public function create($request)
{
$data = $request->getParameters();
if (isset($data['submitLogin']) && !Session::isActive()) {
$is_admin = isset($data['is_admin']) && $data['is_admin'] == 1;
$username = Utils::secure($data['username']);
$password = Utils::secure($data['pass']);
if (User::find_by_username($username)) {
$user = User::find_by_username($username);
$current_log_fail = $user->getLogFails();
if (!$user->isAllowedToAttemptLogin()) {
$next_timestamp = $current_log_fail['next_try'];
$last_try_timestamp = $current_log_fail['last_try'];
$nb_try = $current_log_fail['nb_try'];
$next_try_tps = $next_timestamp - Utils::tps();
$next_try_min = floor($next_try_tps / 60);
$next_try_sec = round($next_try_tps - $next_try_min * 60);
$next_try_str = "{$next_try_min} m et {$next_try_sec} s";
$data = isset($data['redirect']) ? ['redirect' => $data['redirect']] : [];
$data['currentPageTitle'] = 'Connexion';
$response = !$is_admin ? new ViewResponse('login/login', $data) : new ViewResponse('admin/login/login', $data, true, 'layouts/admin_login.php', 401);
$response->addMessage(ViewMessage::error($nb_try . " tentatives de connexions à la suite pour ce compte. Veuillez patienter {$next_try_str}"));
return $response;
}
$realPass = User::find_by_username($username)->getPassword();
if (password_verify($password, $realPass)) {
User::connect($username, 1);
$user->resetLogFails();
return new RedirectResponse($data['redirect'] ? urldecode($data['redirect']) : WEBROOT);
} else {
if (sha1($password) == $realPass) {
$user->resetLogFails();
User::connect($username, 1)->setPassword(password_hash($password, PASSWORD_BCRYPT));
return new RedirectResponse($data['redirect'] ? urldecode($data['redirect']) : WEBROOT);
}
if (!$user->isIntervalBetweenTwoLogAttemptElapsed() || !$current_log_fail) {
$user->addLogFail();
} else {
$user->resetLogFails();
$user->addLogFail();
}
$data = isset($data['redirect']) ? ['redirect' => $data['redirect']] : [];
$data['currentPageTitle'] = 'Connexion';
$response = !$is_admin ? new ViewResponse('login/login', $data) : new ViewResponse('admin/login/login', $data, true, 'layouts/admin_login.php', 401);
$response->addMessage(ViewMessage::error('Mot de passe incorrect'));
return $response;
}
} else {
$data = isset($data['redirect']) ? ['redirect' => $data['redirect']] : [];
$data['currentPageTitle'] = 'Connexion';
$response = !$is_admin ? new ViewResponse('login/login', $data) : new ViewResponse('admin/login/login', $data, true, 'layouts/admin_login.php', 401);
$response->addMessage(ViewMessage::error('Ce nom d\'utilisateur n\'existe pas'));
return $response;
}
}
}
public function create($request)
{
$req = $request->getParameters();
if (isset($req['post-message-submit'], $req['channel'], $req['post-content']) && Session::isActive()) {
$channelId = $req['channel'];
$channel = UserChannel::exists($channelId) ? UserChannel::find($channelId) : UserChannel::find_by_name($channelId);
if (is_object($channel) && $channel->belongToUser(Session::get()->id)) {
$postContent = $req['post-content'];
$postContent = trim($postContent);
if (!empty($postContent)) {
$post = $channel->postMessage($postContent);
$postData = array('id' => $post->id, 'channel_id' => $post->channel_id, 'content' => Utils::secure($post->content), 'timestamp' => $post->timestamp);
return new JsonResponse($postData);
}
}
}
return new Response(500);
}
public function create($request)
{
$req = $request->getParameters();
$data = $req;
$data['current'] = 'channels';
$name = @Utils::secure($req['name']);
$descr = @Utils::secure($req['description']);
if (isset($req['createChannelSubmit']) && Session::isActive()) {
$data = array();
$data['currentPageTitle'] = 'Créer une chaine';
if (isset($req['name'], $req['description'])) {
if (strlen($name) >= 3 && strlen($name) <= 40) {
if (preg_match("#^[a-zA-Z0-9\\_\\-\\.]+\$#", $name)) {
if (UserChannel::isNameFree($name)) {
UserChannel::addNew($name, $descr, $req['_FILES_']['avatar'], $req['_FILES_']['background']);
$data['channels'] = Session::get()->getOwnedChannels();
$data['currentPageTitle'] = 'Mes chaines';
$response = new ViewResponse('account/channels', $data);
$response->addMessage(ViewMessage::success('Votre nouvelle chaîne a bien été créée ! Faites-en bon usage !'));
return $response;
} else {
$response = new ViewResponse('channel/create', $data);
$response->addMessage(ViewMessage::error('Ce nom de chaine est déjà utilisé.'));
return $response;
}
} else {
$response = new ViewResponse('channel/create', $data);
$response->addMessage(ViewMessage::error('Le nom de la chaîne doit contenir uniquement des lettres (majuscules et minuscules), des traits-d\'union, des _ et des points.'));
