/**
* Process selected currencies and redirect to the next wizard page if successful.
*/
require_login();
$user = get_user(user_id());
require_user($user);
$errors = array();
$messages = array();
require __DIR__ . "/../graphs/managed.php";
// get all of our limits
$accounts = user_limits_summary(user_id());
$preferred_crypto = require_post("preferred_crypto", false);
$preferred_fiat = require_post("preferred_fiat", false);
$preference = require_post("preference");
$managed = require_post("managed", array());
$categories = get_managed_graph_categories();
// checks
if ($preference == "managed" && !$managed) {
$errors[] = t("You need to select at least one category of graph portfolio preferences.");
}
if (!in_array($preferred_crypto, get_all_cryptocurrencies())) {
$errors[] = t("Invalid preferred cryptocurrency.");
}
if (!is_fiat_currency($preferred_fiat)) {
$errors[] = t("Invalid preferred fiat currency.");
}
if (!in_array($preference, array('auto', 'managed', 'none'))) {
$errors[] = t("Invalid graph management preference.");
}
if ($preference != "none" && !$preferred_fiat) {
redirect(url_for(require_post("callback")));
}
}
}
// process 'enable'
if (require_post('enable', false) && require_post('id', false)) {
if (!can_user_add($user, $account_data['exchange'])) {
$errors[] = t("Cannot enable :title: too many existing accounts.", array(':title' => $account_data['title'])) . ($user['is_premium'] ? "" : " " . t("To add more accounts, upgrade to a :premium_account.", array(':premium_account' => link_to(url_for('premium'), t('premium account')))));
} else {
if ($account_data['disabled']) {
$errors[] = t("Cannot enable that account; that account type is disabled.");
} else {
// reset all failure fields
$q = db()->prepare("UPDATE " . $account_data['table'] . " SET is_disabled=0,is_disabled_manually=0,first_failure=NULL,failures=0 WHERE id=? AND user_id=?");
$q->execute(array(require_post("id"), user_id()));
$messages[] = t("Enabled :title.", array(':title' => htmlspecialchars($account_data['title'])));
set_temporary_messages($messages);
redirect(url_for(require_post("callback")));
}
}
}
// process enable_creator, disable_creator, reset_creator
$account_data['label'] = "account";
require __DIR__ . "/_wizard_accounts_creator_post.php";
// either there was an error or we haven't done anything; go back to callback
set_temporary_errors($errors);
set_temporary_messages($messages);
$_SESSION['wizard_data'] = $_POST;
// store so we can restore it on the callback page
redirect(url_for(require_post("callback"), array("title" => require_post("title", false), "exchange" => require_post("type", false))));
while ($a = $q->fetch()) {
$addresses[$a['address']] = $a;
}
// lets read this file in as CSV
// we don't store this CSV file on the server
if (isset($_FILES['csv'])) {
$fp = fopen($_FILES['csv']['tmp_name'], "r");
while ($fp && ($row = fgetcsv($fp, 1000, ",")) !== false) {
process_csv_upload_row($row);
}
} else {
// TODO using explode() here is not great; should use CSV functions instead (maybe fopen on a string?)
$input = explode("\n", require_post("addresses"));
foreach ($input as $row) {
if (require_post("title", false)) {
$row = require_post("title") . "," . $row;
}
process_csv_upload_row(explode(",", $row));
}
}
// update messages
if ($invalid_addresses) {
$errors[] = t(":addresses were invalid and were not added.", array(':addresses' => plural("address", "addresses", $invalid_addresses)));
}
if ($limited_addresses) {
$errors[] = t("Could not add :addresses: too many existing addresses.", array(':addresses' => plural("address", "addresses", $limited_addresses))) . ($user['is_premium'] ? "" : " " . t("To add more addresses, upgrade to a :premium_account.", array(':premium_account' => link_to(url_for('premium'), t('premium account')))));
}
$messages[] = t("Added :new and updated :existing.", array(':new' => plural("new address", "new addresses", $new_addresses), ':existing' => plural("existing address", "existing addresses", $existing_addresses)));
// redirect to GET
set_temporary_messages($messages);
set_temporary_errors($errors);
<?php
/**
* Allows users to add additional OAuth2 locations for their account.
