function Users_user_validate()
{
Q_Valid::nonce(true);
$type = isset($_REQUEST['identifierType']) ? $_REQUEST['identifierType'] : Q_Config::get("Users", "login", "identifierType", "email,mobile");
$parts = explode(',', $type);
$accept_mobile = true;
$expected = 'email address or mobile number';
$fields = array('emailAddress', 'mobileNumber', 'identifier');
if (count($parts) === 1) {
if ($parts[0] === 'email') {
$expected = 'email address';
$fields = array('emailAddress', 'identifier');
$accept_mobile = false;
} else {
if ($parts[0] === 'mobile') {
$expected = 'mobile number';
$fields = array('mobileNumber', 'identifier');
}
}
}
if (!isset($_REQUEST['identifier'])) {
throw new Q_Exception("a valid {$expected} is required", $fields);
}
if (!Q_Valid::email($_REQUEST['identifier'])) {
if (!$accept_mobile) {
throw new Q_Exception("a valid {$expected} is required", $fields);
}
if (!Q_Valid::phone($_REQUEST['identifier'])) {
throw new Q_Exception("a valid {$expected} is required", $fields);
}
}
}
function Streams_invite_validate()
{
if (Q_Request::method() === 'PUT') {
return;
}
if (Q_Request::method() !== 'GET') {
Q_Valid::nonce(true);
}
$fields = array('publisherId', 'streamName');
if (Q_Request::method() === 'POST') {
if (Q_Valid::requireFields($fields)) {
return;
}
foreach ($fields as $f) {
if (strlen(trim($_REQUEST[$f])) === 0) {
Q_Response::addError(new Q_Exception("{$f} can't be empty", $f));
}
}
}
if (isset($_REQUEST['fullName'])) {
$length_min = Q_Config::get('Streams', 'inputs', 'fullName', 'lengthMin', 5);
$length_max = Q_Config::get('Streams', 'inputs', 'fullName', 'lengthMax', 30);
if (strlen($_REQUEST['fullName']) < $length_min) {
throw new Q_Exception("A user's full name can't be that short.", 'fullName');
}
if (strlen($_REQUEST['fullName']) > $length_max) {
throw new Q_Exception("A user's full name can't be that long.", 'fullName');
}
}
}
function Users_account_validate()
{
Q_Valid::nonce(true);
$birthday_year = $birthday_month = $birthday_day = null;
extract($_REQUEST);
$field_names = array('firstName' => 'First name', 'lastName' => 'Last name', 'username' => 'Username', 'gender' => 'Your gender', 'desired_gender' => 'Gender preference', 'orientation' => 'Orientation', 'relationship_status' => 'Status', 'zipcode' => 'Zipcode');
foreach ($field_names as $name => $label) {
if (isset($_POST[$name]) and !$_POST[$name]) {
Q_Response::addError(new Q_Exception_RequiredField(array('field' => $label), $name));
}
}
if (isset($birthday_year)) {
if (!checkdate($birthday_month, $birthday_day, $birthday_year)) {
$field = 'Birthday';
$range = 'a valid date';
Q_Response::addError(new Q_Exception_WrongValue(compact('field', 'range'), 'birthday'));
}
}
global $Q_installing;
if (isset($username) and isset($Q_installing)) {
try {
Q::event('Users/validate/username', compact('username'));
} catch (Exception $e) {
Q_Response::addError($e);
}
}
}
function Streams_interest_validate($params)
{
// Protect against CSRF attacks:
if (Q_Request::method() !== 'GET') {
Q_Valid::nonce(true);
}
}
function Users_account_post()
{
Q_Session::start();
Q_Valid::nonce(true);
extract($_REQUEST);
// Implement the action
$user = Users::loggedInUser(true);
}
function Streams_publisher_validate($params)
{
// Protect against CSRF attacks:
Q_Valid::nonce(true);
$type = Streams::requestedType();
if ($type && Q::canHandle("Streams/validate/{$type}")) {
return Q::event("Streams/validate/{$type}", $params);
}
}
function Users_register_validate()
