Esempio n. 1
0
 public static function sendMsg($data)
 {
     $database = new Database();
     $token = $data['token'];
     $send_by = USER_ID;
     $send_to = $data['send_to'];
     $value = $data['value'];
     if (strlen($value) <= 0) {
         die("Message can't be empty");
     }
     if (!Token::validateToken($token)) {
         die("Token value is invalid");
     }
     $blocked = User::blocked_by_user($send_to);
     //printX($blocked); exit;
     if (in_array($send_by, $blocked)) {
         return "You can't send messages to this user";
     }
     $data = array('user_id' => $send_to, 'sender_id' => $send_by, 'subject' => $value);
     $insertion = $database->insert_data(TABLE_MESSAGES, $data);
     if ($insertion === true) {
         die(json_encode(array('status' => '1', 'msg_id' => $database->lastId)));
     } else {
         die(json_encode($database->errors));
     }
 }
Esempio n. 2
0
 /**
  * inserts a new comment
  *
  * @param $data array
  *
  * @return int(id)|string(error)
  */
 public static function new_comment($data)
 {
     $database = new Database();
     $post = new Post();
     $PostID = $data['post_id'];
     $content = $data['content'];
     $token = $data['token'];
     if (empty(trim($content))) {
         die("Comment can't be empty");
     }
     $qna = new QNA();
     if (!is_object($qna->get_question($PostID)) && !is_array($post->get_post($PostID, true))) {
         die("Error! Post was not found.");
     }
     if (!Token::validateToken($token)) {
         die("Error! Please try again later");
     }
     unset($data['token']);
     $data['uid'] = USER_ID;
     $insert = $database->insert_data(TABLE_COMMENTS, $data);
     if ($insert === true && $database->error === false) {
         // success
         return (int) $database->lastId;
     } else {
         return array_shift($database->errors);
     }
 }
Esempio n. 3
0
 public function __construct()
 {
     $page = 'resetpassword';
     //check for error messages
     if (isset($_SESSION['error_message'])) {
         $er_msg = $_SESSION['error_message'];
     }
     // check if a session has been started to restrict navigation to resetpassword.php while logged in
     Auth::check();
     // validate token
     if (isset($_GET['token'])) {
         session_start();
         Token::validateToken($_GET['token']);
     }
     require_once 'views/resetpassword.php';
 }
Esempio n. 4
0
 /**
  * logs in a user
  *
  * @return boolean
  */
 public function login()
 {
     global $session;
     $this->props = $this->props['values'];
     // check token validation
     if (!Token::validateToken($this->props['auth_token'])) {
         $this->error = true;
         $this->errMsg = "Token is not valid.";
         return false;
     }
     $username = trim($this->props['username']);
     $password = trim($this->props['password']);
     if (empty($username) || empty($password)) {
         $this->error = true;
         $this->errMsg = "Username or Password can't be empty.";
         return false;
     }
     $user = self::getUserDetails($username);
     if (!$user) {
         $this->error = true;
         $this->errMsg = "Username or password is incorrect.";
         return false;
     }
     // if admin login
     if ($user->username == "admin") {
         // TODO: extra verifications for admin login
     }
     // match the user's password with the hashed one
     $pw_match = self::password_check($username, $password);
     // passwords don't match or username doesn't exist
     if (!is_object($user) || !$pw_match) {
         $this->error = true;
         $this->errMsg = "Username or password is incorrect.";
         return false;
     }
     if ($this->error) {
         return false;
     }
     // success, log the user in
     $session->login($user);
     return true;
 }
Esempio n. 5
0
 /**
  * changes user settings (usernane, email, password)
  *
  * @param array @data user settings values
  * @param ing @user_id (default is the id stored in session)
  *
  * @return boolean
  */
 public function changeSettings($data, $user_id = USER_ID)
 {
     $database = new Database();
     if (!is_array($data)) {
         return false;
     }
     //print_r($data); exit;
     $id = $user_id;
     // check token validation
     if (!Token::validateToken($data['auth_token'])) {
         $this->error = true;
         $this->errors[] = "Token is not valid.";
         return false;
     }
     // check if old password is passed
     if (!isset($data['old_password'])) {
         $this->errors['old_password'] = "******";
         $this->error = true;
         return false;
     } else {
         $pw = $data['old_password'];
     }
     // verify password
     if (!Auth::password_check($id, $pw)) {
         $this->errors['old_password'] = "******";
         $this->error = true;
         return false;
     }
     // array of data to be updated
     $newData = [];
     // no need for this anymore