* Issue #266
*/
require_login();
// POST overrides GET
$oauth2 = require_post("oauth2", require_get("oauth2", false));
$messages = array();
$errors = array();
try {
if ($oauth2) {
$user = \Users\User::getInstance(db());
$args = array("oauth2" => $oauth2);
$url = absolute_url(url_for('oauth2_add', $args));
$provider = Users\OAuth2Providers::createProvider($oauth2, $url);
try {
\Users\UserOAuth2::addIdentity(db(), $user, $provider);
$messages[] = t("Added OAuth2 identity ':identity' to your account.", array(':identity' => htmlspecialchars($provider->getKey())));
// redirect
$destination = url_for('user#user_openid');
set_temporary_messages($messages);
set_temporary_errors($errors);
redirect($destination);
} catch (\Users\UserSignupException $e) {
$errors[] = $e->getMessage();
}
}
} catch (Exception $e) {
if (!$e instanceof EscapedException) {
<?php
/**
* Process selected currencies and redirect to the next wizard page if successful.
*/
require_login();
$user = get_user(user_id());
require_user($user);
$errors = array();
$messages = array();
// get all of our limits
$accounts = user_limits_summary(user_id());
$currencies = require_post("currencies", array());
$exchanges = require_post("exchanges", array());
$cryptos = get_all_cryptocurrencies();
$fiats = get_all_fiat_currencies();
$commodities = get_all_commodity_currencies();
// go through all fiat currencies and, if no exchange is selected, select a default one
foreach ($fiats as $c) {
if (in_array($c, $currencies)) {
$found = false;
foreach ($exchanges as $e) {
$prefix = "summary_" . $c . "_";
if (substr($e, 0, strlen($prefix)) == $prefix) {
// found one
$found = true;
}
}
if (!$found) {
$exchanges[] = "summary_" . $c . "_" . get_default_currency_exchange($c);
}
$q->execute(array());
$coins = array();
$last_calculated = false;
while ($coin = $q->fetch()) {
$coins[$coin['id']] = $coin;
$last_calculated = max($last_calculated, $coin['last_updated']);
}
$my_coins = array();
if (user_logged_in()) {
// perform post logic
if (require_post("update_votes", false)) {
// delete all existing votes for this user
$q = db()->prepare("DELETE FROM vote_coins_votes WHERE user_id=?");
$q->execute(array(user_id()));
// create new votes
$my_coins = require_post("coins", array());
foreach ($my_coins as $id) {
if (isset($coins[$id])) {
$q = db()->prepare("INSERT INTO vote_coins_votes SET user_id=?,coin_id=?,created_at=NOW()");
$q->execute(array(user_id(), $id));
} else {
$errors[] = t("Unknown coin :id.", array(':id' => $id));
}
}
$messages[] = t("Updated your votes.");
} else {
// get my voted coins
$q = db()->prepare("SELECT * FROM vote_coins_votes WHERE user_id=?");
$q->execute(array(user_id()));
$my_coins = array();
while ($coin = $q->fetch()) {
// make sure that we don't add technicals that are premium only
$graph_technical_types = graph_technical_types();
if (!isset($graph_technical_types[$technical])) {
$errors[] = "Could not add technical type '" . htmlspecialchars($technical) . "' - no such technical type.";
} else {
if ($graph_technical_types[$technical]['premium'] && !$user['is_premium']) {
$errors[] = "Could not add technical type '" . htmlspecialchars($graph_technical_types[$technical]['title']) . "' - requires a <a href=\"" . htmlspecialchars(url_for('premium')) . "\">premium account</a>.";
} else {
// it's OK
// delete any existing technicals (even if we're inserting, since this logic is used for edit too)
// (we limit a graph to only have a single technical at the moment)
$q = db()->prepare("DELETE FROM graph_technicals WHERE graph_id=?");
$q->execute(array($graph_id));
// insert a new technical
$q = db()->prepare("INSERT INTO graph_technicals SET graph_id=:graph_id, technical_type=:type, technical_period=:period");
$q->execute(array('graph_id' => $graph_id, 'type' => $technical, 'period' => min(get_site_config('technical_period_max'), max(1, (int) require_post("period", 0)))));
$technical_added = htmlspecialchars($graph_technical_types[$technical]['title']);
}
}
} else {
// otherwise, delete old technicals
$q = db()->prepare("DELETE FROM graph_technicals WHERE graph_id=?");
$q->execute(array($graph_id));
}
// redirect
$args = array(':heading' => $graph_types[$graph_type]['heading'], ':technical' => $technical_added);
if ($is_edit) {
if ($technical_added) {
$messages[] = t("Edited :heading graph, with :technical.", $args);
} else {
$messages[] = t("Edited :heading graph.", $args);
* Admin vote coins page.
