public function getListAction() { $request = $_GET; $token = isset($request['TOKEN']) ? trim($request['TOKEN']) : null; $lastDate = isset($request['lastDate']) ? $request['lastDate'] : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')]; } if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')]; } $stream = BuckysPost::getUserPostsStream($userID, $lastDate); //Format Result Data $result = []; foreach ($stream as $post) { if ($post['pageID'] != BuckysPost::INDEPENDENT_POST_PAGE_ID) { $pageIns = new BuckysPage(); $pageData = $pageIns->getPageByID($post['pageID']); } $pagePostFlag = false; if (isset($pageData)) { $pagePostFlag = true; } $item = []; $item['articleId'] = $post['postID']; $item['posterId'] = $post['poster']; $item['articleImage'] = ""; $item['articleVideo'] = ""; $item['articleVideoId'] = ""; if ($pagePostFlag) { $item['posterName'] = $pageData['title']; $item['posterThumbnail'] = buckys_not_null($pageData['logo']) ? THENEWBOSTON_SITE_URL . DIR_WS_PHOTO . "users/" . $pageData['userID'] . "/resized/" . $pageData['logo'] : THENEWBOSTON_SITE_URL . DIR_WS_IMAGE . "newPagePlaceholder.jpg"; } else { $item['posterName'] = $post['posterFullName']; $item['posterThumbnail'] = THENEWBOSTON_SITE_URL . BuckysUser::getProfileIcon($post['poster']); } $item['postedDate'] = buckys_api_format_date($userID, $post['post_date']); $item['purePostedDate'] = $post['post_date']; $item['articleContent'] = $post['content']; if ($post['type'] == 'video') { $item['articleVideo'] = $post['youtube_url']; $item['articleVideoId'] = buckys_get_youtube_video_id($post['youtube_url']); } else { if ($post['type'] == 'image') { $item['articleImage'] = THENEWBOSTON_SITE_URL . DIR_WS_PHOTO . 'users/' . $post['poster'] . '/resized/' . $post['image']; } } $item['articleLikes'] = $post['likes']; $item['articleComments'] = $post['comments']; $item['isLiked'] = !$post['likeID'] ? "no" : "yes"; $result[] = $item; } return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ["STATUS" => "SUCCESS", "RESULT" => $result]]; }
public function markReadNotificationAction() { $data = $_POST; $token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')]; } if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')]; } if (BuckysActivity::markReadNotifications($userID, $data['postID'])) { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS']]; } else { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('There was an error to mark read.')]; } }
public function getFriendListAction() { global $TNB_GLOBALS, $db; $data = $_POST; $keyword = isset($data['keyword']) ? $data['keyword'] : null; $token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null; $sort = "pop"; $page = isset($data['page']) ? $data['page'] : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')]; } if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')]; } //Search Results $searchIns = new BuckysSearch(); $pageIns = new BuckysPage(); $pageFollowerIns = new BuckysPageFollower(); $db_results = $searchIns->search($keyword, BuckysSearch::SEARCH_TYPE_USER_AND_PAGE, $sort, $page); $results = []; foreach ($db_results as $item) { if ($item['type'] == "user") { //Getting Detail Information $query = $db->prepare("SELECT \n u.firstName, \n u.lastName, \n u.userID, \n u.thumbnail, \n u.current_city, \n u.current_city_visibility,\n f.friendID \n FROM \n " . TABLE_USERS . " AS u\n LEFT JOIN " . TABLE_FRIENDS . " AS f ON f.userID=%d AND f.userFriendID=u.userID AND f.status='1'\n WHERE u.userID=%d", $userID, $item['userID']); $data = $db->getRow($query); if ($data['friendID']) { $row = []; $row['id'] = $item['userID']; $row['name'] = $data['firstName'] . " " . $data['lastName']; $row['description'] = $data['current_city_visibility'] ? $data['current_city'] : ""; $row['friendType'] = "user"; $row['thumbnail'] = THENEWBOSTON_SITE_URL . BuckysUser::getProfileIcon($data); $results[] = $row; } } } return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ["STATUS" => "SUCCESS", "RESULT" => $results]]; }
public function deleteAccountAction() { $data = $_POST; $token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')]; } if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')]; } $current = BuckysUser::getUserData($userID); if (!buckys_validate_password($data['password'], $current['password'])) { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result('Current password is incorrect.')]; } else { if (BuckysUser::deleteUserAccount($userID)) { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS']]; } else { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('There was an error to saving your information.')]; } } exit; }
