/**
* Run method with main page logic
*
* Populate template and display confirmation for profile deletion. For POST requests,
* check user credentials, check if profile exists and then delete entry from database.
* Available to admins only
* @access public
*/
public function run()
{
$session = Session::getInstance();
$user = $session->getUser();
if ($user == null || !$user->isAdmin()) {
$session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR);
header("Location: " . BASE_URL);
return;
}
$userDAO = UserDAO::getInstance();
$delete_user = null;
$form_errors = array();
$form_values = array("id" => "");
if (!empty($_POST)) {
$id = isset($_POST["id"]) ? trim($_POST["id"]) : "";
if (empty($id)) {
header("Location: " . BASE_URL);
return;
} else {
if (is_numeric($id)) {
$delete_user = $userDAO->load($id);
if ($delete_user) {
if ($userDAO->delete($delete_user)) {
$session->setMessage("User deleted");
header("Location: " . BASE_URL);
return;
} else {
$session->setMessage("Could not delete user", Session::MESSAGE_ERROR);
}
}
}
}
} else {
if (!empty($_GET)) {
$id = isset($_GET["id"]) ? trim($_GET["id"]) : "";
if (empty($id)) {
header("Location: " . BASE_URL);
return;
} else {
if (is_numeric($id)) {
$delete_user = $userDAO->load($id);
if ($delete_user) {
$form_values["id"] = $delete_user->getId();
}
}
}
} else {
header("Location: " . BASE_URL);
return;
}
}
$this->template->render(array("title" => "Delete Profile", "main_page" => "delete_profile_tpl.php", "user" => $user, "session" => $session, "delete_user" => $delete_user, "form_errors" => $form_errors, "form_values" => $form_values));
}
/**
* Run method with main page logic
*
* Populate template and display login form. For POST requests,
* check if a user exists with the specified password, and enter user id into session if login is valid.
* @access public
*/
public function run()
{
$form_errors = array();
$form_values = array("username" => "", "password" => "");
$session = Session::getInstance();
$user = $session->getUser();
if ($user != null) {
$session->setMessage("You are already logged in", Session::MESSAGE_ERROR);
header("Location: " . BASE_URL);
return;
}
// Check if form data is being passed
if (!empty($_POST)) {
$form_values["username"] = isset($_POST["username"]) ? trim($_POST["username"]) : "";
$form_values["password"] = isset($_POST["password"]) ? trim($_POST["password"]) : "";
$password = sha1($form_values["password"]);
if (empty($form_values["username"])) {
$form_errors["username"] = "******";
}
if (empty($form_values["password"])) {
$form_errors["password"] = "******";
}
if (empty($form_errors["username"])) {
$userDAO = UserDAO::getInstance();
$user = $userDAO->loadByUsername($form_values["username"]);
if ($user && $user->getStatus() == User::STATUS_OK) {
if (strcmp($user->getPasshash(), $password) != 0) {
$form_errors["username"] = "******";
}
} else {
if ($user && $user->getStatus() == User::STATUS_NEEDADMIN) {
$form_errors["username"] = "******";
} else {
$form_errors["username"] = "******";
}
}
}
if (empty($form_errors)) {
$session->setUser($user);
$session->setMessage("Welcome, {$user->getUsername()}");
header("Location: " . BASE_URL);
return;
}
}
$user = $session->getUser();
$this->template->render(array("main_page" => "login_tpl.php", "title" => "Login", "user" => $user, "form_values" => $form_values, "form_errors" => $form_errors));
}
/**
* Run method with main page logic
*
* Populate template and read in list of users in the database. Allow filtering by online identity
* and by the first letter of a user name. Display list in the page.