return $response;
}
} else {
$response = new ViewResponse('channel/create', $data);
$response->addMessage(ViewMessage::error('Le nom de la chaîne doit être compris entre 3 et 40 caractères.'));
return $response;
}
} else {
$response = new ViewResponse('channel/create', $data);
$response->addMessage(ViewMessage::error('Tous les champs doivent être remplis.'));
return $response;
}
}
$response = new ViewResponse('channel/create', $data);
return $response;
}
public function create($request)
{
$params = $request->getParameters();
if (Session::isActive()) {
if (isset($params['channel-id']) && UserChannel::exists(Utils::secure($params['channel-id']))) {
$channel = UserChannel::find(Utils::secure($params['channel-id']));
if (!$channel->hasLiveAccess() && $channel->belongToUser(Session::get()->id)) {
$access = LiveAccess::create(array('channel_id' => $channel->id, 'user_id' => Session::get()->id, 'key' => hash_hmac('sha256', mt_rand(), mt_rand()), 'timestamp' => time()));
return new RedirectResponse(WEBROOT . 'lives');
exit;
//return new JsonResponse(array('key' => $access->key, 'channel' => $channel->name, 'id' => $access->id));
} else {
return new Response(500);
}
} else {
return new Response(500);
}
} else {
return Utils::getUnauthorizedResponse();
}
}
public function create($request)
{
if (Session::isActive()) {
$req = $request->getParameters();
Session::get()->last_visit = Utils::tps();
Session::get()->save();
if (isset($req['sender'], $req['conversation'], $req['content']) && !empty($req['conversation']) && !empty($req['sender']) && !empty($req['content'])) {
$sender = Utils::secure($req['sender']);
$conversation = Utils::secure($req['conversation']);
$content = Utils::secure($req['content']);
$channel = UserChannel::exists($sender) ? UserChannel::find($sender) : false;
if ($channel && $channel->belongToUser(Session::get()->id) && ($conv = Conversation::find($conversation))) {
if (!$conv->containsChannel($channel)) {
return Utils::getUnauthorizedResponse();
}
$message = Message::sendNew($sender, $conversation, $content);
$messageData = array('id' => $message->id, 'avatar' => $channel->getAvatar(), 'pseudo' => $channel->name, 'text' => $content, 'mine' => 'true');
return new JsonResponse($messageData);
}
}
}
return new Response(500);
}
public function create($request)
{
$req = $request->getParameters();
if (isset($req['commentSubmit'], $req['from-channel'], $req['video-id']) && Session::isActive()) {
$channelId = Utils::secure($req['from-channel']);
$min_timestamp = Utils::tps() - Config::getValue_("time_between_comments");
if (Comment::exists(array('conditions' => array("poster_id=? AND timestamp > ?", $channelId, $min_timestamp)))) {
return new Response(500);
}
if (UserChannel::exists($channelId) && UserChannel::find($channelId)->belongToUser(Session::get()->id)) {
$content = Utils::secure($req['comment-content']);
$content = trim($content);
$parent = isset($req['parent']) ? Utils::secure($req['parent']) : '';
if (!empty($content)) {
$vidId = Utils::secure($req['video-id']);
$comment = Comment::postNew($channelId, $vidId, $content, $parent);
$commentData = array('id' => $comment->id, 'author' => UserChannel::find($comment->poster_id)->name, 'video_id' => $vidId, 'comment' => $content, 'relativeTime' => Utils::relative_time($comment->timestamp), 'likes' => $comment->likes, 'dislikes' => $comment->dislikes);
return new JsonResponse($commentData);
}
}
}
return new Response(500);
}
<div class="row">
<h1>Dashboard</h1>
<div class="col-lg-3 col-sm-6 col-xs-12">
<div class="thumbnail">
<img src="<?php
echo StaffContact::getImageName(Session::get());
?>
" alt="Avatar">
<div class="caption">
<h3><?php
echo Utils::secure(StaffContact::getShownName(Session::get()));
?>
</h3>
<p><?php
echo Utils::secure(StaffContact::getDescription(Session::get()));
?>
<a href="<?php
echo WEBROOT . 'admin/staffContactDetails/edit_public_infos/';
?>
" class="btn btn-primary" role="button">Changer mes infos officielles</a>
</p>
<p>
</p>
</div>
</div>
</div>
<div class="col-lg-6 col-sm-6 col-xs-12">
<?php
foreach ($storage_server as $srv) {
?>
include VIEW . 'layouts/messages_bootstrap.php';
?>
<form action="<?php
echo WEBROOT;
?>
admin/ticketlevels/edit_users" method="post">
<input type="hidden" name="_method" value="PUT">
<?php
foreach ($users as $user) {
$lvls_id = $user->getAssignedLevelsIds();
?>
<div class="col-md-3">
<div class="well">
<div class="form-group">
<label><?php
echo Utils::secure(StaffContact::getShownName($user));
?>
</label>
<?php
