Exemple #1
0
 public static function check($username)
 {
     if (User::finduserbyusername($username) != null) {
         Session::put('loggedinuser', $username);
         return Redirect::action('UsersController@show');
     } else {
         return Redirect::back()->withInput();
     }
 }
Exemple #2
0
 public static function attempt($username, $password)
 {
     // if(!empty($_REQUEST[$username]) && !empty($_REQUEST[$password]))
     // {
     $user = User::finduserbyusername($username);
     if (empty($user)) {
         return $user;
     }
     // var_dump($user->username);
     // var_dump(password_hash($password, PASSWORD_DEFAULT));
     // foreach($database as $user) {
     if ($username == $user->username && $password == password_verify($password, $user->password)) {
         $_SESSION['Loggedinuser'] = $username;
     }
     // }
     // return false;
 }
Exemple #3
0
function pageController()
{
    require_once '../db/db_connect.php';
    // Gets the current session and session id for logged in users.
    session_start();
    $sessionId = session_id();
    if (!isset($_SESSION['Loggedinuser'])) {
        header('location: auth.login.php');
        die;
    }
    $loginstatus = $_SESSION['Loggedinuser'] . " is logged in!";
    // This portion of code gets all the ads' categories in one array.
    // The categories, which are strings (sometimes with multiple categories in it),
    // are then put into the array by themselves. The array is imploded into a string and then exploded into an
    // array again. This allows us to split the strings with multiple categories in them.
    // The php array_unique removes duplicate category values and sort orders them by first letter.
    $arrayCategories = Ad::showJustCategories();
    $justCategories = [];
    foreach ($arrayCategories as $key => $value) {
        array_push($justCategories, $value['categories']);
    }
    $justCategoriesString = implode(', ', $justCategories);
    $justCategoriesArray = explode(', ', $justCategoriesString);
    $justCategoriesArrayUnique = array_unique($justCategoriesArray);
    sort($justCategoriesArrayUnique);
    // Through $_SESSION, gets the logged in user.
    $username = Auth::user();
    // Returns an object of the user's data.
    $user = User::finduserbyusername($username);
    // Uses the 'Create an Ad' form to insert the new values to the table and database.
    function insertAd($dbc, $user)
    {
        // Now calls on the Input class's getString and getDate methods with try catches.
        // Try catch create an array of errors for passing to the user in the HTML.
        $errorArray = [];
        try {
            $method = Input::getString('method', 1, 50);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errMethod'] = $error;
        }
        try {
            $title = Input::getString('title', 1, 50);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errTitle'] = $error;
        }
        try {
            $price = Input::getNumber('price', 0, 25000);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errPrice'] = $error;
        }
        try {
            $location = Input::getString('location', 1, 50);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errLoc'] = $error;
        }
        try {
            $description = Input::getString('description', 1, 500);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errDes'] = $error;
        }
        try {
            $categoriesArray = Input::get('categories', 1, 50);
            $categories = implode(', ', $categoriesArray);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errCats'] = $error;
        }
        // This portion allows for image uploads.
        if (Input::has('title')) {
            if ($_FILES) {
                $uploads_directory = 'img/uploads/';
                $filename = $uploads_directory . basename($_FILES['image_url']['name']);
                if (move_uploaded_file($_FILES['image_url']['tmp_name'], $filename)) {
                    // echo 'The file ' . basename($_FILES['image_url']['name']) . ' has been uploaded.';
                } else {
                    $errorArray['errImage'] = 'Sorry, there was an error uploading your file.';
                }
            }
        }
        // If the $errorArray is not empty, this will return out of the method before binding values and executing below. The $errorArray returns with an array of strings.
        if (!empty($errorArray)) {
            return $errorArray;
        }
        $stmt = $dbc->prepare('INSERT INTO ads (user_id, method, image_url, title, price, location, description, categories) VALUES (:user_id, :method, :image_url, :title, :price, :location, :description, :categories)');
        $stmt->bindValue(':user_id', $user->id, PDO::PARAM_STR);
        $stmt->bindValue(':method', $method, PDO::PARAM_STR);
        $stmt->bindValue(':image_url', $filename, PDO::PARAM_STR);
        $stmt->bindValue(':title', $title, PDO::PARAM_STR);
        $stmt->bindValue(':price', $price, PDO::PARAM_INT);
        $stmt->bindValue(':location', $location, PDO::PARAM_STR);
        $stmt->bindValue(':description', $description, PDO::PARAM_STR);
        $stmt->bindValue(':categories', $categories, PDO::PARAM_STR);
        $stmt->execute();
    }
    // Sets each variable for future use in the following 'if else' logic tree.