* Available to members only
* @access public
*/
public function run()
{
$PAGINATION_LIMIT = 10;
$session = Session::getInstance();
$user = $session->getUser();
if (!$user || !$user->validUser()) {
$session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR);
header("Location: " . BASE_URL);
return;
}
$page = isset($_GET["page"]) && is_numeric($_GET["page"]) ? intval($_GET["page"]) : 1;
if ($page < 1) {
$page = 1;
}
$userDAO = UserDAO::getInstance();
$user_array = $paginator_page = null;
$form_values = array("identity" => "", "startswith" => "");
$form_values["identity"] = $identity = isset($_GET["identity"]) ? trim($_GET["identity"]) : "";
$form_values["startswith"] = isset($_GET["startswith"]) ? trim($_GET["startswith"]) : "";
$identity_array = array("steam", "xbox", "psn", "wii");
$queryVars = array();
if ($identity) {
$found = false;
for ($i = 0; $i < count($identity_array) && !$found; $i++) {
if (strcmp($identity, $identity_array[$i]) == 0) {
$paginator = new Paginator($userDAO->countIdentity($identity), $PAGINATION_LIMIT);
$paginator_page = $paginator->getPage($page);
$user_array = $userDAO->allByIdentity($identity, array("limit" => $paginator_page, "order" => "userName ASC"));
$found = true;
}
}
$queryVars["identity"] = $form_values["identity"];
} else {
if (!empty($form_values["startswith"]) && preg_match("/^[a-z]/", $form_values["startswith"])) {
$paginator = new Paginator($userDAO->countLetter($form_values["startswith"]), $PAGINATION_LIMIT);
$paginator_page = $paginator->getPage($page);
$user_array = $userDAO->allByLetter($form_values["startswith"], array("limit" => $paginator_page, "order" => "userName ASC"));
$queryVars["startswith"] = $form_values["startswith"];
} else {
$paginator = new Paginator($userDAO->count(), $PAGINATION_LIMIT);
$paginator_page = $paginator->getPage($page);
$user_array = $userDAO->all(array("limit" => $paginator_page, "order" => "userName ASC"));
}
}
$this->template->render(array("title" => "View Userlist", "main_page" => "user_list_tpl.php", "user_array" => $user_array, "session" => $session, "paginator_page" => $paginator_page, "form_values" => $form_values, "queryVars" => $queryVars));
}
/**
* Run method with main page logic
*
* Read in the specified profile from the database. Check if the current visitor is a valid user
* and redirect if the user is not. If the user is valid,
* populate template and display profile details in the page. Available to members only
* @access public
*/
public function run()
{
$session = Session::getInstance();
$user = $session->getUser();
// Check for a valid user
if ($user == null || !$user->validUser()) {
$session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR);
header("Location: " . BASE_URL);
return;
}
$userDAO = UserDAO::getInstance();
$user = null;
$title = "";
if (!empty($_GET["id"]) && is_numeric($_GET["id"])) {
$user_id = intval($_GET["id"]);
$user = $userDAO->load($user_id);
if ($user) {
$title .= " - {$user->getUserName()}";
}
}
$this->template->render(array("title" => "View Profile" . $title, "main_page" => "view_profile_tpl.php", "user" => $user, "session" => $session));
}
/**
* Helper method used with various public load methods. Used to load an instance of an Photo entity using the built strings of a query as specified in the caller method
*
* @access private
* @param array $options (Optional) Read documentation on parseOptions for details
* @return Photo
*/
private function loadGeneral($options = null)
{
$albumDAO = AlbumDAO::getInstance();
$userDAO = UserDAO::getInstance();
$this->resetQueryStrings();
$this->select_columns = array_merge($this->select_columns, $this->buildColumnArray());
if (is_array($options)) {
$this->parseOptions($options);
}
$query = "SELECT " . $this->query_select . " FROM " . $this->tableName . " " . $this->query_joins . " " . $this->query_where . " " . $this->query_order . " LIMIT 1";
//echo $query;
$stmt = self::$dbh->prepare($query);
if (!empty($this->query_params)) {
$stmt->execute($this->query_params);
} else {
$stmt->execute();
}
$result = $stmt->fetch(PDO::FETCH_NUM);
if (!$result) {
return null;
}
$photo = new Photo();
$row = array_combine($this->select_columns, $result);