foreach ($levels as $level) {
$checked = in_array($level->id, $lvls_id) ? 'checked' : '';
?>
<div class="checkbox">
<label>
<input name="<?php
echo $level->id . '_' . $user->id;
?>
" type="checkbox" <?php
echo $checked;
?>
><?php
function displayComments($video, $parent, $i)
{
$comments = $video->getComments($parent);
if (empty($comments)) {
?>
<p>Aucun commentaire à propos de cette video</p>
<?php
}
foreach ($comments as $comment) {
$comment->comment = Utils::makeLinks(Utils::secure($comment->comment));
$margin = $i * 8;
?>
<div style="width: <?php
echo 100 - $margin;
?>
%; margin-left:<?php
echo $margin;
?>
%" class="comment" id="c-<?php
echo $comment->id;
?>
">
<div class="comment-head">
<div class="user">
<img src="<?php
echo UserChannel::find($comment->poster_id)->getAvatar();
?>
" alt="[Avatar]">
<a href="<?php
echo WEBROOT . 'channel/' . UserChannel::find($comment->poster_id)->name;
?>
"><?php
echo UserChannel::getNameById($comment->poster_id);
?>
</a>
</div>
<div class="date">
<p><?php
echo Utils::relative_time($comment->timestamp);
echo $comment->last_updated_timestamp ? ' (Edité ' . Utils::relative_time($comment->last_updated_timestamp) . ')' : '';
?>
</p>
</div>
</div>
<div class="comment-text">
<p style="word-wrap:break-word"><?php
echo $comment->comment;
?>
</p>
</div>
<div class="comment-notation">
<ul>
<li class="plus" id="plus-<?php
echo $comment->id;
?>
" onclick="likeComment('<?php
echo $comment->id;
?>
')">+<?php
echo $comment->likes;
?>
</li>
<li class="moins" id="moins-<?php
echo $comment->id;
?>
" onclick="dislikeComment('<?php
echo $comment->id;
?>
')">-<?php
echo $comment->dislikes;
?>
</li>
<li onclick="reportComment('<?php
echo $comment->id;
?>
', this)" style="cursor:pointer">Signaler</li>
<li onclick="document.location.href='#comments';document.getElementById('response').innerHTML='<b>Répondre à <?php
echo UserChannel::getNameById($comment->poster_id);
?>
:</b>';document.getElementById('textarea-comment').focus();document.getElementById('parent-comment').value='<?php
echo $comment->id;
?>
';" style="cursor:pointer">Répondre</li>
<?php
if (Session::isActive() && (Session::get()->isModerator() || Session::get()->isAdmin() || $comment->getAuthor()->belongToUser(Session::get()->id))) {
?>
<li onclick="editComment('<?php
echo $comment->id;
?>
', this)" style="cursor:pointer">Editer</li>
<?php
}
?>
<?php
if (Session::isActive() && (Session::get()->isModerator() || Session::get()->isAdmin() || $video->getAuthor()->belongToUser(Session::get()->id) || $comment->getAuthor()->belongToUser(Session::get()->id))) {
?>
<li onclick="deleteComment('<?php
echo $comment->id;
?>
', this)" style="cursor:pointer">Supprimer</li>
<?php
}
?>
</ul>
</div>
</div>
<?php
if (Comment::count(array('conditions' => array('parent = ?', $comment->id))) >= 1) {
displayComments($video, $comment->id, $i + 1);
}
}
}
echo $k % 2 != 0 ? 'class="timeline-inverted"' : '';
?>
>
<?php
echo $new->getBadge();
?>
<div class="timeline-panel">
<div class="timeline-heading">
<h4 class="timeline-title"><?php
echo $new->title;
?>
</h4>
<p><small class="text-muted"><i class="fa fa-clock-o"></i> <?php
echo Utils::relative_time($new->timestamp) . " par " . Utils::secure(StaffContact::getShownName($new->user));
?>
</small>
</p>
</div>
<div class="timeline-body">
<p><?php
echo $new->content;
?>
</p>
<?php
if ($new->belongsToUser(Session::get())) {
?>
<div id="modal_<?php
echo $new->id;
?>
private function mail($ticket, $message)
{
if ($ticket->user_id !== '0') {
$username = User::exists(array('id' => $ticket->user_id)) ? ' ' . User::find($ticket->user_id)->username : '';
$to = User::exists(array('id' => $ticket->user_id)) ? User::find($ticket->user_id)->email : $ticket->user_id;
$subject = '[DreamVids] Avancement de votre demande d\'assistance #' . $ticket->id;
$message = str_replace('{{tech}}', Utils::secure(StaffContact::getShownName(Session::get())), $message);
$message = "Bonjour{$username},\r\n\r\n{$message}\r\n\r\nCordialement,\r\nL'équipe DreamVids.";
$headers = 'From: DreamVids <*****@*****.**>';
mail($to, $subject, utf8_decode($message), $headers);
}
}
public function update($id, $request)
{
if (!Session::isActive()) {
return new RedirectResponse(Utils::generateLoginURL());
}
$req = $request->getParameters();
$data = $req;
$data['current'] = 'account';
$data['email'] = Session::get()->email;
$data['currentPageTitle'] = 'Mon compte';
if ($id == 'infos') {
if (isset($req['profileSubmit']) && Session::isActive()) {
$user = Session::get();
$currentMail = Session::get()->email;
$currentUsername = Session::get()->username;