    $errorArray = [''];
    $formMethod = '';
    $formTitle = '';
    $formPrice = '';
    $formLoc = '';
    $formDes = '';
    $formCat = [''];
    $yellow = false;
    // If none of these are set in the $_POST, then nothing happens. This is the outer most if.
    // If these are empty, then the else on line 143 is tripped. Inner if/else on lines 130 and 143.
    // If these have values, updateAd runs. Line 131.
    // If no errors are tripped then if on line 132 trips and the ad is edited.
    // If errors are tripped, then else on line 134 trips and the errors are displayed and the form is sticky.
    if (!empty($_POST)) {
        if (Input::notEmpty('method') && Input::notEmpty('title') && Input::notEmpty('price') && Input::notEmpty('location') && Input::notEmpty('description') && Input::notEmpty('categories')) {
            $errorArray = insertAd($dbc, $user);
            if ($errorArray == []) {
                $errorArray = ['Ad Submitted!'];
            } else {
                $formMethod = Input::get('method');
                $formTitle = Input::get('title');
                $formPrice = Input::get('price');
                $formLoc = Input::get('location');
                $formDes = Input::get('description');
                $formCat = Input::get('categories');
            }
        } else {
            $errorArray = ['Please submit values for each data field.'];
            $yellow = true;
            $formMethod = Input::get('method');
            $formTitle = Input::get('title');
            $formPrice = Input::get('price');
            $formLoc = Input::get('location');
            $formDes = Input::get('description');
            $formCat = Input::has('categories') ? Input::get('categories') : [''];
        }
    }
    return array('user' => $user, 'errorArray' => $errorArray, 'yellow' => $yellow, 'formMethod' => $formMethod, 'formTitle' => $formTitle, 'formPrice' => $formPrice, 'formLoc' => $formLoc, 'formDes' => $formDes, 'formCat' => $formCat, 'justCategoriesArrayUnique' => $justCategoriesArrayUnique, 'loginstatus' => $loginstatus);
}
    header('location: users.show.php');
    die;
}
$message = '';
$loginstatus = "Members, Log In!";
$newuser = new User();
$newuser->email = Input::get('signupemail');
$newuser->phone = Input::get('signupphone');
$newuser->username = Input::get('username');
$newuser->password = Input::get('password');
$newuser->reminder = Input::get('reminder');
$newuser->boxcolor = Input::get('boxcolor');
$newuser->icon = Input::get('icontype');
$receiver = Input::get('emailer');
$receivedmessage = Input::get('comment');
$usercheck = User::finduserbyusername($newuser->username);
$emailcheck = User::checkemail($newuser->email);
if ($newuser->email != null) {
    if ($newuser->phone != null) {
        if ($newuser->username != null) {
            if ($newuser->password != null) {
                if ($newuser->password == Input::get('confirmpassword')) {
                    if (empty($usercheck)) {
                        if (empty($emailcheck)) {
                            $newuser->password = password_hash($newuser->password, PASSWORD_DEFAULT);
                            $newuser->save();
                            $receiver = $newuser->email;
                            $receivedmessage = "Hello, {$newuser->username}!\nWelcome to Spatula City! This email is to let you know that you have successfully been registered in our database, and it also serves as a way to test our brand new emailing system!\nWe hope you enjoy your Spatula shopping experience!\n-Reagan Wilkins, Anthony Burns, and Zeshan Segal.";
                            // $to = $_POST['signupemail'];
                            // $subject = "Welcome to Spatula City!";
                            // $emmessage = wordwrap("Greetings, " . $newuser->username . ",\r\nWelcome to Spatula City, the web's premium advertisement listing forum by Reagan Wilkins, Tony Burns, and Zeshan Segal! At this time you will not be able to log in, as the site is still in testing. This was merely a test of Reagan Wilkins's email code!\r\nHave a pleasant day!\r\n-Reagan Wilkins, Tony Burns, and Zeshan Segal.", 70, "\r\n");