$temp_array = $this->stripPrefixArray($row);
$this->populateObject($photo, $temp_array);
if ($this->joins) {
$album = new Album();
$temp_array = $albumDAO->stripPrefixArray($row);
$userDAO->populateObject($album, $temp_array);
$photo->album = $album;
//print_r ($event);
}
return $photo;
}
/**
* Run method with main page logic
*
* Populate template and display form for registration. For POST requests, check if the user
* already exists. If not, create new User and AuthToken entries and send an email notification to the user
* @access public
*/
public function run()
{
$form_errors = array();
$form_values = array("username" => "", "password" => "", "password2" => "", "ulid" => "");
$session = Session::getInstance();
$user = $session->getUser();
// Session should not have a defined user
if ($user != null) {
$session->setMessage("You are already a user", Session::MESSAGE_ERROR);
header("Location: " . BASE_URL);
return;
}
if (!empty($_POST)) {
$form_values["username"] = isset($_POST["username"]) ? trim($_POST["username"]) : "";
$form_values["password"] = isset($_POST["password"]) ? trim($_POST["password"]) : "";
$form_values["password2"] = isset($_POST["password2"]) ? trim($_POST["password2"]) : "";
$form_values["ulid"] = isset($_POST["ulid"]) ? trim($_POST["ulid"]) : "";
if (empty($form_values["username"])) {
$form_errors["username"] = "******";
}
if (empty($form_values["password"])) {
$form_errors["password"] = "******";
}
if (empty($form_values["password2"])) {
$form_errors["password"] = "******";
}
if (empty($form_values["ulid"])) {
$form_errors["ulid"] = "No ulid specified";
} else {
if (!preg_match("/[a-z]{5,7}/", $form_values["ulid"])) {
$form_errors["ulid"] = "Ulid is not in the proper format.";
}
}
$userDAO = UserDAO::getInstance();
$user = $userDAO->loadByUsername($form_values["username"]);
// User already exists
if ($user != null) {
$form_errors["username"] = "******";
}
if (strcmp($form_values["password"], $form_values["password2"]) != 0) {
$form_errors["password"] = "******";
}
$user = $userDAO->loadByUlid($form_values["ulid"]);
// User already exists
if ($user != null) {
$form_errors["ulid"] = "Ulid is already registered";
}
if (empty($form_errors)) {
$user = new User();
$user->setUsername($form_values["username"]);
$user->setPassHash(sha1($form_values["password"]));
$user->setUlid($form_values["ulid"]);
$status = $userDAO->insert($user);
if ($status) {
$token = new AuthToken();
$token->setUser($user);
$tokenDAO = AuthTokenDAO::getInstance();
$status = $tokenDAO->insert($token);
if ($status) {
$session->setMessage("Registration started. Check your email for a message to continue");
if (defined("SMTP_HOST") && strcmp(SMTP_HOST, "") != 0) {
$from_addr = EMAIL_ADDRESS;
//$to = "*****@*****.**";
$to = "{$form_values["ulid"]}@" . User::ISU_EMAIL_DOMAIN;
$subject = "Verify registration with " . SITE_NAME;
$body = "To start the next step of the registration process, click the verify link below and enter the requested information. If the URL does not appear as a link, copy the URL, paste it into your browser's address bar and proceed to the web page.\n\n" . joinPath(BASE_URL, "verify.php") . "?token={$token->getToken()}\n";
$headers = array("From" => $from_addr, "To" => $to, "Subject" => $subject);
$stmp = Mail::factory("smtp", array("host" => SMTP_HOST, "auth" => true, "username" => SMTP_USERNAME, "password" => SMTP_PASSWORD));
$mail = $stmp->send($to, $headers, $body);
}
header("Location: " . BASE_URL);
return;
}
}
}
}
$user = $session->getUser();
$this->template->render(array("title" => "Register", "main_page" => "register_tpl.php", "user" => $user, "session" => $session, "form_errors" => $form_errors, "form_values" => $form_values));
}
/**
* Run method with main page logic
*
* Display a form for a user to confirm his/her user identity that was previously stored in the
* database. For POST requests, check that an AuthToken exists and that the user credentials entered in
* the form match the credentials of the user stored in the database. If true,
* alter the user's status to NEEDADMIN and make a session message indicating the next step in the process.