if (isset($req['email']) && $req['email'] != $currentMail) {
$newMail = Utils::secure($req['email']);
if (Utils::validateMail($newMail)) {
$user->email = $newMail;
$user->save();
$data['email'] = $newMail;
} else {
$response = new ViewResponse('account/profile', $data);
$response->addMessage(ViewMessage::error('L\'adresse E-Mail n\'est pas valide'));
return $response;
}
}
if (isset($req['username']) && $req['username'] != $currentUsername) {
$newUsername = Utils::secure($req['username']);
if (Utils::validateUsername($newUsername) && !User::exists(array('username' => $newUsername)) && !UserChannel::exists(['name' => $newUsername])) {
$channel = Session::get()->getMainChannel();
$user->username = $newUsername;
$user->save();
$channel->name = $newUsername;
$channel->save();
$data['username'] = $newUsername;
} else {
$response = new ViewResponse('account/profile', $data);
$response->addMessage(ViewMessage::error('Le nom d\'utilisateur doit être disponible, contenir uniquement des lettres, des chiffres, des points, des traits d\'union et des _ et doit être compris entre 3 et 40 caractères.'));
return $response;
}
}
$response = new ViewResponse('account/profile', $data);
$response->addMessage(ViewMessage::success('Préférences enregistrées !'));
return $response;
}
}
if ($id == 'password') {
if (isset($req['passwordSubmit']) && Session::isActive()) {
if (isset($req['newPass']) && isset($req['newPassConfirm']) && isset($req['currentPass'])) {
if ($req['newPass'] == $req['newPassConfirm']) {
$currentPass = $req['currentPass'];
$newPass = $req['newPass'];
$data = $req;
$data['current'] = 'password';
if (password_verify($currentPass, Session::get()->pass)) {
Session::get()->setPassword(password_hash($newPass, PASSWORD_BCRYPT));
$response = new ViewResponse('account/password', $data);
$response->addMessage(ViewMessage::success('Préférences enregistrées !'));
return $response;
} else {
$response = new ViewResponse('account/password', $data);
$response->addMessage(ViewMessage::error('Le mot de passe actuel est erroné'));
return $response;
}
} else {
$response = new ViewResponse('account/password', $data);
$response->addMessage(ViewMessage::error('Les mots de passe ne sont pas identiques'));
return $response;
}
}
}
}
if ($id == 'volume') {
$data = $req;
Session::get()->setSoundSetting($data["volume"]);
return new Response(200);
}
if ($id == 'definition') {
$data = $req;
Session::get()->setDefinitionSetting($data["definition"]);
return new Response(200);
}
if ($id == 'notifications') {
$data = $request->getParameters();
$data['current'] = 'notifications';
Session::get()->setNotificationSettings($data);
$data = array_merge($data, Session::get()->getNotificationSettings());
$response = new ViewResponse('account/notifications', $data);
$response->addMessage(ViewMessage::success("Paramètres de notifications sauvegardés"));
return $response;
}
if ($id == 'language') {
$data['currentPageTitle'] = "Paramètre de langues";
$data['current'] = 'language';
Session::get()->setLanguageSetting($req['language']);
$data['settings'] = Session::get()->getSettings();
$data['avaiable_languages'] = Translator::getLanguagesList();
$data['lang_setting'] = Session::get()->getLanguageSetting();
return new RedirectResponse('account/language', $data);
} else {
return new ViewResponse('account/profile', $data);
}
}
private function executeAction($request, $controller, $uriParameters)
{
$is_admin = false;
if (isset($uriParameters[0]) && $uriParameters[0] == "admin") {
unset($uriParameters[0]);
$is_admin = true;
$uriParameters = array_values($uriParameters);
}
switch ($request->getMethod()) {
case Method::GET:
// Example: /posts/
if (count($uriParameters) < 1 || $is_admin && count($uriParameters) < 2) {
if ($controller->isActionAllowed(Action::INDEX)) {
$response = call_user_func_array(array($controller, 'index'), array($request));
Utils::sendResponse($response);
} else {
Utils::getForbiddenResponse()->send();
}
} else {
if (count($uriParameters) == 2) {
// Example: /posts/latest --> calls the 'latest' method from controller
if (method_exists($controller, $uriParameters[1]) || $is_admin) {
if (!$this->isCallableAsAction($uriParameters[1])) {
$response = Utils::getForbiddenResponse();
} else {
unset($uriParameters[0]);
$response = call_user_func_array(array($controller, $uriParameters[1]), array($request));
}
Utils::sendResponse($response);
} else {
if ($controller->isActionAllowed(Action::GET)) {
$response = call_user_func_array(array($controller, 'get'), array($uriParameters[1], $request));
Utils::sendResponse($response);
} else {