Exemple #5
0
    } else {
        $error = "This email is already taken";
    }
} else {
    if ($choice == "phone") {
        if ($newdata != "") {
            $updateuser->phone = $newdata;
            $updateuser->save();
            $success = "Phone Number Successfully Updated";
        } else {
            $error = "Please enter a new phone number";
        }
    } else {
        if ($choice == "username") {
            $updateuser->username = $newdata;
            $usercheck = User::finduserbyusername($updateuser->username);
            if ($updateuser->username == $userdata['username'] || empty($usercheck)) {
                if ($updateuser->username != "") {
                    $updateuser->save();
                    $_SESSION['Loggedinuser'] = $updateuser->username;
                    $success = "Username successfully updated";
                } else {
                    $error = "Please enter a valid username";
                }
            } else {
                $error = "This username is already taken";
            }
        } else {
            if ($choice == "password") {
                if ($newdata != "") {
                    if ($newdata == Input::get('confirmpass')) {
require_once '../utils/Input.php';
require_once '../models/User.php';
require_once '../db/adlister_login.php';
require_once '../db/db_connect.php';
session_start();
$stmt = $dbc->query('SELECT * FROM users');
$stmt->execute();
$database = $stmt->fetchAll(PDO::FETCH_ASSOC);
$message = '';
$error = '';
$username = Input::get('username');
$email = Input::get('email');
$boxcolor = strtolower(Input::get('boxcolor'));
$icon = strtolower(Input::get('icon'));
if ($username != '' && $email != '' && $icon != '' && $boxcolor != '') {
    $retrieveduser = User::finduserbyusername($username);
    // $stmt1 = $dbc->prepare('SELECT * FROM users WHERE username = :username');
    // $stmt1->bindValue(':username', $retrieveduser->username, PDO::PARAM_STR);
    // $stmt1->execute();
    // $founduser = $stmt1->fetchAll(PDO::FETCH_ASSOC);
    if ($username == $retrieveduser->username) {
        if ($email == $retrieveduser->email) {
            if ($boxcolor == strtolower($retrieveduser->boxcolor)) {
                if ($icon == strtolower($retrieveduser->icon)) {
                    $message = $retrieveduser->reminder;
                } else {
                    $error = "Your icon is incorrect";
                }
            } else {
                $error = "You box color is incorrect";
            }
<?php

session_start();
require_once '../db/adlister_login.php';
require_once '../db/db_connect.php';
require_once '../models/Basemodel.php';
require_once '../models/User.php';
require_once '../utils/Auth.php';
require_once '../utils/Input.php';
require_once '../models/Ad.php';
require_once 'css/userbox.php';
User::dbConnect();
// Selects information based on the info in the query
$usertovisit = $_GET['usertovisit'];
// Only executes the code if the username is in the database. If not, sends you back to the landing page.
if (User::finduserbyusername($usertovisit)) {
    $stmt = $dbc->prepare('SELECT id, username, boxcolor, icon FROM users WHERE username LIKE :username');
    $stmt->bindvalue(':username', $usertovisit, PDO::PARAM_STR);
    $stmt->execute();
    $visitinguser = $stmt->fetch(PDO::FETCH_ASSOC);
    $boxcolor = $visitinguser['boxcolor'];
    $stmt1 = $dbc->prepare('SELECT * FROM ads WHERE user_id = :id');
    $stmt1->bindValue(':id', $visitinguser['id'], PDO::PARAM_INT);
    $stmt1->execute();
    $visitingads = $stmt1;
} else {
    header('location: index.php');
    die;
}
?>
<!DOCTYPE html>
Exemple #8
0
function pageController()
{
    require_once '../db/db_connect.php';
    // Gets the current session and session id for logged in users.
    session_start();
    $sessionId = session_id();
    if (!isset($_SESSION['Loggedinuser'])) {
        header('location: auth.login.php');
        die;
    }
    $loginstatus = $_SESSION['Loggedinuser'] . " is logged in!";
    // This portion of code gets all the ads' categories in one array.