* @access public
*/
public function run()
{
$session = Session::getInstance();
// Session should not have a defined user
if ($session->getUser() != null) {
$session->setMessage("You are already a user", Session::MESSAGE_ERROR);
header("Location: " . BASE_URL);
return;
}
$form_errors = array();
$form_values = array("username" => "", "password" => "", "token" => "");
$tokenDAO = AuthTokenDAO::getInstance();
// Do garbage collection on token table
//$tokenDAO->garbageCollect ();
//return;
// Register form
if (!empty($_POST)) {
$form_values["username"] = isset($_POST["username"]) ? trim($_POST["username"]) : "";
$form_values["password"] = isset($_POST["password"]) ? trim($_POST["password"]) : "";
$form_values["token"] = isset($_POST["token"]) ? trim($_POST["token"]) : "";
if (empty($form_values["username"])) {
$form_errors["username"] = "******";
}
if (empty($form_values["password"])) {
$form_errors["password"] = "******";
}
if (empty($form_values["token"])) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
}
$token = $tokenDAO->loadByToken($form_values["token"], array("joins" => true));
// No corresponding token exists
if ($token == null) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
} else {
if ($token->getExpireTime() < time() - AuthToken::MAX_EXPIRE) {
$userDAO->delete($token->getUser());
$tokenDAO->delete($token);
$session->setMessage("Token has expired. Profile has been deleted");
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
}
}
// Check password and status of pending user
$user = $token->getUser();
$pass_hash = sha1($form_values["password"]);
if (strcmp($user->getUsername(), $form_values["username"]) != 0) {
$form_errors["username"] = "******";
} else {
if (strcmp($user->getPasshash(), $pass_hash) != 0) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
} else {
if ($user->getStatus() == User::STATUS_OK) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
}
}
}
// Form and token are valid. Change user status
if (empty($form_errors)) {
$user->setStatus(User::STATUS_NEEDADMIN);
$user->setUserType(User::REGUSER_TYPE);
$userDAO = UserDAO::getInstance();
if (!$userDAO->save($user)) {
$session->setMessage("Could not alter profile");
} else {
//$session->setUser ($user);
$session->setMessage("Now awaiting admin approval");
$tokenDAO->delete($token);
}
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
}
} else {
if (!empty($_GET)) {
$token_string = isset($_GET["token"]) ? trim($_GET["token"]) : "";
$form_values["token"] = $token_string;
if (empty($token_string)) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
} else {
$token = $tokenDAO->loadByToken($token_string, array("joins" => true));
// Token does not exist. Redirect
if ($token == null) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
} else {
if ($token->getUser()->getStatus() != User::STATUS_PENDING) {
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
} else {
if ($token->getExpireTime() < time() - AuthToken::MAX_EXPIRE) {
$userDAO->delete($token->getUser());
$tokenDAO->delete($token);
$session->setMessage("Token has expired. Profile has been deleted", Session::MESSAGE_ERROR);
$tokenDAO->garbageCollect();
header("Location: " . BASE_URL);
return;
}
}
}
}
} else {
header("Location: " . BASE_URL);
return;
}
}
// Do garbage collection on token table
$tokenDAO->garbageCollect();
$this->template->render(array("title" => "Verify Account", "main_page" => "verify_tpl.php", "form_values" => $form_values, "form_errors" => $form_errors));
}
/**
* Create a Session by reading variables from the $_SESSION superglobal
* and populate data such as a User object
*
* @access protected
*/
private function createSession()
{
@session_start();
if (isset($_SESSION["userId"]) && $_SESSION["userId"] != User::NULL_TYPE) {
$userDAO = UserDAO::getInstance();
$user = $userDAO->load($_SESSION["userId"]);
if ($user != null) {
$this->user = $user;
}
}
if (isset($_SESSION["message"])) {
$this->message = $_SESSION["message"];
}
if (isset($_SESSION["data"])) {
$this->data = unserialize($_SESSION["data"]);
}
if (isset($_SESSION["message_type"])) {
$this->setMessageType($_SESSION["message_type"]);
}
}
/**
* Parse the options array for limit clauses and order by clauses. The valid keys and value types are specified below.
* limit - Page object. Will take values from a Paginator Page object and
* set LIMIT and OFFSET portions of database query accordingly
*
* joins - bool. If true, an INNER JOIN will be done to retrieve the
* User associated with the article
*
* order - string. Concatenate string with ORDER BY operator
* @access private
* @param array &$options
*/
protected function parseOptions(&$options)
{
if (!is_array($options)) {
throw new InvalidArgumentException("Options for a database access function must be in an array");
}
if (array_key_exists("limit", $options) && $options["limit"] instanceof Page) {
$this->query_limit .= $this->getLimitClause($options["limit"]);
}
if (array_key_exists("joins", $options) && $options["joins"] == true) {
$userDAO = UserDAO::getInstance();
$this->query_select .= ", " . $userDAO->buildColumnString();
$this->query_joins .= "INNER JOIN (" . $userDAO->getTableName() . ") ON (" . $userDAO->getTableName() . ".id = " . $this->getTableName() . ".userId)";
$this->select_columns = array_merge($this->select_columns, $userDAO->buildColumnArray());
$this->joins = true;
}
if (array_key_exists("order", $options) && is_string($options["order"])) {
// Reference to article member
if (strpos($options["order"], ".") === false) {
$this->query_order = "ORDER BY " . $this->tableName . "." . $options["order"];
} else {
if (strpos($options["order"], "users.") === 0 && $this->joins) {
$this->query_order = "ORDER BY " . $options["order"];
} else {
$this->query_order = "ORDER BY " . $options["order"];
}
}
// else {
// throw new InvalidArgumentException ("Invalid configuration for order option");
// }
}
}
/**
* inicia interloginnte a DAO
* @return void
*/
public function startDAO()
{
$this->DAO = UserDAO::getInstance();
}
/**
* Run method with main page logic
*
* Populate template and display form for editing an profile entry. For POST requests,
* check user credentials, check if profile exists and then update entry in database.