     unset($data['old_password']);
     $username = isset($data['username']) ? $data['username'] : false;
     $email = isset($data['email']) ? $data['email'] : false;
     $pw1 = isset($data['password']) ? $data['password'] : false;
     $pw2 = isset($data['repassword']) ? $data['repassword'] : false;
     // at least one field should be changed
     if (!$username && !$email && !$pw1) {
         $this->errors[] = "No data to be changed.";
         $this->error = true;
         return false;
     }
     // get user details by his id
     $user = Auth::getUserDetails($id);
     // if the given username is different than the one in the database
     // check if it exists in another row
     if ($username && $username !== $user->username) {
         if (!Auth::form_check("username", $username)) {
             $this->errors['username'] = "******";
             $this->error = true;
         }
         // check unsername length
         if (strlen($username) > 15) {
             $this->error = true;
             $this->errors['username'] = "******";
         } elseif (strlen($username) < 4) {
             $this->error = true;
             $this->errors['username'] = "******";
         }
         // check username allowed characters
         if (preg_match('/[^a-z_\\-0-9]/i', $username)) {
             $this->error = true;
             $this->errors['username'] = "******";
         }
         $newData['username'] = $username;
     }
     // the same for email
     if ($email && $email !== $user->email) {
         if (!Auth::form_check("email", $email)) {
             $this->errors['email'] = "email already exists.";
             $this->error = true;
         }
         // validate email
         if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
             $this->error = true;
             $this->errors['email'] = "email is not valid";
         }
         $newData['email'] = $email;
     }
     // username and email are passed, check for password change
     if ($pw1 && $pw2) {
         // if password 1 doesn't match password 2
         if ($pw1 !== $pw2) {
             $this->errors[] = "Passwords don't match.";
             $this->error = true;
             return false;
         }
         // check password length
         if (strlen($pw1) < 4) {
             $this->error = true;
             $this->errors['password'] = "******";
             return false;
         }
         $pw = password_hash($pw1, PASSWORD_BCRYPT);
         $newData['password'] = $pw;
     }
     if ($this->error) {
         return false;
     }
     // no errors, we have the new data, update the table
     // get fields and values from the data array
     $fields = array_keys($newData);
     $values = array_values($newData);
     $update = $database->update_data(TABLE_INFO, $fields, $values, 'id', $id);
     if ($update !== true) {
         // if something went wrong while updating
         return $database->errors;
     }
     return true;
 }
Esempio n. 6
0
     $uid = $_POST['id'];
     die(View::userCard($uid));
     break;
 case 'feed_post':
     $id = $_GET['id'];
     die(View::getFeedPost($id));
     break;
 case 'feed':
     $data = $_POST;
     unset($data['action']);
     $user_id = $data['user_id'] ?? USER_ID;
     $content = $data['content'];
     $token = $data['token'];
     $now = getNow();
     // check token validation
     if (!Token::validateToken($token)) {
         die(json_encode(['status' => false, 'err' => 'Token is not valid.']));
     }
     $database = new Database();
     $data = ['user_id' => $user_id, 'content' => $content, 'poster_id' => USER_ID, 'date' => $now];
     $insert = $database->insert_data(TABLE_ACTIVITY, $data);
     if ($insert === true) {
         $id = $database->lastId;
         die(json_encode(['status' => true, 'id' => $id]));
     }
 case 'get_post':
     $id = sanitize_id($_GET['id']);
     $post = new Post();
     $comment = $post->get_post($id);
     if (is_object($comment)) {
         die(json_encode($comment));
Esempio n. 7
0
     if ($delete === true) {
         // delete success
         $session->logout();
         echo "1";
     } else {
         echo json_encode($user->errors);
     }
     break;
     // update user profile info
 // update user profile info
 case 'update_info':
     $database = new Database();
     $data = $_POST['values'];
     unset($_POST);
     // check token validation
     if (!Token::validateToken($data['auth_token'])) {
         die(json_encode("Token is not valid."));
     }
     unset($data['auth_token']);
     // check maximum length
     foreach ($data as $k => $v) {
         if (strlen($v) > 30) {
             die(json_encode('Input is too long.'));
         }
     }
     $fields = array_keys($data);
     $values = array_values($data);
     $update = $database->update_data("students", $fields, $values, "id", USER_ID);
     if ($update === true) {
         // delete success
         echo "1";