    // The categories, which are strings (sometimes with multiple categories in it),
    // are then put into the array by themselves. The array is imploded into a string and then exploded into an
    // array again. This allows us to split the strings with multiple categories in them.
    // The php array_unique removes duplicate category values and sort orders them by first letter.
    $arrayCategories = Ad::showJustCategories();
    $justCategories = [];
    foreach ($arrayCategories as $key => $value) {
        array_push($justCategories, $value['categories']);
    }
    $justCategoriesString = implode(', ', $justCategories);
    $justCategoriesArray = explode(', ', $justCategoriesString);
    $justCategoriesArrayUnique = array_unique($justCategoriesArray);
    sort($justCategoriesArrayUnique);
    // Through $_SESSION, gets the logged in user.
    $username = Auth::user();
    // Returns an object of the user's data.
    $user = User::finduserbyusername($username);
    // Using the user's id (a foreign key in the ads table), finds all ads by that user.
    $userAds = Ad::findAllAdsByUserId($user->id);
    // The first form "Select an Ad" sets 'ad_to_edit' in $_POST, which is the variable $adToEdit.
    $adToEdit = Input::has('ad_to_edit') ? (int) Input::get('ad_to_edit') : NULL;
    // Using $adToEdit, this returns an object of data about that ad.
    $adToEditObj = Ad::find($adToEdit);
    // Uses the second form of an edited ad to insert the new values into the table and database.
    function updateAd($dbc, $user)
    {
        // Now calls on the Input class's getString and getNumber methods with try catches.
        // Try catch create an array of errors for passing to the user in the HTML.
        $errorArray = [];
        try {
            $method = Input::getString('method', 1, 50);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errMethod'] = $error;
        }
        try {
            $title = Input::getString('title', 1, 50);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errTitle'] = $error;
        }
        try {
            $price = Input::getNumber('price', 0, 25000);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errPrice'] = $error;
        }
        try {
            $location = Input::getString('location', 1, 50);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errLoc'] = $error;
        }
        try {
            $description = Input::getString('description', 1, 500);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errDes'] = $error;
        }
        try {
            $adid = Input::getNumber('adid', 1, 5000000);
        } catch (Exception $e) {
            $error = $e->getMessage();
        }
        try {
            $categoriesArray = Input::get('categories', 1, 50);
            $categories = implode(', ', $categoriesArray);
        } catch (Exception $e) {
            $error = $e->getMessage();
            $errorArray['errCats'] = $error;
        }
        // This portion allows for image uploads.
        // If the user does not upload an image, the value in the readonly input of image url is used instead.
        if (!isset($_FILES['image_upload'])) {
            $filename = Input::get('image_url');
        } else {
            if ($_FILES['image_upload']['name'] != '') {
                $uploads_directory = 'img/uploads/';
                $filename = $uploads_directory . basename($_FILES['image_upload']['name']);
                if (move_uploaded_file($_FILES['image_upload']['tmp_name'], $filename)) {
                    // echo 'The file ' . basename($_FILES['image_upload']['name']) . ' has been uploaded.';
                } else {
                    $errorArray['errImage'] = 'Sorry, there was an error uploading your file.';
                    var_dump($_FILES);
                }
            } else {
                $filename = Input::get('image_url');
            }
        }
        // If the $errorArray is not empty, this will return out of the method before binding values and executing below. The $errorArray returns with an array of strings.
