Esempio n. 1
0
 public static function run()
 {
     $o = self::getInstance();
     $SID = $_COOKIE["SID"];
     if (!$SID) {
         return null;
     }
     try {
         if ($SID && !preg_match("/^[a-z0-9]+\$/", $SID)) {
             throw new Exception("SID contains incorrect characters");
         }
         $SID = preg_replace("/[^a-z0-9]/", "", $SID);
         if (!$SID) {
             throw new Exception("SID is empty");
         }
         if ($rw = DB::f1("select * from users_sessions where sid=:SID", array("SID" => $SID))) {
             $rw_session = $rw;
         } else {
             throw new Exception("Auth session not found");
         }
         $Q = new UsersExec();
         $Q->where("id", $rw_session["user_id"]);
         if ($rw = $Q->f1()) {
             $user = $rw;
             $user["rw_session"] = $rw;
             if ($user["settings"]["rememberme"]) {
                 setcookie("SID", $SID, time() + $o->CONFIG["rememberme_time"], "/", $o->CONFIG["cookie_domain"]);
             } else {
                 setcookie("SID", $SID, 0, "/", $o->CONFIG["cookie_domain"]);
             }
             if ($o->CONFIG["enable_online"]) {
                 $online_file = $o->CONFIG["online_cache_dir"] . "/" . (int) (time() / $o->CONFIG["online_interval"]) % 2 . "/" . $user->id;
                 touch($online_file);
             }
             $o->user = $user;
             return true;
         } else {
             throw new Exception("User id=" . $rw_session["user_id"] . " not found");
         }
     } catch (Exception $e) {
         DEBUG::log("Auth Exception: " . $e->getMessage(), __CLASS__);
         if ($SID) {
             DB::q("delete from users_sessions where sid=:SID", array("SID" => $SID));
         }
         $_COOKIE["SID"] = "";
         setcookie("SID", "", time() - 86400, "/", $o->CONFIG["cookie_domain"]);
     }
 }
Esempio n. 2
0
 public function run_overall()
 {
     $user_id = $this->app->CHDATA[$this->app->CID]["user_id"];
     if ($user_id) {
         if ($this->app->getUser("id") == $user_id) {
             return $this->displayUser($this->app->getUser());
         } else {
             $Q = new UsersExec();
             $Q->where("id", $user_id);
             if ($user = $Q->f1()) {
                 return $this->displayUser($user);
             } else {
                 $this->app->setError("<!--[User_not_found]-->");
                 return false;
             }
         }
     } else {
         $this->app->CID = "main";
         return true;
     }
 }
 protected function action_write_message_do()
 {
     $formData = $_REQUEST["formData"];
     $to_user_id = (int) $_REQUEST["to"];
     if (!$to_user_id) {
         throw new Exception("<!--[No_user]-->");
     }
     $Q = new UsersExec();
     $Q->where("id", $to_user_id);
     $rw = $Q->f1();
     if (!$rw) {
         throw new Exception("<!--[User]--> " . $to_user_id . " doesn't exist");
     }
     if (!$formData["title"]) {
         throw new Exception("<!--[Enter_message_title]-->");
     }
     if (!$formData["text"]) {
         throw new Exception("<!--[Enter_message_text]-->");
     }
     if (DB::q("insert into messages(`id`,`from`,`to`,`title`,`text`,`dt`) values('',:from,:to,:title,:text,:dt)", array("from" => $this->app->getUser("id"), "to" => $to_user_id, "title" => $formData["title"], "text" => $formData["text"], "dt" => time()))) {
         $this->app->setSuccess("<!--[Message_sent]-->", 5, $this->app->makeLink(array("CID" => "people", "user_id" => $to_user_id)));
         return array("success" => "<!--[Message_sent]-->", "return" => true);
     } else {
         throw new Exception("<!--[Failed_sending_message]-->");
     }
 }