private function validateUsername()
{
$username = $this->getElementValue('username');
if (empty($username)) {
$this->getElement('username')->setValidationError('You must enter a username.');
return;
}
try {
$this->user = User::getUser($this->getElementValue('username'));
} catch (\libAllure\UserNotFoundException $e) {
$this->setElementError('username', 'User not found');
return;
}
$sql = 'SELECT bi.id FROM basket_items bi WHERE bi.user = :user AND bi.event = :event ';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':user', $this->user->getId());
$stmt->bindValue(':event', $this->getElementValue('event'));
$stmt->execute();
if ($stmt->numRows() != 0) {
$this->setElementError('username', 'That user already has a ticket in your basket!');
return;
}
$sql = 'SELECT status FROM signups WHERE user = :user AND event = :event AND status != "SIGNEDUP" ';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':user', $this->user->getId());
$stmt->bindValue(':event', $this->getElementValue('event'));
$stmt->execute();
if ($stmt->numRows() != 0) {
$user = $stmt->fetchRow();
$this->setElementError('username', 'This user is already signed up, with status ' . $user['status']);
return;
}
}
public function validateExtended()
{
try {
$this->userId = User::getUser($this->getElementValue('username'))->getId();
} catch (Exception $e) {
$this->getElement('username')->setValidationError($e->getMessage());
}
}
public function validateExtended()
{
try {
$this->user = User::getUser($this->getElementValue('username'));
} catch (\libAllure\UserNotFoundException $e) {
$this->setElementError('username', 'User not found!');
return false;
}
return true;
}
public function validateExtended()
{
try {
$user = User::getUser($this->getElementValue('username'));
} catch (\libAllure\UserNotFoundException $e) {
$this->getElement('username')->setValidationError('Username not found');
return;
}
$this->validateSiteQuiesse($user);
$this->validateUserBan($user);
}
private function getAvailableGroups()
{
global $db;
$user = User::getUserById($this->getElementValue('id'));
$sql = 'SELECT g.id, g.title FROM groups g WHERE id NOT IN (SELECT gm.id FROM group_memberships gm WHERE gm.user = :userId) AND g.id != :userPrimaryGroup';
$stmt = $db->prepare($sql);
$stmt->bindValue(':userId', $user->getId());
$stmt->bindValue(':userPrimaryGroup', $user->getData('group'));
$stmt->execute();
return $stmt->fetchAll();
}
private function validateUsername()
{
if (!is_numeric($this->getElementValue('assignedTo'))) {
try {
$user = User::getUser($this->getElementValue('assignedTo'));
$this->getElement('assignedTo')->setValue($user->getId());
} catch (\libAllure\UserNotFoundException $e) {
$this->setElementError('assignedTo', 'Username not found.');
}
}
}
public function validateExtended()
{
if (empty($_SESSION['userHidden'])) {
try {
$this->user = User::getUser($this->getElementValue('username'));
if ($this->user->getData('group') == 1) {
$this->setElementError('username', 'You cannot SUDO into an admin account.');
}
} catch (\libAllure\UserNotFoundException $e) {
$this->setElementError('username', 'Username not found');
}
}
}
public function __construct($userId = null)
{
parent::__construct('formUpdateProfile', 'Update profile');
if ($userId == null) {
$user = Session::getUser();
} else {
if ($userId != Session::getUser()->getId()) {
requirePrivOrRedirect('EDIT_USERS', 'index.php');
$user = User::getUserById($userId);
} else {
$user = Session::getUser();
}
}
$this->user = $user;
$this->addSection('Bio');
$this->addElement(new ElementHidden('action', null, 'edit'));
$this->addElement(new ElementHidden('user', null, $user->getId()));
$this->addElement(new ElementEmail('email', 'E-Mail Address', $user->getData('email')));
$elementRealName = $this->addElement(new ElementAlphaNumeric('realName', 'Real Name', $user->getData('real_name')));
$elementRealName->setMinMaxLengths(0, 32);
$elementLocation = $this->addElement(new ElementAlphaNumeric('location', 'Location', $user->getData('location')));
$elementLocation->setMinMaxLengths(0, 64);