public function deleteAction() { $data = $_POST; $token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')]; } if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')]; } if (BuckysFriend::delete($userID, $data['friendId'])) { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS']]; } else { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('There was an error to send your message.')]; } }
/** * Create new password and send it to user * * @param String $email */ public function resetPassword($email) { global $db; $email = trim($email); if (!$email) { buckys_redirect('/register.php?forgotpwd=1', MSG_EMPTY_EMAIL, MSG_TYPE_ERROR); return; } //Check Email Address if (!preg_match("/^([a-zA-Z0-9])+([a-zA-Z0-9\\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\\._-]+)+\$/", $email)) { buckys_redirect('/register.php?forgotpwd=1', MSG_INVALID_EMAIL, MSG_TYPE_ERROR); return false; } $query = $db->prepare("SELECT userID FROM " . TABLE_USERS . " WHERE email=%s", $email); $userID = $db->getVar($query); if (!$userID) { buckys_redirect('/register.php?forgotpwd=1', MSG_EMAIL_NOT_FOUND, MSG_TYPE_ERROR); return false; } $data = BuckysUser::getUserData($userID); //Remove Old Token BuckysUsersToken::removeUserToken($userID, 'password'); //Create New Token $token = BuckysUsersToken::createNewToken($userID, 'password'); $link = "http://" . $_SERVER['HTTP_HOST'] . "/reset_password.php?token=" . $token; //Send an email to user with the link $title = "Reset your password."; $body = "Dear " . $data['firstName'] . " " . $data['lastName'] . "\n\n" . "Please reset your password by using the below link:\n" . $link . "\n\nBuckysroom.com"; require_once DIR_FS_INCLUDES . "phpMailer/class.phpmailer.php"; buckys_sendmail($data['email'], $data['firstName'] . " " . $data['lastName'], $title, $body); buckys_redirect('/register.php', MSG_RESET_PASSWORD_EMAIL_SENT, MSG_TYPE_SUCCESS); return; }
public function composeMessageAction() { $data = $_POST; $token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')]; } if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')]; } $param['userID'] = $userID; $param['to'] = $data['to']; $param['subject'] = $data['subject']; $param['body'] = $data['body']; if (BuckysMessage::sendMessage($param)) { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS']]; } else { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('There was an error to send your message.')]; } }
buckys_redirect('/index.php', !$info['token'] ? MSG_ACCOUNT_BANNED : MSG_ACCOUNT_NOT_VERIFIED, MSG_TYPE_ERROR); } else { //Login Success //Clear Login Attempts BuckysTracker::clearLoginAttemps(); //Restart Session session_regenerate_id(true); $_SESSION['userID'] = $info['userID']; //Init Some Session Values $_SESSION['converation_list'] = []; //Create Login Cookie Token $login_token = hash('sha256', time() . buckys_generate_random_string(20, true) . time()); $login_token_secure = md5($login_token); //Store Login Token BuckysUsersToken::removeUserToken($info['userID'], "auth"); BuckysUsersToken::createNewToken($info['userID'], "auth", $login_token_secure); //Slice the login token to three pieces $login_token_piece1 = substr($login_token, 0, 20); $login_token_piece2 = substr($login_token, 20, 20); $login_token_piece3 = substr($login_token, 40); //If website is using SSL, use secure cookies if (SITE_USING_SSL == true) { setcookie('COOKIE_KEEP_ME_NAME1', base64_encode($login_token_piece1), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true); setcookie('COOKIE_KEEP_ME_NAME2', base64_encode($login_token_piece3), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true); setcookie('COOKIE_KEEP_ME_NAME3', base64_encode($login_token_piece2), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN, true, true); } else { setcookie('COOKIE_KEEP_ME_NAME1', base64_encode($login_token_piece1), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN); setcookie('COOKIE_KEEP_ME_NAME2', base64_encode($login_token_piece3), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN); setcookie('COOKIE_KEEP_ME_NAME3', base64_encode($login_token_piece2), time() + COOKIE_LIFETIME, "/", TNB_DOMAIN); } buckys_redirect($returnUrl ? base64_decode($returnUrl) : '/account.php');
