Esempio n. 1
0
 public function isUserAuthenticated($auth_required = true)
 {
     // Cached Result... (if checked before, return the result)
     if ($this->authentication != self::AUTH_UNKNOWN) {
         return $this->authentication == self::AUTH_PASSED;
     }
     // Check Token Validity -- Avoid DB Overhead
     if (self::isSessionIDValid($this->id)) {
         $db = Database::getConnection();
         $query = $db->query("SELECT user_id, update_timestamp, persistent FROM " . self::TABLE_NAME . " WHERE (id=:id) AND (expiry_timestamp > :now)", array(":id" => $this->id, ":now" => Carbon::now()));
     } else {
         if (!$auth_required) {
             return false;
         }
     }
     // Check Query Result (and that it was executed)
     if (isset($query) && $query && $query->rowCount()) {
         $db_row = $query->fetch(PDO::FETCH_ASSOC);
         $this->user_id = $db_row['user_id'];
         // only set here, force people to call this function first before being allowed to look at the ID
         // We need to renew sessions on a regular basis in order for us to determine when sessions become inactive...
         if (Carbon::parse($db_row['update_timestamp'])->diffInSeconds(Carbon::now()) > self::SESSION_RENEWAL_PERIOD_SECONDS) {
             $this->create($db_row['user_id'], isTrue($db_row['persistent']));
         }
         // renew
         $this->authentication = self::AUTH_PASSED;
         return true;
     } else {
         if ($auth_required) {
             // Determine the Current Target/Action
             $request = RequestModel::currentRequest();
             $router = RouteController::getController();
             $route = $router->findRouteForURL($request->url());
             // Add Query Params?
             $url = $router->urlForAction($route->action(), $route->extractArgs($request->url()));
             if (count($request->queryArgArray())) {
                 $url = addQueryParams($url, $request->queryArgArray());
             }
             // Request a Login
             AppController::requestUserLogin($url);
             // we need to extract and re-inject any args or we lose context...
         } else {
             $this->authentication = self::AUTH_FAILED;
             return false;
         }
     }
 }
Esempio n. 2
0
 public static function redirect($url, $query_parameters = array())
 {
     $request = RequestModel::currentRequest();
     $redirect_host = parse_url($url, PHP_URL_HOST);
     // Check that we're redirecting to our own domain, avoids potential security issues...
     if (!isValidURL($url)) {
         $url = '/';
         // fallback
     } else {
         if ($redirect_host !== HOSTNAME) {
             // Remote Domain!
             (new Log(SECURITY_LOG))->logMessage("Attempted redirect to external URL: {$url}");
             $url = '/';
             // fallback
         } else {
             // URL is OK, modify the existing URL if parameters were specified...
             if (!empty($query_parameters)) {
                 $url = addQueryParams($url, $query_parameters);
             }
         }
     }
     // OK to Redirect User?
     if (headers_sent($file, $line)) {
         // Log Error
         (new Log(ERROR_LOG))->logMessage("Unable to redirect, headers already sent in {$file} on line {$line}");
         // Ask user for manual redirection...