        if (!empty($errorArray)) {
            return $errorArray;
        }
        $stmt = $dbc->prepare('UPDATE ads SET user_id = :user_id, method = :method, image_url = :image_url, title = :title, price = :price, location = :location, description = :description, categories = :categories WHERE id = :id');
        $stmt->bindValue(':id', $adid, PDO::PARAM_INT);
        $stmt->bindValue(':user_id', $user->id, PDO::PARAM_STR);
        $stmt->bindValue(':method', $method, PDO::PARAM_STR);
        $stmt->bindValue(':image_url', $filename, PDO::PARAM_STR);
        $stmt->bindValue(':title', $title, PDO::PARAM_STR);
        $stmt->bindValue(':price', $price, PDO::PARAM_INT);
        $stmt->bindValue(':location', $location, PDO::PARAM_STR);
        $stmt->bindValue(':description', $description, PDO::PARAM_STR);
        $stmt->bindValue(':categories', $categories, PDO::PARAM_STR);
        $stmt->execute();
    }
    // Sets each variable for future use in the following 'if else' logic tree.
    $errorArray = [''];
    $formMethod = '';
    $formImage = '';
    $formTitle = '';
    $formPrice = '';
    $formLoc = '';
    $formDes = '';
    $formAdId = '';
    $formCat = [''];
    $yellow = false;
    // If an ad is selected for editing, then this will populate each input with the ad's data from the ads table.
    // If no ad is selected, such as landing on the page at first or trying to submit an empty form, the else on line 152 will display.
    if (isset($_POST['ad_to_edit'])) {
        $errorArray = ['Make your edits.'];
        $yellow = true;
        $formMethod = $adToEditObj->method;
        $formImage = $adToEditObj->image_url;
        $formTitle = $adToEditObj->title;
        $formPrice = $adToEditObj->price;
        $formLoc = $adToEditObj->location;
        $formDes = $adToEditObj->description;
        $formCat = explode(', ', $adToEditObj->categories);
        $formAdId = $adToEdit;
    } else {
        $errorArray = ['Please select an ad to edit.'];
    }
    // If none of these are set in the $_POST, then nothing happens. This is the outer most if.
    // If these are empty, then the else on line 173 is tripped. Inner if/else on lines 158 and 173.
    // If these have values, updateAd runs. Line 159.
    // If no errors are tripped then if on line 161 trips and the ad is edited.
    // If errors are tripped, then else on line 163 trips and the errors are displayed and the form is sticky.
    if (Input::has('method') && Input::has('image_url') && Input::has('title') && Input::has('price') && Input::has('location') && Input::has('description')) {
        if (Input::notEmpty('method') && Input::notEmpty('image_url') && Input::notEmpty('title') && Input::notEmpty('price') && Input::notEmpty('location') && Input::notEmpty('description') && Input::notEmpty('categories')) {
            $errorArray = updateAd($dbc, $user);
            if ($errorArray == []) {
                $errorArray = ['Ad Editted!'];
            } else {
                $formMethod = Input::get('method');
                $formImage = Input::get('image_url');
                $formTitle = Input::get('title');
                $formPrice = Input::get('price');
                $formLoc = Input::get('location');
                $formDes = Input::get('description');
                $formAdId = Input::get('adid');
                $formCat = Input::get('categories');
            }
        } else {
            $errorArray = ['Please submit values for each data field.'];
            $yellow = true;
            $formMethod = Input::get('method');
            $formImage = Input::get('image_url');
            $formTitle = Input::get('title');
            $formPrice = Input::get('price');
            $formLoc = Input::get('location');
            $formDes = Input::get('description');
            $formAdId = Input::get('adid');
            $formCat = Input::get('categories');
        }
    }
    return array('user' => $user, 'userAds' => $userAds, 'errorArray' => $errorArray, 'yellow' => $yellow, 'formMethod' => $formMethod, 'formImage' => $formImage, 'formTitle' => $formTitle, 'formPrice' => $formPrice, 'formLoc' => $formLoc, 'formDes' => $formDes, 'formAdId' => $formAdId, 'formCat' => $formCat, 'justCategoriesArrayUnique' => $justCategoriesArrayUnique, 'loginstatus' => $loginstatus);
}