<?php require dirname(__FILE__) . '/includes/bootstrap.php'; //Getting Current User ID $userID = buckys_is_logged_in(); //If the parameter is null, goto homepage if ($userID) { buckys_redirect('/account.php'); } $token = isset($_REQUEST['token']) ? $_REQUEST['token'] : ''; if (!$token) { buckys_redirect('/index.php', MSG_INVALID_REQUEST, MSG_TYPE_ERROR); } if (!($userID = BuckysUsersToken::checkTokenValidity($token, 'password'))) { buckys_redirect('/register.php?forgotpwd=1', MSG_USER_TOKEN_LINK_NOT_CORRECT, MSG_TYPE_ERROR); } if (isset($_POST['action']) && $_POST['action'] == 'reset-password') { if (!$_POST['password'] || !$_POST['password']) { buckys_add_message(MSG_EMPTY_PASSWORD, MSG_TYPE_ERROR); } else { if ($_POST['password'] != $_POST['password']) { buckys_add_message(MSG_NOT_MATCH_PASSWORD, MSG_TYPE_ERROR); } else { $pwd = buckys_encrypt_password($_POST['password']); BuckysUser::updateUserFields($userID, ['password' => $pwd]); buckys_redirect('/index.php', MSG_PASSWORD_UPDATED); } } } buckys_enqueue_stylesheet('register.css'); buckys_enqueue_javascript('register.js');
public function followAction() { $data = $_POST; $token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null; $pageID = isset($data['pageID']) ? $data['pageID'] : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')]; } if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')]; } $pageFollowerIns = new BuckysPageFollower(); $result = $pageFollowerIns->addFollower($pageID, $userID); if ($result) { $count = $pageFollowerIns->getNumberOfFollowers($pageID); return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ["STATUS" => "SUCCESS", "MESSAGE" => MSG_FOLLOW_PAGE_SUCCESS, "FOLLOWERS" => $count . " follower" . ($count > 1 ? "s" : "")]]; } else { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_FOLLOW_PAGE_FAIL)]; } }
/** * Check Cookie values for keep me signed in */ function buckys_check_cookie_for_login() { global $db; if (isset($_COOKIE['COOKIE_KEEP_ME_NAME1']) && isset($_COOKIE['COOKIE_KEEP_ME_NAME2']) && isset($_COOKIE['COOKIE_KEEP_ME_NAME3'])) { $token1 = base64_decode($_COOKIE['COOKIE_KEEP_ME_NAME1']); $token3 = base64_decode($_COOKIE['COOKIE_KEEP_ME_NAME2']); $token2 = base64_decode($_COOKIE['COOKIE_KEEP_ME_NAME3']); $login_token = md5($token1 . $token2 . $token3); if ($userID = BuckysUsersToken::checkTokenValidity($login_token, "auth")) { $query = $db->prepare("SELECT userID FROM users WHERE userID=%s AND status=1", $userID); $userID = $db->getVar($query); if ($userID) { $_SESSION['userID'] = $userID; //Init Some Session Values $_SESSION['converation_list'] = []; return $userID; } } //Remove Cookies setcookie('COOKIE_KEEP_ME_NAME1', null, time() - 1000, "/", TNB_DOMAIN); setcookie('COOKIE_KEEP_ME_NAME2', null, time() - 1000, "/", TNB_DOMAIN); setcookie('COOKIE_KEEP_ME_NAME3', null, time() - 1000, "/", TNB_DOMAIN); } return false; }
public function likePostAction() { $data = $_POST; $token = isset($data['TOKEN']) ? trim($data['TOKEN']) : null; $postID = isset($data['postID']) ? $data['postID'] : null; $actionType = isset($data['actionType']) ? $data['actionType'] : null; if (!$token) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result('Api token should not be blank')]; } if (!($userID = BuckysUsersToken::checkTokenValidity($token, "api"))) { return ['STATUS_CODE' => STATUS_CODE_UNAUTHORIZED, 'DATA' => buckys_api_get_error_result('Api token is not valid.')]; } if (!$postID || !$actionType) { return ['STATUS_CODE' => STATUS_CODE_BAD_REQUEST, 'DATA' => buckys_api_get_error_result(MSG_INVALID_REQUEST)]; } $post = BuckysPost::getPostById($postID); if (!$post || $post['post_status'] != 1) { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result(MSG_INVALID_REQUEST)]; exit; } $r = BuckysPost::likePost($userID, $postID, $actionType, false); $message = buckys_get_pure_messages(); if (!$r) { return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => buckys_api_get_error_result($message)]; exit; } else { $likes = BuckysPost::getPostLikesCount($postID); return ['STATUS_CODE' => STATUS_CODE_OK, 'DATA' => ['STATUS' => 'SUCCESS', 'MESSAGE' => $message, 'LIKES' => $likes, 'isLiked' => $actionType == 'likePost' ? 'yes' : 'no']]; } }