/** * @param Request $request * * @return bool */ public function searchAuthors(Request $request) { $field = Validator::sanitizeText($request->get('field')); $search = Validator::sanitizeText($request->get('search')); if (!$search) { $this->errors[] = 'Your search input is invalid'; return false; } $search_words = explode(' ', $search); $repo = new AuthorRepository($this->db); switch (true) { case $field === 'given': foreach ($search_words as $word) { $repo->where('given', 'LIKE', '%' . $word . '%'); } break; case $field === 'family': foreach ($search_words as $word) { $repo->where('family', 'LIKE', '%' . $word . '%'); } break; case $field === 'about': foreach ($search_words as $word) { $repo->where('about', 'LIKE', '%' . $word . '%'); } break; default: throw new UnexpectedValueException(); } $this->result = $repo->order('family', 'ASC')->find(); return true; }
/** @noinspection PhpUnusedPrivateMethodInspection * @param Request $request * * @return bool */ private function sendNewPassword(Request $request) { $user_id = Validator::sanitizeText($request->post('user_id')); if (!$user_id) { throw new UnexpectedValueException(); } $repo = new UserRepository($this->db); $user = $repo->where('id', '=', $user_id)->findSingle(); $password = $this->auth->generatePassword(); //print_r('new pw is '.$password); // TODO remove this $this->auth->setPassword($user->getName(), $password); $subject = 'Your password at ' . Request::createUrl() . ' was reset!'; $message = 'Greetings,' . "\n\n" . $this->auth->getCurrentUser()->getName() . ' has reset your password for you at ' . Request::createUrl() . '.' . "\n\n"; $message .= 'The new temporary password is: ' . $password . "\n"; $message .= "\n" . 'Please change your password soon at ' . Request::createUrl(array('p' => 'user')) . '!'; if (MailHandler::sendMail($user->getMail(), $subject, $message)) { return true; } else { $this->errors[] = 'The mail to the user could not be sent'; return false; } }
/** @noinspection PhpUnusedPrivateMethodInspection * @param Request $request * * @return string * @throws Exception * @throws NotFoundException */ private function login(Request $request) { $errors = array(); if ($request->post('username') && $request->post('password')) { $username = Validator::sanitizeText($request->post('username')); $password = Validator::sanitizeText($request->post('password')); if ($this->auth->login($username, $password)) { $destination = !empty($_SESSION['referrer']) ? $_SESSION['referrer'] : Request::createUrl(array(), true); $this->redirect($destination); } else { $errors[] = 'Invalid user name or password'; } } $view = new View('login', $errors); return $view->display(); }
/** @noinspection PhpUnusedPrivateMethodInspection * @param Request $request * * @return bool * @throws PermissionRequiredException * @throws exceptions\LoginRequiredException */ private function edit(Request $request) { if (!$this->auth->checkPermission(Auth::EDIT_PUBLICATION)) { throw new PermissionRequiredException(Auth::EDIT_PUBLICATION); } $id = Validator::sanitizeNumber($request->get('id')); $type = Validator::sanitizeText($request->post('type')); if (!$id || !$type) { throw new UnexpectedValueException(); } $validator = $this->model->getValidator($type); if ($validator->validate($request->post())) { $input = $validator->getSanitizedResult(); $this->model->update($id, $input); return true; } else { $this->errors = array_merge($this->errors, $validator->getErrors()); return false; } }
/** @noinspection PhpUnusedPrivateMethodInspection * @param Request $request * * @return bool|int */ private function changePassword(Request $request) { $password = Validator::sanitizeText($request->post('password')); if (!$password || !$this->auth->validateLogin($this->user->getName(), $password)) { $this->errors[] = 'Invalid current password'; return false; } $password_new = Validator::sanitizeText($request->post('password_new')); $password_confirm = Validator::sanitizeText($request->post('password_confirm')); if (!$password_new || !$password_confirm) { $this->errors[] = 'New password required but invalid'; return false; } if ($password_new !== $password_confirm) { $this->errors[] = 'Entered passwords are not the same'; return false; } return $this->auth->setPassword($this->user->getName(), $password_new); }
/** * * @param string $url * * @return boolean */ private function getInputFromUrl($url) { if (ini_get('allow_url_fopen')) { $sccOpts = array('http' => array('timeout' => 200)); $input = @file_get_contents($url, false, stream_context_create($sccOpts)); if ($input) { return Validator::sanitizeText($input); } } else { $this->errors[] = 'Can not get content from URL. file_get_contents is disabled by server configuration allow_url_fopen=0'; } return false; }