*/
require_admin();
require __DIR__ . "/../layout/templates.php";
require __DIR__ . "/../layout/graphs.php";
$messages = array();
$errors = array();
// process POST
if (require_post("code", false) && require_post("title", false)) {
$q = db()->prepare("INSERT INTO vote_coins SET code=?, title=?");
$q->execute(array(require_post("code"), require_post("title")));
$messages[] = "Added coin " . require_post("code") . ".";
}
if (require_post("id", false)) {
$q = db()->prepare("SELECT * FROM vote_coins WHERE id=?");
$q->execute(array(require_post("id")));
$vote = $q->fetch();
if (!$vote) {
$errors[] = "Could not find any such vote_coins";
} else {
$sent = 0;
$q = db()->prepare("SELECT * FROM vote_coins_votes JOIN users ON vote_coins_votes.user_id=users.id WHERE coin_id=?");
$q->execute(array($vote['id']));
while ($user = $q->fetch()) {
if ($user['email']) {
send_user_email($user, "voted_coin", array("name" => $user['name'] ? $user['name'] : $user['email'], "code" => strtolower($vote['code']), "abbr" => get_currency_abbr(strtolower($vote['code'])), "title" => get_currency_name(strtolower($vote['code'])), "original_title" => $vote['title'], "total_users" => plural("other user", $vote['total_users']), "url" => absolute_url(url_for("vote_coins")), "wizard" => absolute_url(url_for("wizard_currencies"))));
$sent++;
}
}
$messages[] = "Sent notifications to " . plural("user", $sent) . ".";
// remove vote_coins and vote_coins_votes entries
* A user may revisit this page at any time to reconfigure their notifications.
*/
require_login();
$messages = array();
// get all of our accounts
global $accounts;
$accounts = user_limits_summary(user_id());
// enable/disable notifications
if (require_post("disable", false)) {
$q = db()->prepare("UPDATE notifications SET is_disabled=1 WHERE id=? AND user_id=?");
$q->execute(array(require_post("disable"), user_id()));
$messages[] = t("Disabled notification.");
}
if (require_post("enable", false)) {
$q = db()->prepare("UPDATE notifications SET is_disabled=0 WHERE id=? AND user_id=?");
$q->execute(array(require_post("enable"), user_id()));
$messages[] = t("Enabled notification.");
}
require __DIR__ . "/../layout/templates.php";
page_header(t("Notification Preferences"), "page_wizard_notifications", array('js' => array('wizard', 'notifications', 'accounts'), 'class' => 'page_accounts'));
global $user;
$user = get_user(user_id());
require_user($user);
// get all of our notifications
$q = db()->prepare("SELECT * FROM notifications WHERE user_id=? ORDER BY notification_type DESC, id ASC");
$q->execute(array(user_id()));
$notifications = $q->fetchAll();
// are we editing one?
$instance = false;
$account = false;
if (require_get("edit", false)) {
<?php
/**
* Set the current session, cookie or user language.
*/
use Openclerk\I18n;
$locale = require_post("locale");
$redirect = require_post("redirect");
$available = I18n::getAvailableLocales();
if (!isset($available[$locale])) {
throw new LocaleException("Locale '{$locale}' does not exist for user selection");
}
I18n::setLocale($locale);
// update cookies
setcookie('locale', $locale, time() + 60 * 60 * 24 * 365 * 10);
// update users
if (user_logged_in()) {
$user = get_user(user_id());
$q = db()->prepare("UPDATE user_properties SET locale=? WHERE id=?");
$q->execute(array($locale, user_id()));
}
// go back to their previous page
redirect($redirect);
<?php
/**
* Admin page for displaying the status of accounts in the system, allowing us to see
* if particular classes of accounts are failing.
*/
require_admin();
require __DIR__ . "/../layout/templates.php";
require __DIR__ . "/../layout/graphs.php";
$messages = array();
$errors = array();
// enabling accounts?
