public function save()
{
$stmt = CW::$app->db->executeQuery("SELECT `password` FROM `users` WHERE `id` = {$this->userId}");
$result = $stmt->fetchAll(\PDO::FETCH_ASSOC);
$oldPass = 0 < count($result) ? $result[0]['password'] : null;
if (null === $oldPass) {
return false;
}
if ($this->newPassword === $this->confirmPassword && Security::verifyHash($this->oldPassword, $oldPass)) {
$stmt = CW::$app->db->prepare("UPDATE `users` SET `password` = :newPassword WHERE `id` = :userId");
return $stmt->execute([':newPassword' => Security::hash($this->newPassword), ':userId' => $this->userId]);
}
return false;
}
public function signUp($username, $email, $password)
{
$stmt = \CW::$app->db->prepare("INSERT INTO `users` (`username`, `password`, `email`) VALUES (:username, :password, :email)");
return $stmt->execute([':username' => $username, ':password' => \components\Security::hash($password), ':email' => $email]);
}
<?php
use models\Update;
use components\UrlManager;
use components\helpers\ArrayHelper;
$categoryName = CW::$app->request->get('category');
$type = CW::$app->request->get('type');
if (!Update::isValidType($type) && \components\web\Controller::DEFAULT_ACTION === $action && App::DEFAULT_CONTROLLER === $controller) {
$type = Update::TYPE_FRESH;
}
$csrfHash = isset($_SESSION['_csrf']) ? \components\Security::hash($_SESSION['_csrf']) : null;
?>
<!DOCTYPE html>
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="/js/app.js"></script>
<script src="http://masonry.desandro.com/masonry.pkgd.js"></script>
<link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css">
<link href="/css/app.css" rel="stylesheet" type="text/css">
<link rel="shortcut icon" href="/images/logo.ico">
<title><?php
echo $view->title;
?>
</title>
<?php
foreach ($view->getLinks() as $link) {
echo '<link ' . ArrayHelper::getArrayToString($link, ' ', function ($v, $k) {
return "\"{$k}\"=\"{$v}\"";
public function dispatch($route)
{
if (is_string($route)) {
$route = $this->getPath($route);
}
$contrId = $contrName = $route['contr'];
$contrName[0] = chr(ord($contrName) ^ 32);
$action = $actionName = $route['action'];
$actionName[0] = chr(ord($actionName) ^ 32);
$controllerClass = "controllers\\{$contrName}Controller";
$classPath = CW::$app->params['sitePath'] . str_replace('\\', '/', $controllerClass) . '.php';
if (!file_exists($classPath)) {
throw new NotFoundException();
}
$controllerClass = "\\{$controllerClass}";
$this->controllerInst = new $controllerClass($contrId, $action);
$actionMethod = "do{$actionName}";
if (!$this->controllerInst->hasMethod($actionMethod)) {
throw new NotFoundException();
}
$rules = $this->controllerInst->rules();
$actionRules = isset($rules[$action]) ? $rules[$action] : (isset($rules['*']) ? $rules['*'] : null);
if (null !== $actionRules) {
if (isset($actionRules['response_type'])) {
$this->controllerInst->responseType = $actionRules['response_type'];
$this->response->setContentType($actionRules['response_type']);
}
if (isset($actionRules['methods']) && !in_array(strtolower($_SERVER['REQUEST_METHOD']), $actionRules['methods'])) {
throw new WrongMethodException();
}
if (isset($actionRules['roles']) && in_array(Controller::REQUIRED_LOGIN, $actionRules['roles']) && !$this->user->inRole($actionRules['roles'])) {
if (!$this->request->isAjax()) {
$this->controllerInst->forward('site/login');
return;
}
throw new ForbiddenException();
}
}
$this->controllerInst->beforeAction($action);
if ($this->controllerInst->hasCsrfValidation && (!$this->request->param('_csrf') || !Security::verifyHash($_SESSION['_csrf'], $this->request->param('_csrf')))) {
throw new ForbiddenException();
}
$view = $this->controllerInst->{$actionMethod}();
$this->renderView($view, $action, $contrName);
}
?>
[tags][]" value="<?php
echo $tag;
?>
">
<span onclick="removeEle(this.parentNode)">x</span>
</span>
<?php
}
?>
</div>
<div id="tags-error"style="margin-top: 5px; color: red;">
<?php
echo $model->getError('tags');
?>
</div>
</div>
<input type="hidden" name="_csrf" value="<?php
echo \components\Security::hash($_SESSION['_csrf']);
?>
">
<input type="submit" value="create update" class="submit-btn" style="margin-top: 10px;">
</form>
</div>
<?php
}
?>
</div>
public function endForm()
{
if ('post' === strtolower($this->method) && isset($_SESSION['_csrf'])) {
echo sprintf('<input type="hidden" name="%s" value="%s">', '_csrf', \components\Security::hash($_SESSION['_csrf']));
}
echo '</form>';
$jsValidation = '';
foreach ($this->jsValidators as $v) {
$jsValidation .= "{$v}\n";
}
$jsFieldValidators = '';
foreach ($this->jsOnChangeValidators as $v) {
$jsFieldValidators .= "{$v}\n";
}
echo <<<JS
<script>
\$(function() {
function showError(jqEle, message) {
jqEle.css({'display' : 'block'});
jqEle.html(message);
}
function hideError(jqEle) {
jqEle.css({'display' : 'none'});
}
\$("#{$this->id}").on("submit", function() {
{$jsValidation}
return true;
});
{$jsFieldValidators}
});
</script>
JS;
return ob_get_clean();
}