public static function run() { $o = self::getInstance(); $SID = $_COOKIE["SID"]; if (!$SID) { return null; } try { if ($SID && !preg_match("/^[a-z0-9]+\$/", $SID)) { throw new Exception("SID contains incorrect characters"); } $SID = preg_replace("/[^a-z0-9]/", "", $SID); if (!$SID) { throw new Exception("SID is empty"); } if ($rw = DB::f1("select * from users_sessions where sid=:SID", array("SID" => $SID))) { $rw_session = $rw; } else { throw new Exception("Auth session not found"); } $Q = new UsersExec(); $Q->where("id", $rw_session["user_id"]); if ($rw = $Q->f1()) { $user = $rw; $user["rw_session"] = $rw; if ($user["settings"]["rememberme"]) { setcookie("SID", $SID, time() + $o->CONFIG["rememberme_time"], "/", $o->CONFIG["cookie_domain"]); } else { setcookie("SID", $SID, 0, "/", $o->CONFIG["cookie_domain"]); } if ($o->CONFIG["enable_online"]) { $online_file = $o->CONFIG["online_cache_dir"] . "/" . (int) (time() / $o->CONFIG["online_interval"]) % 2 . "/" . $user->id; touch($online_file); } $o->user = $user; return true; } else { throw new Exception("User id=" . $rw_session["user_id"] . " not found"); } } catch (Exception $e) { DEBUG::log("Auth Exception: " . $e->getMessage(), __CLASS__); if ($SID) { DB::q("delete from users_sessions where sid=:SID", array("SID" => $SID)); } $_COOKIE["SID"] = ""; setcookie("SID", "", time() - 86400, "/", $o->CONFIG["cookie_domain"]); } }
public function run_overall() { $user_id = $this->app->CHDATA[$this->app->CID]["user_id"]; if ($user_id) { if ($this->app->getUser("id") == $user_id) { return $this->displayUser($this->app->getUser()); } else { $Q = new UsersExec(); $Q->where("id", $user_id); if ($user = $Q->f1()) { return $this->displayUser($user); } else { $this->app->setError("<!--[User_not_found]-->"); return false; } } } else { $this->app->CID = "main"; return true; } }
protected function action_write_message_do() { $formData = $_REQUEST["formData"]; $to_user_id = (int) $_REQUEST["to"]; if (!$to_user_id) { throw new Exception("<!--[No_user]-->"); } $Q = new UsersExec(); $Q->where("id", $to_user_id); $rw = $Q->f1(); if (!$rw) { throw new Exception("<!--[User]--> " . $to_user_id . " doesn't exist"); } if (!$formData["title"]) { throw new Exception("<!--[Enter_message_title]-->"); } if (!$formData["text"]) { throw new Exception("<!--[Enter_message_text]-->"); } if (DB::q("insert into messages(`id`,`from`,`to`,`title`,`text`,`dt`) values('',:from,:to,:title,:text,:dt)", array("from" => $this->app->getUser("id"), "to" => $to_user_id, "title" => $formData["title"], "text" => $formData["text"], "dt" => time()))) { $this->app->setSuccess("<!--[Message_sent]-->", 5, $this->app->makeLink(array("CID" => "people", "user_id" => $to_user_id))); return array("success" => "<!--[Message_sent]-->", "return" => true); } else { throw new Exception("<!--[Failed_sending_message]-->"); } }