         echo "Unable to redirect automatically, please click this link: <a href=\"{$url}\">{$url}</a>";
     } else {
         // We're OK to Redirect
         header("Location: {$url}");
     }
     exit;
     // terminate
 }
Esempio n. 3
0
 public function resetPassword()
 {
     $this->view = new HTMLView();
     if ($this->request->isPOST()) {
         $post = $this->request->postData();
         $user = new UserModel();
         if ($this->request->isQueryArgSet('token')) {
             if ($user->getUserForPasswordResetToken($this->request->queryArgValue('token'))) {
                 $user->password = @$post['password'];
                 if ($user->save()) {
                     $user->deletePasswordResetTokens();
                     $alert = new Alert(Alert::SUCCESS);
                     $alert->addMessage('Password Set, Please Login');
                 } else {
                     $alert = new Alert(Alert::ERROR);
                     $alert->addMessageArray($user->getErrors());
                 }
                 $this->view->includeTemplate('auth.reset-password.password', ['app_name' => AppConfig::getValue('app_name'), 'alert' => $alert]);
             } else {
                 AppController::redirect(RouteController::fqURL('resetPassword'), ['status' => 'token-expired']);
             }
         } else {
             if ($post['email'] && $user->find($post['email'], 'email')) {
                 $token = $user->getPasswordResetTokenData();
                 if ($token['last_email_timestamp'] <= Carbon::now()->subMinutes(pow(2, $token['email_attempts']))) {
                     $user->incrementPasswordResetEmailCount();
                     $link = addQueryParams(RouteController::fqURL('resetPassword'), ['token' => $token['token']]);
                     // Send Email
                     $mailer = new Mailer();
                     $mailer->setSubject('Password Reset Token');
                     $mailer->addAddress($user->email);
                     $mailer->includeHTMLTemplate('email.reset-password', ['link' => $link]);
                     $mailer->send();
                     // errors handled within
                     // Show Message
                     $alert = new Alert(Alert::SUCCESS);
                     $alert->addMessage('Email Sent');
                 } else {
                     $alert = new Alert(Alert::ERROR);
                     $alert->addMessage('Too Many Attempts, Please Try Again Later');
                 }
                 $this->view->includeTemplate('auth.reset-password.email', ['app_name' => AppConfig::getValue('app_name'), 'alert' => $alert]);
             } else {
                 $alert = new Alert(Alert::ERROR);
                 $alert->addMessage('Email is Invalid/Non-Existent');
                 $this->view->includeTemplate('auth.reset-password.email', ['app_name' => AppConfig::getValue('app_name'), 'alert' => $alert]);
             }
         }
     } else {
         if ($this->request->isQueryArgSet('token')) {
             $user = new UserModel();
             if ($user->getUserForPasswordResetToken($this->request->queryArgValue('token'))) {
                 $this->view->includeTemplate('auth.reset-password.password', ['app_name' => AppConfig::getValue('app_name')]);
             } else {
                 AppController::redirect(RouteController::fqURL('resetPassword'), ['status' => 'token-expired']);
             }
         } else {
             if ($this->request->isQueryArgSet('status') && $this->request->queryArgValue('status') == 'token-expired') {
                 $alert = new Alert(Alert::ERROR);
                 $alert->addMessage('Token is Invalid/Expired, Please Request a New One');
             }
             $this->view->includeTemplate('auth.reset-password.email', ['app_name' => AppConfig::getValue('app_name'), 'alert' => isset($alert) ? $alert : null]);
         }
     }
     $this->view->render(true);
 }
Esempio n. 4
0
<html lang="en">

<?php 
require HTMLView::pathForTemplate('layout.head');
?>

<body>
	<div class="container">
		<h1>Payment Method</h1>
		<h3>Cards</h3>
		<?php 
if (!empty($cards) && is_array($cards)) {
    echo '<table style="width: 100%; text-align: center;"><tr><th></th><th>Expires</th></tr>';
    foreach ($cards as $card) {
        // Create Row HTML
        printf('<tr><td>%s ending %s (<a href="%s">delete</a>)</td><td>%02d/%s</td></tr>', $card['brand'], $card['last4'], addQueryParams(RouteController::fqURL('subscription.payment'), ['card' => $card['id'], 'action' => 'remove-card']), $card['expiry_month'], substr($card['expiry_year'], 2));
    }
    echo '</table>';
}
?>
		<h3>Add New Card</h3>
		<p style="color: red; font-size: 13px;">Valid TESTING Values</p>
		<form id="add-card" action="javascript:void(0);">
			<?php 
CSRFPRotection::generateHTMLTag();
?>
			<label>Card Number:</label>
			<input type="text" id="card-number" style="width: 200px;" maxlength="19" value="4242424242424242">
			<br><br>
			<label>Expires:</label>
			<select id="expiry-month">
 public function payment()
 {
     $user = $this->session->user();
     if ($this->request->isPOST()) {
         $post = $this->request->postData();
         if (!empty($post['token'])) {
             try {
                 \Stripe\Stripe::setApiKey(AppConfig::getValue('stripe_secret_api_key'));
                 // New Customer?
                 if (!$user->isStripeCustomer()) {
                     $newCustomer = true;
                     // Create Customer
                     $customer = \Stripe\Customer::create(['email' => $user->email]);
                     $user->setStripeData(['customer_id' => $customer->id]);
                     $user->save();
                     // save now!