$this->addElement(new ElementInputRegex('mobileNo', 'Mobile No.', $user->getData('mobileNo')))->setMinMaxLengths(0, 16);
$this->getElement('mobileNo')->setPattern('#^[\\d ]+$#', 'numbers and spaces');
$this->getElement('mobileNo')->setMinMaxLengths(11, 15);
$this->addSection('Preferences');
$this->addElement(new ElementCheckbox('mailingList', 'Mailing list', $user->getData('mailingList')));
$now = date_create();
$elementDateFormat = $this->addElement(new ElementSelect('dateFormat', 'Date format', $user->getData('dateFormat')));
$elementDateFormat->addOption('ISO date format (recommended): ' . formatDt($now, 'Y-m-d'), 'Y-m-d H:i');
$elementDateFormat->addOption('UK, numeric date format: ' . formatDt($now, 'd-m-Y'), 'd-m-Y');
$elementDateFormat->addOption('UK, long date format: ' . formatDt($now, 'jS M Y'), 'jS M Y');
$elementDateFormat->addOption('USA, numeric date format: ' . formatDt($now, 'm-d-Y'), 'm-d-Y');
$elementDateFormat->addOption('Opus date format: ' . formatDtOpus($now), 'opus');
$this->addSection('Change password');
if (Session::getUser()->getUsername() == $user->getUsername()) {
$this->addElement(new ElementPassword('passwordCurrent', 'Current password', null, 'Fill this field out if you would like to change your password.'));
$this->getElement('passwordCurrent')->setOptional(true);
}
$this->addElement(new ElementPassword('password1', 'New Password', null))->setOptional(true);
$this->addElement(new ElementPassword('password2', 'New Password (confirm)', null))->setOptional(true);
if (Session::getUser()->hasPriv('EDIT_BANS')) {
$this->addSection('Banning and admin stuff');
$this->addElement(new ElementInput('bannedReason', 'Banned reason', $user->getData('bannedReason'), 'Enter a reason to ban this user. Leave it blank to keep the user active.'));
$this->getElement('bannedReason')->addSuggestedValue('', 'Clear ban');
$this->getElement('bannedReason')->setMinMaxLengths(0, 256);
$this->addElement(new ElementCheckbox('emailFlagged', 'Email flagged?', $user->getData('emailFlagged')));
}
$this->addButtons(Form::BTN_SUBMIT);
}
require_once 'includes/widgets/footer.php';
break;
case 'revoke':
$priv = $sanitizer->filterUint('priv');
$groupId = $sanitizer->filterUint('group');
$sql = 'DELETE FROM privileges_g WHERE permission = :priv AND `group` = :groupId ';
$stmt = $db->prepare($sql);
$stmt->bindValue(':priv', $priv);
$stmt->bindValue(':groupId', $groupId);
$stmt->execute();
redirect('group.php?action=view&id=' . $groupId, 'Permision revoked');
break;
case 'kick':
Session::requirePriv('GROUP_KICK');
$group = new Group($sanitizer->filterUint('group'));
$user = User::getUserById($sanitizer->filterUint('user'));
$sql = 'DELETE FROM group_memberships WHERE user = :userId AND `group` = :groupId LIMIT 1';
$stmt = $db->prepare($sql);
$stmt->bindValue(':userId', $user->getId());
$stmt->bindValue(':groupId', $group->getId());
$stmt->execute();
redirect('group.php?action=view&id=' . $group->getId(), 'User kicked from group.');
break;
case 'edit':
$id = $sanitizer->filterUint('id');
$group = new Group($id);
$f = new FormGroupEdit();
$f->addElement(new ElementHidden('action', null, 'edit'));
if ($f->validate()) {
$f->process();
}
{
$sql = 'SELECT a.id FROM authenticated_machines a WHERE a.user = :user AND a.event = :event';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':user', $user);
$stmt->bindValue(':event', $event);
$stmt->execute();
$authenticatedMachines = $stmt->fetchAll();
return $authenticatedMachines;
}
$sanitizer = Sanitizer::getInstance();
$username = $sanitizer->filterString('username');
$password = $sanitizer->filterString('password');
$isStaff = $sanitizer->filterString('fullrequest');
try {
Session::checkCredentials($username, $password);
$user = User::getUser($username);
} catch (\libAllure\UserNotFoundException $e) {
apiReturn('reject-authentication', 'User not found');
} catch (\libAllure\IncorrectPasswordException $e) {
apiReturn('reject-authentication', 'Password is incorrect');
}
$event = getEvent();
$signupStatus = getSignupStatus($user->getId(), $event['id']);
switch ($signupStatus) {
case 'PAID':
$authenticatedMachines = getAuthenticatedMachines($user->getId(), $event['id']);
