public function save()
 {
     $stmt = CW::$app->db->executeQuery("SELECT `password` FROM `users` WHERE `id` = {$this->userId}");
     $result = $stmt->fetchAll(\PDO::FETCH_ASSOC);
     $oldPass = 0 < count($result) ? $result[0]['password'] : null;
     if (null === $oldPass) {
         return false;
     }
     if ($this->newPassword === $this->confirmPassword && Security::verifyHash($this->oldPassword, $oldPass)) {
         $stmt = CW::$app->db->prepare("UPDATE `users` SET `password` = :newPassword WHERE `id` = :userId");
         return $stmt->execute([':newPassword' => Security::hash($this->newPassword), ':userId' => $this->userId]);
     }
     return false;
 }
Exemple #2
0
 public function signUp($username, $email, $password)
 {
     $stmt = \CW::$app->db->prepare("INSERT INTO `users` (`username`, `password`, `email`) VALUES (:username, :password, :email)");
     return $stmt->execute([':username' => $username, ':password' => \components\Security::hash($password), ':email' => $email]);
 }
Exemple #3
0
<?php

use models\Update;
use components\UrlManager;
use components\helpers\ArrayHelper;
$categoryName = CW::$app->request->get('category');
$type = CW::$app->request->get('type');
if (!Update::isValidType($type) && \components\web\Controller::DEFAULT_ACTION === $action && App::DEFAULT_CONTROLLER === $controller) {
    $type = Update::TYPE_FRESH;
}
$csrfHash = isset($_SESSION['_csrf']) ? \components\Security::hash($_SESSION['_csrf']) : null;
?>
<!DOCTYPE html>
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="/js/app.js"></script>
<script src="http://masonry.desandro.com/masonry.pkgd.js"></script>

<link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css">
<link href="/css/app.css" rel="stylesheet" type="text/css">
<link rel="shortcut icon" href="/images/logo.ico">

<title><?php 
echo $view->title;
?>
</title>
<?php 
foreach ($view->getLinks() as $link) {
    echo '<link ' . ArrayHelper::getArrayToString($link, ' ', function ($v, $k) {
        return "\"{$k}\"=\"{$v}\"";
Exemple #4
0
 public function dispatch($route)
 {
     if (is_string($route)) {
         $route = $this->getPath($route);
     }
     $contrId = $contrName = $route['contr'];
     $contrName[0] = chr(ord($contrName) ^ 32);
     $action = $actionName = $route['action'];
     $actionName[0] = chr(ord($actionName) ^ 32);
     $controllerClass = "controllers\\{$contrName}Controller";
     $classPath = CW::$app->params['sitePath'] . str_replace('\\', '/', $controllerClass) . '.php';
     if (!file_exists($classPath)) {
         throw new NotFoundException();
     }
     $controllerClass = "\\{$controllerClass}";
     $this->controllerInst = new $controllerClass($contrId, $action);
     $actionMethod = "do{$actionName}";
     if (!$this->controllerInst->hasMethod($actionMethod)) {
         throw new NotFoundException();
     }
     $rules = $this->controllerInst->rules();
     $actionRules = isset($rules[$action]) ? $rules[$action] : (isset($rules['*']) ? $rules['*'] : null);
     if (null !== $actionRules) {
         if (isset($actionRules['response_type'])) {
             $this->controllerInst->responseType = $actionRules['response_type'];
             $this->response->setContentType($actionRules['response_type']);
         }
         if (isset($actionRules['methods']) && !in_array(strtolower($_SERVER['REQUEST_METHOD']), $actionRules['methods'])) {
             throw new WrongMethodException();
         }
         if (isset($actionRules['roles']) && in_array(Controller::REQUIRED_LOGIN, $actionRules['roles']) && !$this->user->inRole($actionRules['roles'])) {
             if (!$this->request->isAjax()) {
                 $this->controllerInst->forward('site/login');
                 return;
             }
             throw new ForbiddenException();
         }
     }
     $this->controllerInst->beforeAction($action);
     if ($this->controllerInst->hasCsrfValidation && (!$this->request->param('_csrf') || !Security::verifyHash($_SESSION['_csrf'], $this->request->param('_csrf')))) {
         throw new ForbiddenException();
     }
     $view = $this->controllerInst->{$actionMethod}();
     $this->renderView($view, $action, $contrName);
 }
Exemple #5
0
        ?>
[tags][]" value="<?php 
        echo $tag;
        ?>
">
                        <span onclick="removeEle(this.parentNode)">x</span>
                    </span>
                    <?php 
    }
    ?>
                </div>
                <div id="tags-error"style="margin-top: 5px; color: red;">
                    <?php 
    echo $model->getError('tags');
    ?>
                </div>
            </div>

        <input type="hidden" name="_csrf" value="<?php 
    echo \components\Security::hash($_SESSION['_csrf']);
    ?>
">
        <input type="submit" value="create update" class="submit-btn" style="margin-top: 10px;">
    </form>
    </div>

    <?php 
}
?>
</div>
Exemple #6
0
    public function endForm()
    {
        if ('post' === strtolower($this->method) && isset($_SESSION['_csrf'])) {
            echo sprintf('<input type="hidden" name="%s" value="%s">', '_csrf', \components\Security::hash($_SESSION['_csrf']));
        }
        echo '</form>';
        $jsValidation = '';
        foreach ($this->jsValidators as $v) {
            $jsValidation .= "{$v}\n";
        }
        $jsFieldValidators = '';
        foreach ($this->jsOnChangeValidators as $v) {
            $jsFieldValidators .= "{$v}\n";
        }
        echo <<<JS
        <script>
        \$(function() {
            function showError(jqEle, message) {
                jqEle.css({'display' : 'block'});
                jqEle.html(message);
            }
            function hideError(jqEle) {
                jqEle.css({'display' : 'none'});
            }
            \$("#{$this->id}").on("submit", function() {
                {$jsValidation}
                return true;
            });
                    
            {$jsFieldValidators}
        });
        </script>
JS;
        return ob_get_clean();
    }