Utils::getForbiddenResponse()->send();
}
}
} else {
if (count($uriParameters) > 2) {
// Example: /posts/recents/4 --> calls recents(4) from PostsController, to retrive the 4 most recent posts
if (method_exists($controller, $uriParameters[1]) || $is_admin) {
$methodName = $uriParameters[1];
unset($uriParameters[0]);
unset($uriParameters[1]);
if (!$this->isCallableAsAction($methodName)) {
$response = Utils::getForbiddenResponse();
} else {
$response = call_user_func_array(array($controller, $methodName), array_merge($uriParameters, array($request)));
}
Utils::sendResponse($response);
} else {
$methodName = $uriParameters[2];
if (method_exists($controller, $methodName)) {
unset($uriParameters[0]);
unset($uriParameters[2]);
if (!$this->isCallableAsAction($methodName)) {
$response = Utils::getForbiddenResponse();
} else {
$response = call_user_func_array(array($controller, $methodName), array(Utils::secureArray($uriParameters), $request));
}
Utils::sendResponse($response);
} else {
Utils::getNotFoundResponse()->send();
}
}
}
}
}
break;
case Method::POST:
if ($controller->isActionAllowed(Action::CREATE)) {
$request->setParameters(array_merge($_POST, array('_FILES_' => $_FILES)));
$response = call_user_func_array(array($controller, 'create'), array($request));
Utils::sendResponse($response);
} else {
Utils::getForbiddenResponse()->send();
}
break;
case Method::PUT:
if (count($uriParameters) == 2) {
if ($controller->isActionAllowed(Action::UPDATE)) {
$parameters = array();
parse_str(file_get_contents('php://input'), $parameters);
$request->setParameters($parameters);
if (empty($parameters) && !empty($_POST)) {
// If the request is not a real PUT request but needs to be handled like one (html form)
$request->setParameters(array_merge($_POST, array('_FILES_' => $_FILES)));
}
$response = call_user_func_array(array($controller, 'update'), array(Utils::secure($uriParameters[1]), $request));
Utils::sendResponse($response);
} else {
Utils::getForbiddenResponse()->send();
}
}
break;
case Method::DELETE:
if (count($uriParameters) == 2) {
if ($controller->isActionAllowed(Action::DESTROY)) {
$parameters = array();
parse_str(file_get_contents('php://input'), $parameters);
$request->setParameters($parameters);
if (empty($parameters) && !empty($_POST)) {
// If the request is not a real DELETE request but needs to be handled like one (html form)
$request->setParameters($_POST);
}
$response = call_user_func_array(array($controller, 'destroy'), array(Utils::secure($uriParameters[1]), $request));
Utils::sendResponse($response);
} else {
Utils::getForbiddenResponse()->send();
}
}
break;
default:
break;
}
}
public static function secureArray($array)
{
$secureArray = array();
foreach ($array as $key => $value) {
if (is_string($value)) {
$secureArray[$key] = Utils::secure($value);
}
}
return $secureArray;
}
public function create($request)
{
if (Session::isActive()) {
$req = $request->getParameters();
if (isset($req['members'], $req['creator'], $req['subject']) && !empty($req['members']) && !empty($req['creator'])) {
$membersStr = Utils::secure($req['members']);
$creator = Utils::secure($req['creator']);
$subject = Utils::secure($req['subject']);
$subject = !empty($subject) ? $subject : 'Sans titre';
if ($sender = UserChannel::find($creator)) {
if (Utils::stringStartsWith($membersStr, ';')) {
$membersStr = substr_replace($membersStr, '', 0, 1);
}
if (Utils::stringEndsWith($membersStr, ';')) {
$membersStr = substr_replace($membersStr, '', -1);
}
$membersStr = preg_replace('/\\s+/', '', $membersStr);
$membersIdsFinal = ';';
if (strpos($membersStr, ';')) {
foreach (explode(';', $membersStr) as $destId) {
if ($dest = UserChannel::find_by_name($destId)) {
$membersIdsFinal .= $dest->id . ';';
} else {
$response = new Response(500);
$response->setBody('Error: Le destinataire <' . $destId . '> n\'existe pas !');
return $response;
}
}
} else {
if ($chann = UserChannel::find_by_name($membersStr)) {
$membersIdsFinal .= $chann->id . ';';
} else {
$response = new Response(500);
$response->setBody('Error: les destinataires doivent être séparés par un \';\' !');
return $response;
}
}
if ($membersIdsFinal != ';') {
$membersIdsFinal .= $sender->id . ';';
Conversation::createNew($subject, $sender, $membersIdsFinal);
return new Response(200);
}
}
}
}
return new Response(500);
}
public function main()
{
//loadLanguageFile('play');
//include '../lang/English.php';
include '../lang/English.php';
$username = $this->request[0];
if (isset($this->request[1]) && $this->request[1] == 'update') {
if (!empty($_FILES['img_file']) && $_FILES['img_file']['error'] == 0) {