if (require_post("enable", false)) {
$exchange = require_post("enable");
$account_data = get_account_data($exchange);
// we re-enable ALL accounts, not just accounts belonging to active users, so that when a disabled user
// logs back in, they automatically get their disabled accounts disabled as well
$q = db()->prepare("SELECT t.*, users.email, user_properties.name AS users_name, user_properties.is_disabled AS user_is_disabled FROM " . $account_data['table'] . " t\n JOIN users ON t.user_id=users.id\n JOIN user_properties ON users.id=user_properties.id\n WHERE t.is_disabled=1");
$q->execute();
$count = 0;
$accounts = $q->fetchAll();
foreach ($accounts as $account) {
// re-enable it
$q = db()->prepare("UPDATE " . $account_data['table'] . " SET is_disabled=0 WHERE id=? AND is_disabled_manually=0");
$q->execute(array($account['id']));
// email the user if their account is not disabled
if (!$account['user_is_disabled']) {
if ($account['email']) {
$user_temp = array('email' => $account['email'], 'name' => $account['users_name']);
send_user_email($user_temp, "reenable", array("name" => $account['users_name'] ? $account['users_name'] : $account['email'], "exchange" => get_exchange_name($exchange), "label" => $account_data['label'], "labels" => $account_data['labels'], "title" => isset($account['title']) && $account['title'] ? "\"" . $account['title'] . "\"" : "untitled", "url" => absolute_url(url_for("wizard_accounts"))));
$messages[] = "Sent enabled message to " . htmlspecialchars($account['email']);
<?php
require __DIR__ . "/../layout/graphs.php";
require_login();
$messages = array();
$errors = array();
if (require_post("confirm", false)) {
reset_user_graphs(user_id());
$messages[] = t("User graphs and pages successfully reset.");
} else {
$errors[] = t("Did not reset user graphs and pages: you need to select the confirmation checkbox.");
}
set_temporary_messages($messages);
set_temporary_errors($errors);
redirect(url_for('profile'));
<?php
/**
* Admin page for displaying the status of accounts in the system, allowing us to see
* if particular classes of accounts are failing.
*/
require_admin();
require __DIR__ . "/../layout/templates.php";
require __DIR__ . "/../layout/graphs.php";
$messages = array();
$errors = array();
$exchange = require_post("exchange");
$message = require_post("message", "");
// enabling accounts?
if ($exchange && $message) {
$account_data = get_account_data($exchange);
// we re-enable ALL accounts, not just accounts belonging to active users, so that when a disabled user
// logs back in, they automatically get their disabled accounts disabled as well
$q = db()->prepare("SELECT t.*, users.email, users.name AS users_name, users.is_disabled AS user_is_disabled FROM " . $account_data['table'] . " t\n JOIN users ON t.user_id=users.id\n WHERE t.is_disabled=1");
$q->execute();
$count = 0;
$accounts = $q->fetchAll();
foreach ($accounts as $account) {
// email the user if their account is not disabled
if (!$account['user_is_disabled']) {
if ($account['email']) {
$user_temp = array('email' => $account['email'], 'name' => $account['users_name']);
send_user_email($user_temp, "account_failed_message", array("name" => $account['users_name'] ? $account['users_name'] : $account['email'], "exchange" => get_exchange_name($exchange), "message" => $message, "label" => $account_data['label'], "labels" => $account_data['labels'], "title" => isset($account['title']) && $account['title'] ? "\"" . $account['title'] . "\"" : "untitled", "url" => absolute_url(url_for("wizard_accounts"))));
$messages[] = "Sent message to " . htmlspecialchars($account['email']);
}
}
$user = get_user(user_id());
require_user($user);
// adding a new page?
$title = require_post("title");
$title = substr($title, 0, 64);
// limit to 64 characters
if (!$title) {
$title = t("Untitled");
}
$errors = array();
$messages = array();
// check premium account limits
if (!can_user_add($user, 'graph_pages')) {
$errors[] = t("Cannot add graph page: too many existing graph pages.") . ($user['is_premium'] ? "" : " " . t("To add more graph pages, upgrade to a :premium_account.", array(':premium_account' => link_to(url_for('premium'), t('premium account')))));
set_temporary_errors($errors);
redirect(url_for('profile', array('page' => require_post("page", ""))));
}
// it's OK - let's add a new one
// first get the highest page order so far on this page
$q = db()->prepare("SELECT * FROM graph_pages WHERE user_id=? ORDER BY page_order DESC LIMIT 1");
// including is_removed (in case of restore)
$q->execute(array(user_id()));
$highest = $q->fetch();
$new_order = $highest ? $highest['page_order'] + 1 : 1;
// now insert it
$q = db()->prepare("INSERT INTO graph_pages SET user_id=:user_id, title=:title, page_order=:page_order");
$q->execute(array('user_id' => user_id(), 'title' => $title, 'page_order' => $new_order));
$new_page_id = db()->lastInsertId();
$messages[] = t("Added new graph page :title.", array(':title' => htmlspecialchars($title)));
// redirect
set_temporary_messages($messages);
<?php
require __DIR__ . "/../layout/graphs.php";
require_login();
// removing an existing page?