* Available to members only
* @access public
*/
public function run()
{
$session = Session::getInstance();
$user = $session->getUser();
if ($user == null || !$user->validUser()) {
$session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR);
header("Location: " . BASE_URL);
return;
}
$userDAO = UserDAO::getInstance();
$alter_user = null;
$form_errors = array();
$form_values = array("id" => "", "password" => "", "password2" => "", "status" => "", "usertype" => "", "steamId" => "", "xboxId" => "", "psnId" => "", "wiiId" => "");
// Check form
if (!empty($_POST)) {
$form_values["id"] = isset($_POST["id"]) ? trim($_POST["id"]) : "";
$form_values["password"] = isset($_POST["password"]) ? trim($_POST["password"]) : "";
$form_values["password2"] = isset($_POST["password2"]) ? trim($_POST["password2"]) : "";
$form_values["status"] = isset($_POST["status"]) ? trim($_POST["status"]) : "";
$form_values["usertype"] = isset($_POST["usertype"]) ? trim($_POST["usertype"]) : "";
$form_values["steamId"] = isset($_POST["steamId"]) ? trim($_POST["steamId"]) : "";
$form_values["xboxId"] = isset($_POST["xboxId"]) ? trim($_POST["xboxId"]) : "";
$form_values["psnId"] = isset($_POST["psnId"]) ? trim($_POST["psnId"]) : "";
$form_values["wiiId"] = isset($_POST["wiiId"]) ? trim($_POST["wiiId"]) : "";
if (empty($form_values["id"])) {
$form_errors["id"] = "User id not set";
}
if (empty($form_values["password"]) && empty($form_values["password2"])) {
} else {
if (empty($form_values["password"])) {
$form_errors["password"] = "******";
} else {
if (empty($form_values["password2"])) {
$form_errors["password"] = "******";
} else {
if (strcmp($form_values["password"], $form_values["password2"]) != 0) {
$form_errors["password"] = "******";
$form_values["password2"] = "";
}
}
}
}
if ($user->isAdmin() && !empty($form_values["status"])) {
if (!is_numeric($form_values["status"])) {
$form_errors["status"] = "Status must be a number";
} else {
$status = intval($form_values["status"]);
$tmp = new User();
try {
$tmp->setUserType($status);
} catch (InvalidUserTypeException $e) {
$form_errors["status"] = "Invalid value for status";
}
}
} else {
if ($user->isAdmin() && empty($form_values["status"])) {
$form_errors["status"] = "Status not defined";
}
}
if ($user->isAdmin() && !empty($form_values["usertype"])) {
if (!is_numeric($form_values["usertype"])) {
$form_errors["usertype"] = "Status must be a number";
}
$tmp = new User();
try {
$tmp->setUserType($status);
} catch (InvalidStatusException $e) {
$form_errors["usertype"] = "Invalid value for status";
}
} else {
if ($user->isAdmin() && !empty($form_values["usertype"])) {
$form_errors["usertype"] = "Type not defined";
}
}
// Regular expression check for identities
if (!empty($form_values["steamId"])) {
if (strlen($form_values["steamId"]) > 20) {
$form_errors["steamId"] = "Steam ID too long";
} else {
if (!preg_match("/^([A-Za-z0-9_]{3,20})\$/", $form_values["steamId"])) {
$form_errors["steamId"] = "Steam ID is not valid";
}
}
}
if (!empty($form_values["xboxId"])) {
if (strlen($form_values["xboxId"]) > 15) {
$form_errors["xboxId"] = "Xbox gamertag too long";
} else {
if (!preg_match("/^[A-Za-z0-9 ]{3,15}\$/", $form_values["xboxId"])) {
$form_errors["xboxId"] = "Xbox gamertag is not valid";
}
}
}
if (!empty($form_values["psnId"])) {
if (strlen($form_values["psnId"]) > 16) {
$form_errors["psnId"] = "PSN ID too long";
} else {
if (!preg_match("/^([A-Za-z0-9-_]+){3,16}\$/", $form_values["psnId"])) {
$form_errors["psnId"] = "PSN ID is not valid";
}
}
}
if (!empty($form_values["wiiId"])) {
if (strlen($form_values["wiiId"]) > 20) {