include 'includes/code/upload_avatar.php';
}
$location = Utils::secure($_POST['usr']['loc']);
$about = Utils::secure($_POST['usr']['bio']);
$website = Utils::secure($_POST['usr']['site']);
$pass = str_replace(' ', '', $_POST['usr']["pas"]);
$id = $_SESSION['user_id'];
Query::query("UPDATE Players SET Location='{$location}', About='{$about}', Website='{$website}' WHERE PlayerID='{$id}'") or die(mysql_error());
if ($pass != '') {
echo 'PW Changes';
$password = md5($_POST['new_password']);
setcookie("ava_code", $password);
Query::query("UPDATE tbl_users SET password='******' WHERE id='{$id}'") or die(mysql_error());
}
echo '<div id="error_message">' . PROFILE_UPDATED . "</div>";
$this->request[1] = 'edit';
}
if (isset($this->request[1]) && $this->request[1] == 'edit') {
if (User::login_check(Query::$mysqli) == true) {
$row = Query::query('SELECT * FROM Players WHERE Username=\'' . $username . '\' LIMIT 1')->fetch_assoc();
$email = $row['Email'];
$location2 = $row['Location'];
$about2 = $row['About'];
$website2 = $row['Website'];
if ($row['AvatarType'] != '') {
$avatar = $row['AvatarType'];
} else {
$avatar = 'default.png';
}
} else {
echo "You can only edit your own profile!";
}
$this->set('id', $row['PlayerID']);
$this->set('email', $email);
$this->set('website2', $website2);
$this->set('location2', $location2);
$this->set('about2', $about2);
$this->set('username', $username);
if ($row['AvatarType'] == '') {
$this->set('avatar', 'uploads/avatars/default.png');
} else {
$this->set('avatar', 'uploads/avatars/' . $row['PlayerID'] . $row['AvatarType']);
}
$this->render("Pages/ProfileEdit");
} else {
//id, comments, plays, ratings
/*if (isset($_GET['name'])) {
$seo_url = mysql_secure($_GET['name']);
$sql = Query::query('SELECT * FROM tbl_users WHERE seo_url='.$seo_url.' LIMIT 1');
} else {
$sql = Query::query('SELECT * FROM tbl_users WHERE id='.$id.' LIMIT 1');
}*/
$sql = Query::query('SELECT * FROM Players WHERE Username=\'' . $username . '\' LIMIT 1');
$user_exists = $sql->num_rows;
if ($user_exists != 1) {
header("HTTP/1.0 404 Not Found");
include 'includes/misc/404.php';
exit;
}
$row = $sql->fetch_assoc();
$profile = array();
$this->set('name', $row['Username']);
$id = $row['PlayerID'];
if ($row['Location'] == '') {
$this->set('location', PROFILE_NO_INFO);
} else {
$this->set('location', $row['Location']);
}
if ($row['Website'] == '') {
$this->set('website', PROFILE_NO_INFO);
} else {
$this->set('website', $row['Website']);
}
if ($row['Website'] == '') {
$this->set('website_link', PROFILE_NO_INFO);
} else {
$this->set('website_link', '<a href="' . $row['Website'] . '">' . $row['Website'] . '</a>');
}
if ($row['About'] == '') {
$this->set('about', PROFILE_NO_INFO);
} else {
$this->set('about', $row['About']);
}
if ($row['Interests'] == '') {
$this->set('interests', PROFILE_NO_INFO);
} else {
$this->set('interests', $row['Interests']);
}
if ($row['AvatarType'] == '') {
$this->set('avatar', 'uploads/avatars/default.png');
} else {
$this->set('avatar', 'uploads/avatars/' . $row['PlayerID'] . $row['AvatarType']);
}
//$profile['comments'] = $mysqli->query('SELECT COUNT(*) FROM '.$tp.'comments WHERE user='******'utils', '');
$this->set('id', $row['PlayerID']);
$this->set('plays', $row['Plays']);
$this->set('comment_count', $row['Comments']);
$this->set('ratings', $row['Ratings']);
if ($row['Points'] == '') {
$this->set('points', 0);
} else {
$this->set('points', $row['Points']);
}
$this->set('admin', $row['Admin']);
$this->set('join_date', $row['Joined']);
$this->set('isdev', $row['Developer']);
if (isset($_SESSION['user_id']) && $id == $_SESSION['user_id']) {
$this->set('button1', '<a href="profile/' . $username . '/edit">' . PROFILE_EDIT . '</a>');
} else {
$this->set('button1', '<a href="boxarcade/?task=send_message&id=' . $id . '">' . PROFILE_SEND_MESSAGE . '</a>');
}
// Check if user is friend
//if (($user['login_status'] == 1) && ($id != $user['id'])) {
if (1 == 0) {
$is_friend = $mysqli->query('SELECT * FROM ' . $tp . 'friends WHERE user1 = ' . $user['id'] . ' AND user2 =' . $id);
if ($is_friend->num_rows) {
$profile['button2'] = '<div id="friend_button"><a href="' . $_SERVER['REQUEST_URI'] . '#" onclick="ManageFriend(' . $row['id'] . ', \'delete_friend\', \'profile\');return false">UNFRIEND</a></div>';
} else {
$request_pending = $mysqli->query('SELECT * FROM ' . $tp . 'friend_requests WHERE from_user ='******' AND to_user ='******'button2'] = '<div id="friend_button"><a href="' . $_SERVER['REQUEST_URI'] . '#">REQUEST_SENT</a></div>';
} else {
