public function create($request) { $data = $request->getParameters(); if (isset($data['submitLogin']) && !Session::isActive()) { $is_admin = isset($data['is_admin']) && $data['is_admin'] == 1; $username = Utils::secure($data['username']); $password = Utils::secure($data['pass']); if (User::find_by_username($username)) { $user = User::find_by_username($username); $current_log_fail = $user->getLogFails(); if (!$user->isAllowedToAttemptLogin()) { $next_timestamp = $current_log_fail['next_try']; $last_try_timestamp = $current_log_fail['last_try']; $nb_try = $current_log_fail['nb_try']; $next_try_tps = $next_timestamp - Utils::tps(); $next_try_min = floor($next_try_tps / 60); $next_try_sec = round($next_try_tps - $next_try_min * 60); $next_try_str = "{$next_try_min} m et {$next_try_sec} s"; $data = isset($data['redirect']) ? ['redirect' => $data['redirect']] : []; $data['currentPageTitle'] = 'Connexion'; $response = !$is_admin ? new ViewResponse('login/login', $data) : new ViewResponse('admin/login/login', $data, true, 'layouts/admin_login.php', 401); $response->addMessage(ViewMessage::error($nb_try . " tentatives de connexions à la suite pour ce compte. Veuillez patienter {$next_try_str}")); return $response; } $realPass = User::find_by_username($username)->getPassword(); if (password_verify($password, $realPass)) { User::connect($username, 1); $user->resetLogFails(); return new RedirectResponse($data['redirect'] ? urldecode($data['redirect']) : WEBROOT); } else { if (sha1($password) == $realPass) { $user->resetLogFails(); User::connect($username, 1)->setPassword(password_hash($password, PASSWORD_BCRYPT)); return new RedirectResponse($data['redirect'] ? urldecode($data['redirect']) : WEBROOT); } if (!$user->isIntervalBetweenTwoLogAttemptElapsed() || !$current_log_fail) { $user->addLogFail(); } else { $user->resetLogFails(); $user->addLogFail(); } $data = isset($data['redirect']) ? ['redirect' => $data['redirect']] : []; $data['currentPageTitle'] = 'Connexion'; $response = !$is_admin ? new ViewResponse('login/login', $data) : new ViewResponse('admin/login/login', $data, true, 'layouts/admin_login.php', 401); $response->addMessage(ViewMessage::error('Mot de passe incorrect')); return $response; } } else { $data = isset($data['redirect']) ? ['redirect' => $data['redirect']] : []; $data['currentPageTitle'] = 'Connexion'; $response = !$is_admin ? new ViewResponse('login/login', $data) : new ViewResponse('admin/login/login', $data, true, 'layouts/admin_login.php', 401); $response->addMessage(ViewMessage::error('Ce nom d\'utilisateur n\'existe pas')); return $response; } } }
public function create($request) { $req = $request->getParameters(); if (isset($req['post-message-submit'], $req['channel'], $req['post-content']) && Session::isActive()) { $channelId = $req['channel']; $channel = UserChannel::exists($channelId) ? UserChannel::find($channelId) : UserChannel::find_by_name($channelId); if (is_object($channel) && $channel->belongToUser(Session::get()->id)) { $postContent = $req['post-content']; $postContent = trim($postContent); if (!empty($postContent)) { $post = $channel->postMessage($postContent); $postData = array('id' => $post->id, 'channel_id' => $post->channel_id, 'content' => Utils::secure($post->content), 'timestamp' => $post->timestamp); return new JsonResponse($postData); } } } return new Response(500); }
public function create($request) { $req = $request->getParameters(); $data = $req; $data['current'] = 'channels'; $name = @Utils::secure($req['name']); $descr = @Utils::secure($req['description']); if (isset($req['createChannelSubmit']) && Session::isActive()) { $data = array(); $data['currentPageTitle'] = 'Créer une chaine'; if (isset($req['name'], $req['description'])) { if (strlen($name) >= 3 && strlen($name) <= 40) { if (preg_match("#^[a-zA-Z0-9\\_\\-\\.]