$form_errors["wiiId"] = "Steam Id too long";
} else {
if (!preg_match("/^([0-9]{4}[- ][0-9]{4}[- ][0-9]{4}[- ][0-9]{4})\$/", $form_values["wiiId"])) {
$form_errors["wiiId"] = "Wii Friend Code is not valid";
}
}
}
// No errors found
if (empty($form_errors)) {
// Status call not done
$alter_user = $userDAO->load($form_values["id"]);
if ($alter_user != null) {
if ($session->getUser()->isAdmin() || $alter_user->getId() == $session->getUser()->id) {
if (!empty($form_values["password"])) {
$alter_user->setPassHash(sha1($form_values["password"]));
}
if (!empty($form_values["status"])) {
$alter_user->setStatus(intval($form_values["status"]));
}
if (!empty($form_values["usertype"])) {
$alter_user->setUserType(intval($form_values["usertype"]));
}
if (!empty($form_values["steamId"])) {
$alter_user->setSteamId($form_values["steamId"]);
}
if (!empty($form_values["xboxId"])) {
$alter_user->setXboxId($form_values["xboxId"]);
}
if (!empty($form_values["psnId"])) {
$alter_user->setPsnId($form_values["psnId"]);
}
if (!empty($form_values["wiiId"])) {
$alter_user->setWiiId($form_values["wiiId"]);
}
// Save profile
if ($userDAO->save($alter_user)) {
$session->setMessage("User profile altered");
header("Location: {$_SERVER["PHP_SELF"]}?id={$alter_user->id}");
return;
} else {
$session->setMessage("User profile not altered", Session::MESSAGE_ERROR);
}
} else {
header("Location: " . BASE_URL);
return;
}
}
} else {
if (empty($form_errors["id"])) {
$alter_user = $userDAO->load($form_values["id"]);
}
}
} else {
if (!empty($_GET)) {
$form_values["id"] = isset($_GET["id"]) ? trim($_GET["id"]) : "";
if (empty($form_values["id"])) {
$form_errors["id"] = "User id not set";
}
if (empty($form_errors)) {
$alter_user = $userDAO->load($form_values["id"]);
// Value is null so user does not exist. Allow null to be passed to template
if (!$alter_user) {
} else {
if ($session->getUser()->isAdmin()) {
$form_values["steamId"] = $alter_user->getSteamId();
$form_values["xboxId"] = $alter_user->getXboxId();
$form_values["psnId"] = $alter_user->getPsnId();
$form_values["wiiId"] = $alter_user->getWiiId();
} else {
if (!$session->getUser()->isAdmin() && $alter_user->getId() != $session->getUser()->getId()) {
$session->setMessage("Do not have permission", Session::MESSAGE_ERROR);
header("Location: " . BASE_URL);
return;
} else {
$form_values["steamId"] = $alter_user->getSteamId();
$form_values["xboxId"] = $alter_user->getXboxId();
$form_values["psnId"] = $alter_user->getPsnId();
$form_values["wiiId"] = $alter_user->getWiiId();
}
}
}
}
} else {
header("Location: " . BASE_URL);
return;
}
}
$this->template->render(array("title" => "Edit Profile", "main_page" => "edit_profile_tpl.php", "session" => $session, "alter_user" => $alter_user, "form_errors" => $form_errors, "form_values" => $form_values));
}
/**
* Run method with main page logic
*
* Populate template and read in list of users in the database. Populate template and
* display an interface to administer user data for allowing bulk deletion of users, deletion of a single
* user, links to editing and viewing each user entry. Available to admins only
* Available to members only
* @access public
*/
public function run()
{
$PAGINATION_LIMIT = 10;
$session = Session::getInstance();
$user = $session->getUser();
if ($user == null || !$user->isAdmin()) {
$session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR);
header("Location: " . BASE_URL);
return;
}
$userDAO = UserDAO::getInstance();
$method = isset($_GET["users"]) ? trim($_GET["users"]) : "";
$page = isset($_GET["page"]) && is_numeric($_GET["page"]) ? intval($_GET["page"]) : 1;