$page_id = require_post("page");
$confirm = require_post("confirm", false);
if (!$confirm) {
// we're not deleting anything
redirect(url_for('profile', array('page' => $page_id)));
}
// make sure it's our page
$q = db()->prepare("SELECT * FROM graph_pages WHERE user_id=? AND id=?");
$q->execute(array(user_id(), $page_id));
if (!$q->fetch()) {
throw new Exception(t("Cannot find page :id", array(':id' => htmlspecialchars($page_id))));
}
// delete it by hiding it
$q = db()->prepare("UPDATE graph_pages SET updated_at=NOW(),is_removed=1 WHERE user_id=? AND id=? LIMIT 1");
$q->execute(array(user_id(), $page_id));
// redirect to our home page, which will show the first page or none
redirect(url_for('profile'));
"><?php
echo htmlspecialchars($data[0]);
?>
</span></button>
<?php
}
?>
<hr>
<button id="openid" class="openid"><span class="openid openid_manual"><?php
echo ht("OpenID...");
?>
</span></button>
<div id="openid_expand" style="<?php
echo require_post("submit", "") == "Login" ? "" : "display:none;";
?>
">
<table>
<tr>
<th><?php
echo ht("OpenID URL:");
?>
</th>
<td>
<input type="text" name="openid_manual" class="openid" id="openid_manual" size="40" value="<?php
echo htmlspecialchars($openid);
?>
" maxlength="255">
<input type="submit" name="submit" value="<?php
echo ht("Login");
require_user($user);
$currency = require_post("currency", require_get("currency", false));
if (!$currency || !is_valid_currency($currency) || !in_array($currency, get_site_config('premium_currencies'))) {
$errors[] = t("Unknown currency or no currency specified.");
set_temporary_errors($errors);
redirect(url_for('premium'));
}
$messages = array();
$errors = array();
class PurchaseException extends Exception
{
}
if (require_post("months", false) || require_post("years", false)) {
try {
$months = require_post("months", false);
$years = require_post("years", false);
if (!is_numeric($months) || !is_numeric($years) || !($months > 0 || $years > 0) || $months > 99 || $years > 99) {
throw new PurchaseException(t("Invalid period selection."));
}
$cost = 0;
if ($months > 0) {
$cost += wrap_number(get_premium_price($currency, 'monthly') * $months, 8);
}
if ($years > 0) {
$cost += wrap_number(get_premium_price($currency, 'yearly') * $years, 8);
}
if ($cost == 0) {
throw new PurchaseException(t("Could not calculate any cost"));
}
// find an unused $currency address and register it to the system
$q = db()->prepare("SELECT * FROM premium_addresses WHERE is_used=0 AND currency=?");
<?php
/**
* Admin status page: jobs
*/
require_admin();
require __DIR__ . "/../layout/templates.php";
$messages = array();
$errors = array();
if (require_post("submit", false)) {
$q = db()->prepare("DELETE FROM pending_subscriptions");
$q->execute(array());
$messages[] = "Deleted all pending subscription and unsubscription requests.";
}
page_header("Admin: Pending Subscription Requests", "page_admin_subscribe");
?>
<h1>Pending Subscription Requests</h1>
<p class="backlink"><a href="<?php
echo htmlspecialchars(url_for('admin'));
?>
">< Back to Site Status</a></p>
<h2>Pending Subscriptions</h2>
<textarea rows="10" cols="60"><?php
$q = db()->prepare("SELECT users.email FROM pending_subscriptions JOIN users ON pending_subscriptions.user_id=users.id AND is_subscribe=1");
$q->execute();
while ($email = $q->fetch()) {
echo htmlspecialchars($email['email']) . ", ";
}
break;
default:
throw new Exception("Unknown new notification type '" . htmlspecialchars($notification_type) . "'");
}
$permitted_notification_periods = get_permitted_notification_periods();
if (!isset($permitted_notification_periods[require_post("period")])) {
throw new Exception("Invalid notification period '" . htmlspecialchars(require_post("period")) . "'");
}
// remove any commas
$value = number_unformat(require_post("value"));
if (!is_numeric($value)) {
throw new Exception("'" . htmlspecialchars($value) . "' is not numeric");
}
$args = array("user_id" => user_id(), "type_id" => $type_id, "trigger_condition" => require_post("condition"), "trigger_value" => $value, "is_percent" => require_post("percent", 0) ? 1 : 0, "period" => require_post("period"), "notification_type" => $notification_type);
if (require_post("id", false)) {
// update existing
// need to also reset last_value and is_notified so that we don't accidentally send notifications for an old currency
$q = db()->prepare("UPDATE notifications SET notification_type=:notification_type, trigger_condition=:trigger_condition, trigger_value=:trigger_value, is_percent=:is_percent, period=:period, type_id=:type_id, is_notified=0, last_value=NULL, last_notification=NULL WHERE id=:id AND user_id=:user_id");
$args += array('id' => $instance['id']);
$q->execute($args);