                 } else {
                     $newCustomer = false;
                     // Fetch Customer
                     $customer = $this->getCustomer($user);
                 }
                 // Add/Create Card
                 $customer->sources->create(['card' => $post['token']]);
                 // Done, Redirect...
                 AppController::redirect(addQueryParams(RouteController::fqURL($newCustomer ? 'subscription.plan' : 'subscription.payment'), ['status' => 'card-added']));
             } catch (\Stripe\Error\Card $exception) {
                 $this->logStripeException($exception, $user->email);
             } catch (\Stripe\Error\InvalidRequest $exception) {
                 $this->logStripeException($exception, $user->email);
             } catch (\Stripe\Error\Authentication $exception) {
                 $this->logStripeException($exception, $user->email);
             } catch (\Stripe\Error\ApiConnection $exception) {
                 $this->logStripeException($exception, $user->email);
             } catch (\Stripe\Error\Base $exception) {
                 $this->logStripeException($exception, $user->email);
             }
         } else {
             AppController::fatalError('token (required) was missing from the request');
         }
     } else {
         if ($this->request->isQueryArgSet('card') && $this->request->queryArgValue('action') === 'remove-card') {
             try {
                 \Stripe\Stripe::setApiKey(AppConfig::getValue('stripe_secret_api_key'));
                 // Fetch Customer and Cards
                 $customer = $this->getCustomer($user);
                 $cards = $this->getCardsOnFile($customer);
                 // Enough Cards? (backup)
                 if ($cards && count($cards['data']) > 1) {
                     // Remove Card
                     $customer->sources->retrieve($this->request->queryArgValue('card'))->delete();
                     // Done, Redirect...
                     AppController::redirect(addQueryParams(RouteController::fqURL('subscription.payment'), ['status' => 'card-removed']));
                 } else {
                     // Need to Add a Card First (or cancel subscription)
                     AppController::redirect(addQueryParams(RouteController::fqURL('subscription.payment'), ['status' => 'no-backup']));
                 }
             } catch (\Stripe\Error\Card $exception) {
                 $this->logStripeException($exception, $user->email);
             } catch (\Stripe\Error\InvalidRequest $exception) {
                 $this->logStripeException($exception, $user->email);
             } catch (\Stripe\Error\Authentication $exception) {
                 $this->logStripeException($exception, $user->email);
             } catch (\Stripe\Error\ApiConnection $exception) {
                 $this->logStripeException($exception, $user->email);
             } catch (\Stripe\Error\Base $exception) {
                 $this->logStripeException($exception, $user->email);
             }
         }
     }
     try {
         if (!isset($customer) && $user->isStripeCustomer()) {
             \Stripe\Stripe::setApiKey(AppConfig::getValue('stripe_secret_api_key'));
             $customer = $this->getCustomer($user);
             $cards = $this->getCardsOnFile($customer);
             foreach ($cards['data'] as $card) {
                 $cardList[] = ['id' => $card->id, 'last4' => $card->last4, 'brand' => $card->brand, 'expiry_month' => $card->exp_month, 'expiry_year' => $card->exp_year];
             }
         }
     } catch (\Stripe\Error\Card $exception) {
         $this->logStripeException($exception, $user->email);
     } catch (\Stripe\Error\InvalidRequest $exception) {
         $this->logStripeException($exception, $user->email);
     } catch (\Stripe\Error\Authentication $exception) {
         $this->logStripeException($exception, $user->email);
     } catch (\Stripe\Error\ApiConnection $exception) {
         $this->logStripeException($exception, $user->email);
     } catch (\Stripe\Error\Base $exception) {
         $this->logStripeException($exception, $user->email);
     }
     $this->view = new HTMLView();
     $this->view->includeTemplate('subscription.payment', ['app_name' => AppConfig::getValue('app_name'), 'cards' => isset($cardList) ? $cardList : null]);
     $this->view->render(true);
 }