$profile['button2'] = '<div id="friend_button"><a href="' . $_SERVER['REQUEST_URI'] . '#" onclick="ManageFriend(' . $row['id'] . ', \'send_request\', \'profile\');return false">ADD_FRIEND</a></div>';
}
}
} else {
$this->set('button2', '');
}
// If admin is logged in, show admin options
//if ($user['admin'] == 1) {
if (1 == 1) {
$this->set('admin_edit', '<a href="admin/?task=manage_users#id=' . $id . '">Edit user</a>');
} else {
$this->set('admin_edit', '');
}
$result = Query::query('SELECT * FROM favorites f, Games g WHERE GameID=f.game_id AND f.user_id=' . $row['PlayerID'] . ' LIMIT 16');
$favs = $result->num_rows;
$vars = array();
if ($favs == 0) {
echo PROFILE_NO_FAVS;
} else {
while ($rows = $result->fetch_assoc()) {
$file = Utils::TitleToFile($rows['Title']);
$game['gameTitle'] = $rows['Title'];
$game['gameDesc'] = $rows['Desc'];
$game['url'] = 'view/' . $rows['GameID'];
$game['image_url'] = "games/img/" . $file . ".png";
//Utils::FileToGameImageURL($file, "png");
array_push($vars, $game);
}
}
$this->set('games', $vars);
$result = Utils::query('SELECT * FROM tbl_badges as b, tbl_badge_relations as br WHERE b.badge_id=br.badge_id AND user_id=' . $row['PlayerID'] . ' LIMIT 6');
$favs = $result->num_rows;
$vars = array();
if ($favs == 0) {
echo PROFILE_NO_FAVS;
} else {
while ($rows = $result->fetch_assoc()) {
$g = Utils::query('SELECT * from tbl_games WHERE game_id=' . $rows['game_id'])->fetch_assoc();
$file = Utils::TitleToFile($g['title']);
$game['gameTitle'] = $g['title'];
$game['title'] = $rows['name'];
$game['game'] = $g['title'];
$game['score'] = $rows['points'];
$game['gameDesc'] = $rows['desc'];
$game['url'] = Utils::GameUrl($g['game_id']);
$game['image_url'] = $rows['image'];
array_push($vars, $game);
}
}
$this->set('badges', $vars);
$vars = array();
/*if ($_GET['task'] == 'profile') {
$result = $this->request['utils']->con->query('SELECT * FROM tbl_comments WHERE user='******' ORDER BY id DESC LIMIT 8');
} else {
$result = $this->request['utils']->con->query('SELECT * FROM tbl_comments WHERE user='******' ORDER BY id DESC');
}*/
$result = Utils::query('SELECT * FROM tbl_comments WHERE user='******'PlayerID'] . ' ORDER BY id DESC LIMIT 8');
$total_results = $result->num_rows;
if ($total_results == 0) {
echo $row['Username'] . ' ' . PROFILE_NO_COMMENTS;
} else {
while ($row = $result->fetch_assoc()) {
$game = Utils::query('SELECT * FROM Games WHERE GameID=' . $row['link_id'] . ' LIMIT 1')->fetch_assoc();
$comment['the_comment'] = nl2br($row['comment']);
$comment['game_name'] = $game['Title'];
$comment['date'] = $row['date'];
$comment['game_url'] = 'view/' . $game['GameID'];
//Utils::GameUrl($game['game_id']);
///$comment['game_img'] = Utils::FileToGameImageURL(Utils::TitleToFile($game['Title']), "png");
$file = Utils::TitleToFile($game['Title']);
$comment['game_img'] = "games/img/" . $file . ".png";
if (1 == 1) {
$comment['admin_options'] = ' <a href="admin/index.php?action=delete_comment&id=' . $row['id'] . '&link_id=' . $game['GameID'] . '"><img src="admin/images/delete.png" align="absmiddle" /></a>';
}
array_push($vars, $comment);
}
}
$this->set('comments', $vars);
$this->render("Pages/Profile");
}
}
?>
<div class="card<?php
echo $supp_class;
?>
comment">
<a href="<?php
echo WEBROOT . 'watch/' . Comment::find($action->target)->video_id;
?>
">
<p><b><?php
echo Utils::secure($channel_action->name);
?>
</b> a aimé votre commentaire</p>
<blockquote>
<?php
echo Utils::secure(substr(Comment::find($action->target)->comment, 0, 80));
?>
</blockquote>
</a>
<i><?php
echo Utils::relative_time($action->timestamp);
?>
</i>
</div>
<?php
} else {
if ($action->type == 'pm') {
$pluriel = $action->infos['nb_msg'] > 1 ? "messages privés" : "message privé";
?>
<div class="card<?php
echo $supp_class;
public function create($request)
{
$req = $request->getParameters();
if (isset($req['submitRegister'])) {
if (isset($req['username'])) {
if (isset($req['pass'])) {
if (isset($req['pass-confirm'])) {
if (isset($req['mail'])) {
if (isset($req["g-recaptcha-response"])) {
if (isset($req['CGU']) && $req['CGU'] == 'CGU') {
$data = $_POST;
$data['currentPageTitle'] = 'Inscription';
$data["currentPage"] = "register";
$url = "https://www.google.com/recaptcha/api/siteverify?secret=";
//Adress a get
$url .= Config::getValue_("recaptcha_private");
//Cle prive
$url .= "&response=" . $req['g-recaptcha-response'];
// Resultat de captcha
$check_captcha = true;
if (isset($req['cavicon'])) {
$key = "key";
$check_captcha = $req['cavicon'] != $key;
}
$check_captcha = true;
//Override
if ($check_captcha) {
$json_result = json_decode(file_get_contents($url), true);
//Parsage de la reponse