$messages[] = t("Updated existing notification.");
} else {
// create new
$q = db()->prepare("INSERT INTO notifications SET notification_type=:notification_type, trigger_condition=:trigger_condition, trigger_value=:trigger_value, is_percent=:is_percent, period=:period, type_id=:type_id, is_notified=0, user_id=:user_id");
$q->execute($args);
$messages[] = t("Created new notification.");
}
// redirect
set_temporary_messages($messages);
set_temporary_errors($errors);
$user = get_user(user_id());
$messages = array();
$errors = array();
// perform post logic
if (require_post("id", false)) {
$id = (int) require_post("id");
$q = db()->prepare("DELETE FROM finance_accounts WHERE user_id=? AND id=?");
$q->execute(array(user_id(), $id));
$q = db()->prepare("UPDATE transactions SET account_id=null WHERE user_id=? AND exchange=? AND account_id=?");
$q->execute(array(user_id(), 'account', $id));
$messages[] = t("Deleted finance account.");
}
if (require_post("title", false)) {
$title = (string) require_post("title");
$description = (string) require_post("description", "");
$gst = (string) require_post("gst", "");
// make sure no existing title exists
$q = db()->prepare("SELECT * FROM finance_accounts WHERE user_id=? AND title=?");
$q->execute(array(user_id(), $title));
if ($q->fetch()) {
$errors[] = t("An account with the title ':title' already exists.", array(":title" => $title));
}
if (!can_user_add($user, "finance_accounts")) {
$errors[] = "Cannot add finance account: too many existing finance accounts." . ($user['is_premium'] ? "" : " To add more finance accounts, upgrade to a <a href=\"" . htmlspecialchars(url_for('premium')) . "\">premium account</a>.");
}
if (!$errors) {
$q = db()->prepare("INSERT INTO finance_accounts SET title=:title, description=:description, gst=:gst, user_id=:user_id");
$q->execute(array('title' => $title, 'description' => $description, 'gst' => $gst, 'user_id' => user_id()));
$messages[] = t("Added new finance account.");
}
}
<th><label for="user_name"><?php
echo ht("Name:");
?>
</label></th>
<td><input id="user_name" name="name" size="32" value="<?php
echo htmlspecialchars(require_post("name", $user['name'] ? $user['name'] : false));
?>
" size="32" maxlength="64"></td>
</tr>
<tr>
<th><label for="user_email"><?php
echo ht("E-mail:");
?>
</label></th>
<td><input id="user_email" name="email" size="48" value="<?php
echo htmlspecialchars(require_post("email", $user['email'] ? $user['email'] : false));
?>
" size="32" maxlength="64"></td>
</tr>
<tr>
<th></th>
<td><label><input type="checkbox" name="disable_graph_refresh" value="1"<?php
echo $user['disable_graph_refresh'] ? " checked" : "";
?>
> <?php
echo ht("Disable automatic graph refresh");
?>
</label></td>
</tr>
<tr>
<th></th>
<?php
throw new Exception("This functionality is currently unavailable.");
$email = trim(require_post("email", require_get("email", false)));
$hash = require_post("hash", require_get("hash", false));
$password = require_post("password", require_get("password", false));
if ($password && !is_string($password)) {
throw new Exception(t("Invalid password parameter"));
}
$password2 = require_post("password2", require_get("password2", false));
if ($password2 && !is_string($password2)) {
throw new Exception(t("Invalid repeated password parameter"));
}
$messages = array();
$errors = array();
if ($email && $password) {
if (!$hash) {
$errors[] = t("No hash specified.");
}
if ($password && (strlen($password) < 6 || strlen($password) > 255)) {
$errors[] = t("Please select a password between :min-:max characters long.", array(':min' => 6, ':max' => 255));
}
if ($password && $password != $password2) {
$errors[] = t("Those passwords do not match.");
}
// check the request hash
$q = db()->prepare("SELECT * FROM users WHERE email=? AND ISNULL(password_hash) = 0");
$q->execute(array($email));
$user = $q->fetch();
if (!$user) {
$errors[] = t("No such user account exists.");
$users = $q->fetchAll();
?>
<h1>Users Report</h1>
<p class="backlink"><a href="<?php
echo htmlspecialchars(url_for('admin'));
?>
">< Back to Site Status</a></p>
<form action="<?php
echo htmlspecialchars(url_for('admin_user_list'));
?>
" method="post">
<label>Search: <input type="text" maxlength="128" size="32" name="search" value="<?php
echo htmlspecialchars(require_post("search", ""));
?>
"></label>
<input type="submit" value="Search">
</form>
<form action="<?php
echo htmlspecialchars(url_for('admin_user_list'));
?>
" method="post">
<input type="hidden" name="search" value="">
<input type="submit" value="Reset">
</form>
<form action="<?php
echo htmlspecialchars(url_for('admin_user_list'));
}
// process 'create_creator'
if (require_post('create_creator', false) && require_post('id', false)) {
// does one exist?
