {
Utils::redirect('login');
//we are not logged in
}
//save new email
$user->setUsername($new_email);
$user->save();
$_SESSION['username'] = $new_email;
$jumbotron = "<h2>Thank you for confirming your changed email address.</h2>";
}
$jobs = new JobController();
$jobs->view->jumbotron = $jumbotron;
$jobs->listView();
}
function pageController()
{
session_start();
if (!Auth::check()) {
header('Location: /auth/login');
exit;
}
$username = Auth::user();
$user = User::findUserByUsername($username);
$adid = Input::get('id');
$ad = Ad::find($adid);
$item_name = $ad->attributes['item_name'];
$price = $ad->attributes['price'];
$description = $ad->attributes['description'];
$image_path = $ad->attributes['image_path'];
$contact = $ad->attributes['contact'];
$errors = array();
if (!empty($_POST)) {
if (Input::notEmpty('item_name')) {
$item_name = ValidateAd::getItemName();
}
if (Input::notEmpty('price')) {
$price = ValidateAd::getPrice();
}
if (Input::notEmpty('description')) {
$description = ValidateAd::getDescription();
}
if (Input::notEmpty('contact')) {
$contact = ValidateAd::getContact();
}
$errors = ValidateAd::getErrors();
if (empty($errors)) {
$ad->attributes['item_name'] = $item_name;
$ad->attributes['price'] = $price;
$ad->attributes['description'] = $description;
$ad->attributes['contact'] = $contact;
$ad->attributes['image_path'] = $image_path;
$ad->save();
}
if (!Input::notEmpty('delete-id')) {
//if the form has been submitted
Ad::delete($ad->attributes['id']);
header("Location: /ads");
die;
//delete the specific ad - going to need to somehow tie in the ad id to the delete buttn for that specific id
}
}
return array('ad' => $ad, 'username' => $username, 'item_name' => $item_name, 'price' => $price, 'description' => $description, 'image_path' => $image_path, 'contact' => $contact);
}
public function run()
{
// @TODO: We extra the request but it seems we then don't use it?
extract($_REQUEST);
$msg = '';
if (!empty($_POST['username'])) {
$token = md5(uniqid());
$user = new User();
if ($user->findUserByUsername($_POST['username'])) {
$user->setForgot_hash($token);
$user->save();
$resetUrl = SECURE_SERVER_URL . 'resetpass?un=' . base64_encode($_POST['username']) . '&token=' . $token;
$resetUrl = '<a href="' . $resetUrl . '" title="Password Recovery">' . $resetUrl . '</a>';
Utils::sendTemplateEmail($_POST['username'], 'recovery', array('url' => $resetUrl));
$msg = '<p class="LV_valid">Login information will be sent if the email address ' . $_POST['username'] . ' is registered.</p>';
} else {
$msg = '<p class="LV_invalid">Sorry, unable to send password reset information. Try again or contact an administrator.</p>';
}
}
$this->write('msg', $msg);
parent::run();
}
function pageController()
{
session_start();
if (!Auth::check()) {
header('Location: /auth/login');
exit;
}
$username = Auth::user();
$user = User::findUserByUsername($username);
$email = $user->attributes['email'];
$password = $user->attributes['password'];
$errors = array();
if (!empty($_POST)) {
if (Input::notEmpty('email')) {
$email = ValidateUser::getEmail();
}
if (Input::notEmpty('password')) {
$password = ValidateUser::getPassword();
}
if (Input::notEmpty('passwordmatch')) {
$passwordmatch = ValidateUser::getPasswordMatch();
}
if (Input::notEmpty('passwordmatch') && Input::notEmpty('password')) {
ValidateUser::getCheckMatch($password, $passwordmatch);
}
$errors = ValidateUser::getErrors();
if (empty($errors)) {
$user->attributes['username'] = $username;
$user->attributes['email'] = $email;
$user->attributes['password'] = $password;
$user->save();
header('Location: /users');
exit;
}
}
return array('username' => $username, 'email' => $email, 'password' => $password);
}
function pageController()
{
session_start();
if (!Input::has('id')) {
header('Location: /ads');
exit;
}
if (Auth::check()) {
$username = Auth::user();
$user = User::findUserByUsername($username);
$userid = $user->attributes['id'];
} else {
$userid = null;
}
$adid = Input::get('id');
$ad = Ad::find($adid);
$aduserid = $ad->attributes['user_id'];
$item_name = $ad->attributes['item_name'];
$price = $ad->attributes['price'];
$description = $ad->attributes['description'];
$image_path = $ad->attributes['image_path'];
$contact = $ad->attributes['contact'];
return array('adid' => $adid, 'userid' => $userid, 'aduserid' => $aduserid, 'item_name' => $item_name, 'price' => $price, 'description' => $description, 'image_path' => $image_path, 'contact' => $contact);
}
/**
* Post-AuthView process: create new accounts for new users
*/
public function signup()
{
global $countrylist;
$this->view = null;
$success = false;
$msg = '';
try {
$access_token = isset($_POST["access_token"]) ? trim($_POST["access_token"]) : "";
$country = isset($_POST["country"]) ? trim($_POST["country"]) : "";
$username = isset($_POST["username"]) ? trim($_POST["username"]) : "";
$password = isset($_POST["password"]) ? $_POST["password"] : "";
$pass2 = isset($_POST["password2"]) ? $_POST["password2"] : "";
$usernameTestUser = new User();
$tokenTestUser = new User();
$usernameTestUser->findUserByUsername($username);
$tokenTestUser->findUserByAuthToken($access_token);