$sql = 'SELECT s.numberMachinesAllowed FROM signups s WHERE s.user = :user AND s.event = :event';
$stmt = DatabaseFactory::getInstance()->prepare($sql);
$stmt->bindValue(':user', $user->getId());
$stmt->bindValue(':event', $event['id']);
$stmt->execute();
<?php
require_once 'includes/common.php';
require_once 'includes/classes/FormAddUserToGroup.php';
use libAllure\Session;
use libAllure\User;
try {
if (isset($_REQUEST['id'])) {
$user = User::getUserById($_REQUEST['id']);
} else {
$user = Session::getUser();
}
} catch (Exception $e) {
$tpl->error('Could not find user.');
}
if (Session::hasPriv('GROUP_EDIT')) {
$formAddUserToGroup = new FormAddUserToGroup($user->getId());
if ($formAddUserToGroup->validate()) {
$formAddUserToGroup->process();
}
}
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
$userArray = array('username' => $user->getData('username'), 'realName' => $user->getData('real_name'), 'registered' => $user->getData('registered'));
$avatarUrl = 'resources/images/avatars/' . $user->getId() . '.png';
if (file_exists($avatarUrl)) {
$userArray['avatar'] = $avatarUrl;
}
if (Session::isLoggedIn() && Session::getUser()->hasPriv('VIEW_PROFILE_PRIVATE')) {
$userArray['canSeePrivate'] = true;
$userArray['lastLogin'] = $user->getData('lastLogin');
<?php
require_once 'includes/common.php';
require_once 'includes/classes/FormSendEmail.php';
use libAllure\Session;
use libAllure\Sanitizer;
use libAllure\User;
Session::requirePriv('SENDEMAIL');
$userId = Sanitizer::getInstance()->filterUint('userId');
$user = User::getUserById($userId);
$email = $user->getData('email');
if (empty($email)) {
redirect('account.php', 'Cannot send email to a user with a blank email address.');
}
$f = new FormSendEmail($email);
$f->addElementHidden('userId', $userId);
if ($f->validate()) {
$f->process();
redirect('profile.php?id=' . $userId, 'Your contribution to the spam on the internet has been completed.');
} else {
require_once 'includes/widgets/header.php';
$tpl->assignForm($f);
$tpl->display('form.tpl');
}
require_once 'includes/widgets/footer.php';
<?php
require_once 'includes/common.php';
use libAllure\Session;
use libAllure\User;
use libAllure\Sanitizer;
use libAllure\SimpleFatalError;
if (!Session::isLoggedIn()) {
$tpl->error('You must be logged in to view the page.');
}
$users = User::getAllLocalUsers();
$sanitizer = new Sanitizer();
$action = $sanitizer->filterString('action');
switch ($action) {
case 'delete':
$id = Sanitizer::getInstance()->filterUint('id');
if ($id == Session::getUser()->getId()) {
throw new SimpleFatalError('Err, you cannot delete yourself. Try jumping off a tall building instead.');
}
if ($id == -1) {
throw new SimpleFatalError('Woooah! Are you trying to make the world explode? You cannot delete the SYSTEM user account!');
}
if (!Session::getUser()->hasPriv('USER_DELETE')) {
throw new SimpleFatalError('Oh gnoes! You dont have permission to do that.');
}
$sql = 'DELETE FROM users WHERE id = "' . $id . '" LIMIT 1 ';
$result = $db->query($sql);
logActivity('User deleted: ' . $id);
redirect('users.php', 'Used deleted... I hope they dont mind..');
break;
case 'edit':
<?php
require_once 'includes/widgets/header.php';
use libAllure\User;
use libAllure\Session;
use libAllure\Sanitizer;
if (!Session::isLoggedIn()) {
redirect('index.php', 'Guests do not have attendance records.');
}
if (!Session::hasPriv('VIEW_ATTENDANCE')) {
redirect('account.php', 'Do you not have permission to view your attendance record');
}
if (!isset($_REQUEST['user'])) {
$user = Session::getUser();
} else {
$user = User::getUserById(Sanitizer::getInstance()->filterUint('user'));
}
$attendance = getUserSignups($user->getId());
require_once 'includes/widgets/sidebar.php';
$tpl->assign('stats', getSignupStatistics($attendance));
$tpl->assign('username', $user->getUsername());
$tpl->assign('userId', $user->getId());
$tpl->assign('attendance', $attendance);
$tpl->assign('privViewSignupComments', Session::hasPriv('VIEW_SIGNUP_COMMENTS'));
$tpl->display('attendanceRecord.tpl');
require_once 'includes/widgets/footer.php';