$q = db()->prepare("SELECT * FROM transaction_creators WHERE user_id=? AND exchange=? AND account_id=?");
$q->execute(array(user_id(), $account_data['exchange'], require_post("id")));
if ($q->fetch()) {
// enable the existing one
$q = db()->prepare("UPDATE transaction_creators SET is_disabled=0,is_disabled_manually=0 WHERE user_id=? AND exchange=? AND account_id=?");
$q->execute(array(user_id(), $account_data['exchange'], require_post("id")));
} else {
// insert a new one that's enabled
$q = db()->prepare("INSERT INTO transaction_creators SET user_id=?,exchange=?,account_id=?");
$q->execute(array(user_id(), $account_data['exchange'], require_post("id")));
}
$messages[] = t("Enabled transaction creation for :title; transactions will soon be automatically created for this :label.", array(':title' => $account_data['title'], ':label' => $account_data['label']));
set_temporary_messages($messages);
redirect(url_for(require_post("callback")));
}
// process 'reset_creator'
if (require_post('reset_creator', false) && require_post('id', false)) {
// delete all existing creators
$q = db()->prepare("DELETE FROM transaction_creators WHERE user_id=? AND exchange=? AND account_id=?");
$q->execute(array(user_id(), $account_data['exchange'], require_post("id")));
// delete all existing transactions
$q = db()->prepare("DELETE FROM transactions WHERE user_id=? AND exchange=? AND account_id=?");
$q->execute(array(user_id(), $account_data['exchange'], require_post("id")));
$messages[] = t("Removed all transactions for :title.", array(':title' => $account_data['title']));
set_temporary_messages($messages);
redirect(url_for(require_post("callback")));
}
</label></th>
<td><input type="text" name="title" size="18" maxlength="64" value="<?php
echo htmlspecialchars(require_post("title", ""));
?>
"> <?php
echo ht("(optional)");
?>
</td>
</tr>
<tr>
<th><label for="address"><?php
echo htmlspecialchars($account_data['titles']);
?>
:</label></th>
<td><textarea name="addresses" rows="5" cols="36"><?php
echo htmlspecialchars(require_post("addresses", ""));
?>
</textarea><br><small><?php
echo ht("(One address per line.)");
?>
</small></td>
</tr>
<tr>
<td colspan="2" class="buttons">
<input type="hidden" name="currency" value="<?php
echo htmlspecialchars($account_data['currency']);
?>
">
<input type="submit" name="add" value="<?php
echo ht("Add addresses");
?>
/**
* Admin post callback for generating SQL statements for getting all user account data
* that can then be used to export.
*/
require_admin();
require __DIR__ . "/../layout/templates.php";
require __DIR__ . "/../layout/graphs.php";
$messages = array();
$errors = array();
page_header("Admin: Export User", "page_admin_user_export");
$id = require_post("id");
$filename = require_post("filename", "exported.sql");
$dbname = require_post("dbname", "clerk");
$username = require_post("username", "clerk");
$password = require_post("password", "clerk");
?>
<h1>Export User</h1>
<p class="backlink"><a href="<?php
echo htmlspecialchars(url_for('admin_user_list'));
?>
">< Back to User List</a></p>
<form action="<?php
echo htmlspecialchars(url_for("admin_user_export"));
?>
" method="post">
<table class="standard">
<tr>
<?php
/**
* Allows users to delete OAuth2 locations from their account.