{
Q_Valid::nonce(true);
foreach (array('identifier', 'username', 'icon') as $field) {
if (!isset($_REQUEST[$field])) {
throw new Q_Exception("{$field} is missing", array($field));
}
}
}
function Users_importContacts_validate()
{
Q_Valid::nonce(true);
if (empty($_GET['provider'])) {
throw new Q_Exception('No provider specified');
}
if (!Q::canHandle('Users/importContacts/providers/' . $_GET['provider'])) {
throw new Q_Exception('Unsupported provider specified: ' . $_GET['provider']);
}
}
/**
* Post one or more fields here to change the corresponding basic streams for the logged-in user. Fields can include:
* "firstName": specify the first name directly
* "lastName": specify the last name directly
* "fullName": the user's full name, which if provided will be split into first and last name and override them
* "gender": the user's gender
* "birthday_year": the year the user was born
* "birthday_month": the month the user was born
* "birthday_day": the day the user was born
*/
function Streams_basic_post()
{
Q_Valid::nonce(true);
$user = Users::loggedInUser(true);
$request = $_REQUEST;
$fields = array();
if (!empty($request['birthday_year']) && !empty($request['birthday_month']) && !empty($request['birthday_day'])) {
$request['birthday'] = sprintf("%04d-%02d-%02d", $_REQUEST['birthday_year'], $_REQUEST['birthday_month'], $_REQUEST['birthday_day']);
}
// $request['icon'] = $user->icon;
if (isset($request['fullName'])) {
$name = Streams::splitFullName($request['fullName']);
$request['firstName'] = $name['first'];
$request['lastName'] = $name['last'];
}
foreach (array('firstName', 'lastName', 'birthday', 'gender') as $field) {
if (isset($request[$field])) {
$fields[] = $field;
}
}
$p = new Q_Tree();
$p->load(STREAMS_PLUGIN_CONFIG_DIR . DS . 'streams.json');
$p->load(APP_CONFIG_DIR . DS . 'streams.json');
$names = array();
foreach ($fields as $field) {
$names[] = "Streams/user/{$field}";
}
$streams = Streams::fetch($user, $user->id, $names);
foreach ($fields as $field) {
$name = "Streams/user/{$field}";
$type = $p->get($name, "type", null);
if (!$type) {
throw new Q_Exception("Missing {$name} type", $field);
}
$title = $p->get($name, "title", null);
if (!$title) {
throw new Q_Exception("Missing {$name} title", $field);
}
$stream = $streams[$name];
if (isset($stream) and $stream->content === (string) $request[$field]) {
continue;
}
if (!isset($stream)) {
$stream = new Streams_Stream();
$stream->publisherId = $user->id;
$stream->name = $name;
}
$messageType = $stream->wasRetrieved() ? 'Streams/changed' : 'Streams/created';
$stream->content = (string) $request[$field];
$stream->type = $type;
$stream->title = $title;
$stream->changed($user->id, $messageType);
}
}
function Streams_stream_validate($params)
{
// Protect against CSRF attacks:
if (Q_Request::method() !== 'GET') {
Q_Valid::nonce(true);
}
$type = Streams::requestedType();
if ($type && Q::canHandle("Streams/validate/{$type}")) {
return Q::event("Streams/validate/{$type}", $params);
}
}
function Users_login_validate()
{
if (Q_Request::method() === 'GET') {
return;
}
Q_Valid::nonce(true);
foreach (array('identifier', 'passphrase') as $field) {
if (!isset($_REQUEST[$field])) {
throw new Q_Exception("{$field} is missing", array($field));
}
}
}
function Streams_access_put($params)
{
$user = Users::loggedInUser(true);
Q_Valid::nonce(true);
$publisherId = Streams::requestedPublisherId(true);
$streamName = Streams::requestedName(true);