if (@$json_result["success"] != true) {
$response = new ViewResponse('login/register', $data);
$response->addMessage(ViewMessage::error('Erreur de captcha'));
//Affichage de l'erreur
return $response;
}
} else {
//OK
}
} else {
$response = new ViewResponse('login/register', $data);
$response->addMessage(ViewMessage::error('Merci d\'accepter nos conditions avant de vous inscrire'));
return $response;
}
} else {
//Affichage de l'erreur
$response = new ViewResponse('login/register', $data);
$response->addMessage(ViewMessage::error('Erreur de captcha'));
return $response;
}
$username = Utils::secure($req['username']);
$pass = Utils::secure($req['pass']);
$pass2 = Utils::secure($req['pass-confirm']);
$mail = Utils::secure($req['mail']);
if (Utils::validateUsername($username) && Utils::validateMail($mail) && $pass2 != '' && $pass != '') {
if ($pass == $pass2) {
if (!User::find_by_username($username)) {
if (!User::isMailRegistered($mail)) {
User::register($username, $pass, $mail);
$created_user = User::find('first', array('username' => $username));
$created_user->sendWelcomeNotification();
$response = new ViewResponse('login/login');
$response->addMessage(ViewMessage::success('Inscription validée. Vous pouvez vous connecter !'));
return $response;
} else {
$response = new ViewResponse('login/register', $data);
$response->addMessage(ViewMessage::error('Cette adresse e-mail est déjà enregistrée'));
return $response;
}
} else {
$response = new ViewResponse('login/register', $data);
$response->addMessage(ViewMessage::error('Ce nom d\'utilisateur est déjà pris'));
return $response;
}
} else {
$response = new ViewResponse('login/register', $data);
$response->addMessage(ViewMessage::error('Les mots de passe ne correspondent pas'));
return $response;
}
} else {
$response = new ViewResponse('login/register', $data);
$response->addMessage(ViewMessage::error('Veuillez saisir des informations valides (a-z/A-Z/0-9)'));
return $response;
}
} else {
$response = new ViewResponse('login/register', $data);
$response->addMessage(ViewMessage::error('L\'adresse e-mail est requise'));
return $response;
}
} else {
$response = new ViewResponse('login/register', $data);
$response->addMessage(ViewMessage::error('Veuillez confirmer le mot de passe'));
return $response;
}
} else {
$response = new ViewResponse('login/register', $data);
$response->addMessage(ViewMessage::error('Le mot de passe est requis'));
return $response;
}
} else {
$response = new ViewResponse('login/register', $data);
$response->addMessage(ViewMessage::error('Le nom d\'utilisateur est requis'));
return $response;
}
}
}
<?php
if (false) {
//if(!empty($predefined_descriptions)) { //TODO AFTER All the bug fix
?>
<select onchange="insertDesc(this);">
<option value="" selected>Inserez une description prédéfinie...</option>
<option disabled>──────────</option>
<?php
foreach ($predefined_descriptions as $desc) {
?>
<option value="<?php
echo stripslashes($desc->description);
?>
" ><?php
echo Utils::secure($desc->name);
?>
</option>
<?php
}
?>
</select>
<?php
} else {
}
?>
<label for="video-description">
Description :
<textarea name="video-description" required="required" id="video-description" rows="4" placeholder="Description"></textarea>
</label>
date_default_timezone_set('America/New_York');
if (isset($_POST['id']) && isset($_POST['comment'])) {
include '../../../lib/sqlquery.class.php';
include '../../../lib/newmodel.class.php';
include '../../../app/models/Query.php';
include '../../../app/models/Settings.php';
include '../../../app/models/User.php';
include '../../../app/models/Utils.php';
$query = new SQLQuery();
$query->connect('localhost', 'root', '', 'boxarcade');
Settings::Init();
include '../../../lang/' . Settings::Get('language') . '.php';
User::sec_session_start();
User::Init();
$userid = intval($_SESSION['user_id']);
$the_comment = Utils::secure($_POST['comment']);
$id = intval($_POST['id']);
if (User::login_check(Query::$mysqli) == true) {
$date = date("Y-m-d H:i:s");
Query::query("INSERT INTO tbl_comments (user, comment, link_id, date, ip) VALUES ('{$userid}', '{$the_comment}', '{$id}', '{$date}', '{$_SERVER['REMOTE_ADDR']}')");
$user_url = '';
//'uploads/avatars/' . User::Get('id') . User::Get('AvatarType');//ProfileUrl($user2['id'], $user2['seo_url']);
$content = stripslashes(nl2br(strip_tags($_POST['comment'])));
$username = User::Get('Username');
$report_button = '';
$delete = '';
if (User::Get('AvatarType') == '') {
$avatar_url = '/uploads/avatars/default.png';
} else {
$avatar_url = 'uploads/avatars/' . User::Get('id') . User::Get('AvatarType');
}