+\$#", $name)) { if (UserChannel::isNameFree($name)) { UserChannel::addNew($name, $descr, $req['_FILES_']['avatar'], $req['_FILES_']['background']); $data['channels'] = Session::get()->getOwnedChannels(); $data['currentPageTitle'] = 'Mes chaines'; $response = new ViewResponse('account/channels', $data); $response->addMessage(ViewMessage::success('Votre nouvelle chaîne a bien été créée ! Faites-en bon usage !')); return $response; } else { $response = new ViewResponse('channel/create', $data); $response->addMessage(ViewMessage::error('Ce nom de chaine est déjà utilisé.')); return $response; } } else { $response = new ViewResponse('channel/create', $data); $response->addMessage(ViewMessage::error('Le nom de la chaîne doit contenir uniquement des lettres (majuscules et minuscules), des traits-d\'union, des _ et des points.')); return $response; } } else { $response = new ViewResponse('channel/create', $data); $response->addMessage(ViewMessage::error('Le nom de la chaîne doit être compris entre 3 et 40 caractères.')); return $response; } } else { $response = new ViewResponse('channel/create', $data); $response->addMessage(ViewMessage::error('Tous les champs doivent être remplis.')); return $response; } } $response = new ViewResponse('channel/create', $data); return $response; }
public function create($request) { $params = $request->getParameters(); if (Session::isActive()) { if (isset($params['channel-id']) && UserChannel::exists(Utils::secure($params['channel-id']))) { $channel = UserChannel::find(Utils::secure($params['channel-id'])); if (!$channel->hasLiveAccess() && $channel->belongToUser(Session::get()->id)) { $access = LiveAccess::create(array('channel_id' => $channel->id, 'user_id' => Session::get()->id, 'key' => hash_hmac('sha256', mt_rand(), mt_rand()), 'timestamp' => time())); return new RedirectResponse(WEBROOT . 'lives'); exit; //return new JsonResponse(array('key' => $access->key, 'channel' => $channel->name, 'id' => $access->id)); } else { return new Response(500); } } else { return new Response(500); } } else { return Utils::getUnauthorizedResponse(); } }
public function create($request) { if (Session::isActive()) { $req = $request->getParameters(); Session::get()->last_visit = Utils::tps(); Session::get()->save(); if (isset($req['sender'], $req['conversation'], $req['content']) && !empty($req['conversation']) && !empty($req['sender']) && !empty($req['content'])) { $sender = Utils::secure($req['sender']); $conversation = Utils::secure($req['conversation']); $content = Utils::secure($req['content']); $channel = UserChannel::exists($sender) ? UserChannel::find($sender) : false; if ($channel && $channel->belongToUser(Session::get()->id) && ($conv = Conversation::find($conversation))) { if (!$conv->containsChannel($channel)) { return Utils::getUnauthorizedResponse(); } $message = Message::sendNew($sender, $conversation, $content); $messageData = array('id' => $message->id, 'avatar' => $channel->getAvatar(), 'pseudo' => $channel->name, 'text' => $content, 'mine' => 'true'); return new JsonResponse($messageData); } } } return new Response(500); }
public function create($request) { $req = $request->getParameters(); if (isset($req['commentSubmit'], $req['from-channel'], $req['video-id']) && Session::isActive()) { $channelId = Utils::secure($req['from-channel']); $min_timestamp = Utils::tps() - Config::getValue_("time_between_comments"); if (Comment::exists(array('conditions' => array("poster_id=? AND timestamp > ?", $channelId, $min_timestamp)))) { return new Response(500); } if (UserChannel::exists($channelId) && UserChannel::find($channelId)->belongToUser(Session::get()->id)) { $content = Utils::secure($req['comment-content']); $content = trim($content); $parent = isset($req['parent']) ? Utils::secure($req['parent']) : ''; if (!empty($content)) { $vidId = Utils::secure($req['video-id']); $comment = Comment::postNew($channelId, $vidId, $content, $parent); $commentData = array('id' => $comment->id, 'author' => UserChannel::find($comment->poster_id)->name, 'video_id' => $vidId, 'comment' => $content, 'relativeTime' => Utils::relative_time($comment->timestamp), 'likes' => $comment->likes, 'dislikes' => $comment->dislikes); return new JsonResponse($commentData); } } } return new Response(500); }