$stream = Streams::fetchOne($user->id, $publisherId, $streamName);
if (!$stream) {
throw new Q_Exception_MissingRow(array('table' => 'stream', 'criteria' => 'with that name'));
}
if (!$stream->testAdminLevel('own')) {
throw new Users_Exception_NotAuthorized();
}
$p = array_merge($_REQUEST, $params);
$access = new Streams_Access();
$access->publisherId = $stream->publisherId;
$access->streamName = $stream->name;
$access->ofUserId = Q::ifset($_REQUEST, 'ofUserId', '');
$access->ofContactLabel = Q::ifset($_REQUEST, 'ofContactLabel', '');
if (empty($access->ofUserId) and empty($access->ofContactLabel)) {
$fields = array('grantedByUserId', 'filter', 'readLevel', 'writeLevel', 'adminLevel', 'permissions');
foreach ($fields as $field) {
if (isset($p[$field])) {
$stream->{$field} = $p[$field];
}
}
$stream->save();
return;
}
$access->retrieve();
$fields = array('grantedByUserId', 'filter', 'readLevel', 'writeLevel', 'adminLevel', 'permissions');
foreach ($fields as $field) {
if (isset($p[$field])) {
$access->{$field} = $p[$field];
}
}
$defaults = array('grantedByUserId' => $user->id, 'readLevel' => -1, 'writeLevel' => -1, 'adminLevel' => -1);
foreach ($defaults as $k => $v) {
if (!isset($access->{$k})) {
$access->{$k} = $v;
}
}
$access->save();
Streams::$cache['access'] = $access;
}
function Streams_register_validate()
{
Q_Valid::nonce(true);
$fields = Users::loggedInUser() ? array('fullName') : array('identifier', 'fullName', 'icon');
foreach ($fields as $field) {
if (!isset($_REQUEST[$field])) {
throw new Q_Exception("{$field} is missing", array($field));
}
}
$length_min = Q_Config::get('Streams', 'inputs', 'fullName', 'lengthMin', 5);
$length_max = Q_Config::get('Streams', 'inputs', 'fullName', 'lengthMax', 30);
if (strlen($_REQUEST['fullName']) < $length_min) {
throw new Q_Exception("Your full name can't be that short.", 'fullName');
}
if (strlen($_REQUEST['fullName']) > $length_max) {
throw new Q_Exception("Your full name can't be that long.", 'fullName');
}
}
function Users_activate_post()
{
Q_Valid::nonce(true);
$email = $mobile = $type = $user = null;
extract(Users::$cache, EXTR_IF_EXISTS);
if (isset($_REQUEST['passphrase'])) {
if (empty($_REQUEST['passphrase'])) {
throw new Q_Exception("You can't set a blank passphrase.", 'passphrase');
}
$isHashed = !empty($_REQUEST['isHashed']);
if ($isHashed and $isHashed !== 'true' and intval($_REQUEST['isHashed']) > 1) {
// this will let us introduce other values for isHashed in the future
throw new Q_Exception("Please set isHashed to 0 or 1", 'isHashed');
}
// Save the pass phrase even if there may be a problem adding an email later.
// At least the user will be able to log in.
$user->passphraseHash = $user->computePassphraseHash($_REQUEST['passphrase'], $isHashed);
Q_Response::setNotice("Users/activate/passphrase", "Your pass phrase has been saved.", true);
// Log the user in, since they were able to set the passphrase
Users::setLoggedInUser($user);
// This also saves the user.
if (empty($user->passphraseHash)) {
throw new Q_Exception("Please set a pass phrase on your account", 'passphrase', true);
}
}
if ($type) {
if ($type == 'email address') {
$user->setEmailAddress($email->address);
// may throw exception
} else {
if ($type == 'mobile number') {
$user->setMobileNumber($mobile->number);
// may throw exception
}
}
// Log the user in, since they have just added an email to their account
Users::setLoggedInUser($user);
// This also saves the user.