if (empty($access_token)) {
throw new Exception("Access token not provided.");
} else {
if (empty($country) || !array_key_exists($country, $countrylist)) {
throw new Exception("Invalid country." . $country);
} else {
if (empty($username) || !filter_var($username, FILTER_VALIDATE_EMAIL)) {
throw new Exception("Invalid username.");
} else {
if (empty($password) || $password != $pass2) {
throw new Exception("Invalid passwords.");
} else {
if ($usernameTestUser->getId()) {
throw new Exception("Username already taken.");
} else {
if ($tokenTestUser->getId()) {
throw new Exception("Access token already in use.");
}
}
}
}
}
}
$this->access_token = $access_token;
$gh_user = $this->apiRequest(GITHUB_API_URL . 'user');
if (!$gh_user) {
throw new Exception("Unable to read user credentials from github.");
}
$nicknameTestUser = new User();
$nickname = $gh_user->login;
if ($nicknameTestUser->findUserByNickname($nickname)) {
$nickname = preg_replace('/[^a-zA-Z0-9]/', '', $gh_user->name);
}
while ($nicknameTestUser->findUserByNickname($nickname)) {
$rand = mt_rand(1, 99999);
$nickname = $gh_user->login . $rand;
if ($nicknameTestUser->findUserByNickname($nickname)) {
$nickname = preg_replace('/[^a-zA-Z0-9]/', '', $gh_user->name) . $rand;
}
}
$user = User::signup($username, $nickname, $password, $access_token, $country);
$success = true;
$this->sync($user, $gh_user);
// Email user
$subject = "Registration";
$link = SECURE_SERVER_URL . "confirmation?cs=" . $user->getConfirm_string() . "&str=" . base64_encode($user->getUsername());
$body = '<p>' . $user->getNickname() . ': </p>' . '<p>You are one click away from an account on Worklist:</p>' . '<p><a href="' . $link . '">Click to verify your email address</a> and activate your account.</p>' . '<p>Welcome aboard, <br /> Worklist / High Fidelity</p>';
$plain = $user->getNickname() . "\n\n" . "You are one click away from an account on Worklist: \n\n" . 'Click/copy following URL to verify your email address activate your account:' . $link . "\n\n" . "Welcome aboard, \n Worklist / High Fidelity\n";
$msg = "An email containing a confirmation link was sent to your email address. " . "Please click on that link to verify your email address and activate your account.";
if (!Utils::send_email($user->getUsername(), $subject, $body, $plain)) {
error_log("SignupController: Utils::send_email failed");
$msg = 'There was an issue sending email. Please try again or notify admin@lovemachineinc.com';
}
} catch (Exception $e) {
$msg = $e->getMessage();
}
echo json_encode(array('success' => $success, 'msg' => $msg));
}
function pageController()
{
session_start();
if (!Auth::check()) {
header('Location: /auth/login');
exit;
}
$username = Auth::user();
$user = User::findUserByUsername($username);
$errors = array();
if (!empty($_POST)) {
$item_name = ValidateAd::getItemName();
$price = ValidateAd::getPrice();
$description = ValidateAd::getDescription();
$contact = ValidateAd::getContact();
$errors = ValidateAd::getErrors();
$finfo = new finfo(FILEINFO_MIME_TYPE);
try {
$ext = array_search($finfo->file($_FILES['image']['tmp_name']), array('jpg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif'), true);
if (false === $ext) {
throw new RuntimeException('Invalid file format.');
}
} catch (RunTimeException $e) {
$error = $e->getMessage();
array_push($errors, $error);
}
$target = "public/upload_images";
if (Input::notEmpty('item_name') && Input::notEmpty('price') && Input::notEmpty('description') && Input::notEmpty('contact')) {
if (empty($errors)) {
if (array_key_exists('image', $_FILES)) {
if ($_FILES["image"]["error"] == UPLOAD_ERR_OK) {
$tmp_name = $_FILES["image"]["tmp_name"];
$name = $_FILES["image"]["name"];
try {
if ($name != "jpg" && $name != "png" && $name != "jpeg" && $name != "gif") {
throw new RuntimeException('Invalid file format.');
}
} catch (RunTimeException $e) {
$error = $e->getMessage();
array_push($errors, $error);
}
move_uploaded_file($tmp_name, "{$target}/{$name}");
}
} else {
}
$ad = new Ad();
$ad->item_name = $item_name;
$ad->price = $price;
$ad->description = $description;
$ad->contact = $contact;
$ad->user_id = $user->attributes['id'];
$ad->image_path = "{$target}/{$name}";
$ad->save();
// redirect from add to the users profile so they can see what they added
header('Location: /users');
exit;
}
}
}
return array('username' => $username, 'errors' => $errors);
}
$stmt->bindValue(':location', $location, PDO::PARAM_STR);
$stmt->bindValue(':image', $filename, PDO::PARAM_STR);
$stmt->execute();
return $errors;
}
if (!empty($_POST)) {
if (checkValues()) {
$errors = insertPost($dbc);
} else {
$message = "Invalid format. Please try again.";
$javascript = "<script type='text/javascript'>alert('{$message}');</script>";
echo $javascript;
}
}
$loggedInUser = $_SESSION['tempuser'];
$user = User::findUserByUsername($loggedInUser);
?>
<!DOCTYPE html>
<html>
<head>
<title>Handel</title>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- BOOTSTRAP CSS -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- CUSTOM CSS -->
<link rel="stylesheet" type="text/css" href="../css/main.css">
<!-- TITLE IMG -->
<!-- <link rel="shortcut icon" href="img/mole.png"> -->