if ($page < 1) {
$page = 1;
}
$action = isset($_GET["action"]) ? trim($_GET["action"]) : "";
$page = is_numeric($page) ? $page : 1;
$paginator_page = $queryVars = null;
// POST request for bulk deletion of users
if (!empty($_POST) && !empty($_POST["userids"]) && !empty($_POST["action"]) && empty($_POST["domodstatus"])) {
$action = isset($_POST["action"]) ? trim($_POST["action"]) : "";
if (!strcmp($action, "delete") == 0) {
header("Location: " . BASE_URL);
return;
}
$status = $userDAO->deleteByIds($_POST["userids"]);
if ($status) {
$session->setMessage("Selected users deleted");
header("Location: {$_SERVER["PHP_SELF"]}?users=all");
return;
} else {
$session->setMessage("Deletion failed", Session::MESSAGE_ERROR);
header("Location: {$_SERVER["PHP_SELF"]}?users=all");
return;
}
} else {
if (!empty($_GET) && !empty($_GET["userids"]) && !empty($_GET["domodstatus"])) {
$status = isset($_GET["status"]) ? trim($_GET["status"]) : "";
if (!empty($status)) {
$status = intval($status);
$tmp = new User();
try {
$tmp->setUserType($status);
} catch (InvalidUserTypeException $e) {
$session->setMessage("Invalid status choice");
header("Location: {$_SERVER["PHP_SELF"]}?users=all");
return;
}
}
$status = $userDAO->saveStatusByIds($status, $_GET["userids"]);
if ($status) {
$session->setMessage("Selected users updated");
header("Location: {$_SERVER["PHP_SELF"]}?users=all");
return;
} else {
$session->setMessage("Update failed", Session::MESSAGE_ERROR);
header("Location: {$_SERVER["PHP_SELF"]}?users=all");
return;
}
} else {
if (strcmp($action, "delete") == 0 && !empty($_GET["userids"])) {
$content_title = "Delete Users";
$user_array = $userDAO->allByIds($_GET["userids"]);
} else {
if (strcmp($method, "all") == 0) {
$count = $userDAO->count();
$paginator = new Paginator($count, $PAGINATION_LIMIT);
if ($page < 0) {
$page = 1;
}
$paginator_page = $paginator->getPage($page);
$user_array = $userDAO->all(array("limit" => $paginator_page, "order" => "userName"));
$content_title = "All Users Options";
$queryVars = array("users" => "all");
} else {
$user_array = $userDAO->allPendingUsers();
$content_title = "Pending Users Options";
}
}
}
}
$this->template->render(array("title" => "Admin - User Options", "main_page" => "user_options_tpl.php", "user" => $user, "session" => $session, "user_array" => $user_array, "content_title" => $content_title, "paginator_page" => $paginator_page, "queryVars" => $queryVars, "action" => $action));
}
public function lembrarSenha()
{
$ReturnResultVO = new ReturnResultVO();
$email = DataHandler::getValueByArrayIndex($_GET, "email");
$DAO = UserDAO::getInstance();
$ResultData = $DAO->select(UserDAO::RETURN_STD_OBJECT, $id = NULL, $active = NULL, $user_type_id = NULL, $login = NULL, $password = NULL, $email = $email);
$ReturnResultVO->success = $ResultData->success;
if ($ResultData->success) {
if (count($ResultData->result) > 0) {
$userStd = $ResultData->result[0];
//Debug::print_r($userStd);
//======
$smtp = new Smtp(Config::SYSTEM_MAIL_SMTP, 587);
$smtp->user = Config::SYSTEM_MAIL_LOGIN;
$smtp->pass = Config::SYSTEM_MAIL_PASSWORD;
ob_start();
$smtp->debug = true;
$from = Config::SYSTEM_MAIL_FROM;
$to = $VO->getEmail();
$subject = "Teto lembrar senha";
$mensagem = file_get_contents(Config::getFolderView("/templates/email_para_lembrar_senha.html"));
$mensagem = str_replace("###login", $userStd->login, $mensagem);
$mensagem = str_replace("###senha", $userStd->password, $mensagem);
$smtp->Send($to, $from, $subject, $mensagem, "text/html");
ob_end_clean();
}
}
echo $ReturnResultVO->toJson();
exit;
}