Q_Response::removeNotice('Users/activate/objects');
Q_Response::setNotice("Users/activate/activated", "Your {$type} has been activated.", true);
}
Users::$cache['passphrase_set'] = true;
Users::$cache['success'] = true;
}
function Streams_basic_validate()
{
Q_Valid::nonce(true);
if (Q_Request::method() !== 'POST') {
return;
}
$fields = array('firstName' => 'First name', 'lastName' => 'Last name', 'gender' => 'Gender', 'birthday_month' => 'Month', 'birthday_day' => 'Day', 'birthday_year' => 'Year');
if (isset($_REQUEST['fullName'])) {
$length_min = Q_Config::get('Streams', 'inputs', 'fullName', 'lengthMin', 5);
$length_max = Q_Config::get('Streams', 'inputs', 'fullName', 'lengthMax', 30);
if (strlen($_REQUEST['fullName']) < $length_min) {
Q_Response::addError(new Q_Exception("Your full name can't be that short.", 'fullName'));
}
if (strlen($_REQUEST['fullName']) > $length_max) {
Q_Response::addError(new Q_Exception("Your full name can't be that long.", 'fullName'));
}
}
if (Q_Response::getErrors()) {
return;
}
if (!empty($_REQUEST['birthday_month']) or !empty($_REQUEST['birthday_day']) or !empty($_REQUEST['birthday_year'])) {
foreach (array('birthday_month', 'birthday_day', 'birthday_year') as $field) {
if (empty($_REQUEST[$field]) or !trim($_REQUEST[$field])) {
throw new Q_Exception_RequiredField(compact('field'), $field);
}
}
if (!checkdate($_REQUEST['birthday_month'], $_REQUEST['birthday_day'], $_REQUEST['birthday_year'])) {
Q_Response::addError(new Q_Exception("Not a valid date", "birthday_day"));
}
if ($_REQUEST['birthday_year'] > date('Y') - 13) {
// compliance with COPPA
Q_Response::addError(new Q_Exception("You're still a kid.", "birthday_year"));
}
if ($_REQUEST['birthday_year'] < date('Y') - 100) {
Q_Response::addError(new Q_Exception("A world record? Really?", "birthday_year"));
}
}
if (!empty($_REQUEST['gender'])) {
if (!in_array($_REQUEST['gender'], array('male', 'female'))) {
Q_Response::addError(new Q_Exception("Please enter male or female", "gender"));
}
}
}
/**
* Used called internally, by event handlers to see if the requested
* URI requires a valid nonce to be submitted, to prevent CSRF attacks.
* @see Q_Valid::requireValidNonce
* @method requireValidNonce
* @static
* @throws {Q_Exception_FailedValidation}
*/
static function requireValidNonce()
{
$list = Q_Config::get('Q', 'web', 'requireValidNonce', array());
$uri = Q_Dispatcher::uri();
foreach ($list as $l) {
$parts = explode('/', $l);
if ($uri->module !== $parts[0]) {
continue;
}
if (isset($parts[1]) and $uri->action !== $parts[1]) {
continue;
}
return Q_Valid::nonce(true);
}
}
function Streams_participant_validate()
{
Q_Valid::nonce(true);
}
function Streams_publish_validate()
{
Q_Valid::nonce(true);
}
/**
* Get the logged-in user's information
* @method loggedInUser
* @static
* @param {boolean} [$throwIfNotLoggedIn=false]
* Whether to throw a Users_Exception_NotLoggedIn if no user is logged in.
* @param {boolean} [$startSession=true]
* Whether to start a PHP session if one doesn't already exist.
* @return {Users_User|null}
* @throws {Users_Exception_NotLoggedIn} If user is not logged in and
* $throwIfNotLoggedIn is true
*/
static function loggedInUser($throwIfNotLoggedIn = false, $startSession = true)
{
if ($startSession === false and !Q_Session::id()) {
return null;
}
Q_Session::start();
$nonce = Q_Session::$nonceWasSet or Q_Valid::nonce($throwIfNotLoggedIn, true);
if (!$nonce or !isset($_SESSION['Users']['loggedInUser']['id'])) {
if ($throwIfNotLoggedIn) {
throw new Users_Exception_NotLoggedIn();
}
return null;
}
$id = $_SESSION['Users']['loggedInUser']['id'];
$user = Users_User::fetch($id);
if (!$user and $throwIfNotLoggedIn) {
throw new Users_Exception_NotLoggedIn();
}
return $user;
}
function Users_contact_validate()
{
Q_Valid::nonce(true);
return Q::event('Users/user/validate');
}