*/
require_login();
$messages = array();
$errors = array();
$uid = require_post("uid");
$provider = require_post("provider");
// make sure we aren't deleting our last identity
$q = db()->prepare("SELECT COUNT(*) AS c FROM user_oauth2_identities WHERE user_id=?");
$q->execute(array(user_id()));
$count = $q->fetch();
// or we have an OpenID identity
$q = db()->prepare("SELECT * FROM user_openid_identities WHERE user_id=? LIMIT 1");
$q->execute(array(user_id()));
$openid = $q->fetch();
// or we have a password hash
$q = db()->prepare("SELECT * FROM user_passwords WHERE user_id=?");
$q->execute(array(user_id()));
$password_hash = $q->fetch();
if ($count['c'] <= 1 && !$password_hash && !$openid) {
$errors[] = t("Cannot remove that OAuth2 identity; at least one identity must be defined.");
set_temporary_messages($messages);
set_temporary_errors($errors);
redirect(url_for('user#user_openid'));
}
$user = \Users\User::getInstance(db());
\Users\UserOAuth2::removeIdentity(db(), $user, $provider, $uid);
$messages[] = t("Removed OAuth2 identity ':identity'.", array(':identity' => $provider));
$date = (string) require_post("date");
$account = (int) require_post("account", false);
$category = (int) require_post("category", false);
$description = (string) require_post("description", "");
$reference = (string) require_post("reference", "");
$value1 = (string) require_post("value1");
$currency1 = (string) require_post("currency1");
$value2 = (string) require_post("value2", false);
$currency2 = (string) require_post("currency2", false);
if (!$value2) {
$value2 = null;
}
if (!$currency2) {
$currency2 = null;
}
$page_args = require_post("page_args", false);
$messages = array();
$errors = array();
if (!in_array($currency1, get_all_currencies())) {
$errors[] = t("':currency' is not a valid currency", array(':currency' => $currency1));
}
if (!strtotime($date)) {
$errors[] = t("':date' is not a valid date", array(':date' => $date));
}
if (!$value1) {
$errors[] = t("You need to specify a transaction value.");
}
if ($value2 && !$currency2) {
$errors[] = t("You need to select a second currency in order to add a second transaction amount.");
}
// insert
<?php
/**
* Allows users to delete OpenID locations from their account.
*/
require_login();
$messages = array();
$errors = array();
$identity = require_post("identity");
// make sure we aren't deleting our last identity
$q = db()->prepare("SELECT COUNT(*) AS c FROM user_openid_identities WHERE user_id=?");
$q->execute(array(user_id()));
$count = $q->fetch();
// or we have an OAuth2 identity
$q = db()->prepare("SELECT * FROM user_oauth2_identities WHERE user_id=? LIMIT 1");
$q->execute(array(user_id()));
$oauth2 = $q->fetch();
// or we have a password hash
$q = db()->prepare("SELECT * FROM user_passwords WHERE user_id=?");
$q->execute(array(user_id()));
$password_hash = $q->fetch();
if ($count['c'] <= 1 && !$password_hash && !$oauth2) {
$errors[] = t("Cannot remove that OpenID identity; at least one identity must be defined.");
set_temporary_messages($messages);
set_temporary_errors($errors);
redirect(url_for('user#user_openid'));
}
$user = \Users\User::getInstance(db());
\Users\UserOpenID::removeIdentity(db(), $user, $identity);
$messages[] = t("Removed OpenID identity ':identity'.", array(':identity' => $identity));
set_temporary_messages($messages);
<?php
/**
* An admin tool to generate a page with example graphs of every type.
*/
require __DIR__ . "/../layout/graphs.php";
require_login();
require_admin();
$page_id = require_post("page");
$messages = array();
$errors = array();
// check that we own this page
$q = db()->prepare("SELECT * FROM graph_pages WHERE id=? AND user_id=?");
$q->execute(array($page_id, user_id()));
if (!$q->fetch()) {
throw new Exception("You do not own that graph page.");
}
// delete all old graphs
$q = db()->prepare("DELETE FROM graphs WHERE page_id=?");
$q->execute(array($page_id));
// now go through all graphs
$count = 0;
foreach (graph_types() as $key => $graph_type) {
if (isset($graph_type['category']) && $graph_type['category'] || isset($graph_type['subcategory']) && $graph_type['subcategory']) {
// add a new heading
$graph = array('page_id' => $page_id, 'graph_type' => 'heading', 'arg0' => 0, 'width' => 1, 'height' => 1, 'page_order' => $count, 'days' => 45, 'string0' => "Category: " . $graph_type['title']);
} else {
$graph = array('page_id' => $page_id, 'graph_type' => $key, 'arg0' => 0, 'width' => isset($graph_type['default_width']) ? $graph_type['default_width'] : get_site_config('default_user_graph_width'), 'height' => isset($graph_type['default_height']) ? $graph_type['default_height'] : get_site_config('default_user_graph_height'), 'page_order' => $count, 'days' => 45, 'string0' => '');
}
$q = db()->prepare("INSERT INTO graphs SET page_id=:page_id, graph_type=:graph_type, arg0=:arg0, width=:width, height=:height, page_order=:page_order, days=:days, string0=:string0");
$q->execute($graph);