<div class="row"> <h1>Dashboard</h1> <div class="col-lg-3 col-sm-6 col-xs-12"> <div class="thumbnail"> <img src="<?php echo StaffContact::getImageName(Session::get()); ?> " alt="Avatar"> <div class="caption"> <h3><?php echo Utils::secure(StaffContact::getShownName(Session::get())); ?> </h3> <p><?php echo Utils::secure(StaffContact::getDescription(Session::get())); ?> <a href="<?php echo WEBROOT . 'admin/staffContactDetails/edit_public_infos/'; ?> " class="btn btn-primary" role="button">Changer mes infos officielles</a> </p> <p> </p> </div> </div> </div> <div class="col-lg-6 col-sm-6 col-xs-12"> <?php foreach ($storage_server as $srv) { ?>
include VIEW . 'layouts/messages_bootstrap.php'; ?> <form action="<?php echo WEBROOT; ?> admin/ticketlevels/edit_users" method="post"> <input type="hidden" name="_method" value="PUT"> <?php foreach ($users as $user) { $lvls_id = $user->getAssignedLevelsIds(); ?> <div class="col-md-3"> <div class="well"> <div class="form-group"> <label><?php echo Utils::secure(StaffContact::getShownName($user)); ?> </label> <?php foreach ($levels as $level) { $checked = in_array($level->id, $lvls_id) ? 'checked' : ''; ?> <div class="checkbox"> <label> <input name="<?php echo $level->id . '_' . $user->id; ?> " type="checkbox" <?php echo $checked; ?> ><?php
function displayComments($video, $parent, $i) { $comments = $video->getComments($parent); if (empty($comments)) { ?> <p>Aucun commentaire à propos de cette video</p> <?php } foreach ($comments as $comment) { $comment->comment = Utils::makeLinks(Utils::secure($comment->comment)); $margin = $i * 8; ?> <div style="width: <?php echo 100 - $margin; ?> %; margin-left:<?php echo $margin; ?> %" class="comment" id="c-<?php echo $comment->id; ?> "> <div class="comment-head"> <div class="user"> <img src="<?php echo UserChannel::find($comment->poster_id)->getAvatar(); ?> " alt="[Avatar]"> <a href="<?php echo WEBROOT . 'channel/' . UserChannel::find($comment->poster_id)->name; ?> "><?php echo UserChannel::getNameById($comment->poster_id); ?> </a> </div> <div class="date"> <p><?php echo Utils::relative_time($comment->timestamp); echo $comment->last_updated_timestamp ? ' (Edité ' . Utils::relative_time($comment->last_updated_timestamp) . ')' : ''; ?> </p> </div> </div> <div class="comment-text"> <p style="word-wrap:break-word"><?php echo $comment->comment; ?> </p> </div> <div class="comment-notation"> <ul> <li class="plus" id="plus-<?php echo $comment->id; ?> " onclick="likeComment('<?php echo $comment->id; ?> ')">+<?php echo $comment->likes; ?> </li> <li class="moins" id="moins-<?php echo $comment->id; ?> " onclick="dislikeComment('<?php echo $comment->id; ?> ')">-<?php echo $comment->dislikes; ?> </li> <li onclick="reportComment('<?php echo $comment->id; ?> ', this)" style="cursor:pointer">Signaler</li> <li onclick="document.location.href='#comments';document.getElementById('response').innerHTML='<b>Répondre à <?php echo UserChannel::getNameById($comment->poster_id); ?> :</b>';document.getElementById('textarea-comment').focus();document.getElementById('parent-comment').value='<?php echo $comment->id; ?> ';" style="cursor:pointer">Répondre</li> <?php if (Session::isActive() && (Session::get()->isModerator() || Session::get()->isAdmin() || $comment->getAuthor()->belongToUser(Session::get()->id))) { ?> <li onclick="editComment('<?php echo $comment->id; ?> ', this)" style="cursor:pointer">Editer</li> <?php } ?> <?php if (Session::isActive() && (Session::get()->isModerator() || Session::get()->isAdmin() || $video->getAuthor()->belongToUser(Session::get()->id) || $comment->getAuthor()->belongToUser(Session::get()->id))) { ?> <li onclick="deleteComment('<?php echo $comment->id; ?> ', this)" style="cursor:pointer">Supprimer</li> <?php } ?> </ul> </div> </div> <?php if (Comment::count(array('conditions' => array('parent = ?', $comment->id))) >= 1) { displayComments($video, $comment->id, $i + 1); } } }
echo $k % 2 != 0 ? 'class="timeline-inverted"' : ''; ?> > <?php echo $new->getBadge(); ?> <div class="timeline-panel"> <div class="timeline-heading"> <h4 class="timeline-title"><?php echo $new->title; ?> </h4> <p><small class="text-muted"><i class="fa fa-clock-o"></i> <?php echo Utils::relative_time($new->timestamp) . " par " . Utils::secure(StaffContact::getShownName($new->user)); ?> </small> </p> </div> <div class="timeline-body"> <p><?php echo $new->content; ?> </p> <?php if ($new->belongsToUser(Session::get())) { ?> <div id="modal_<?php echo $new->id; ?>
private function mail($ticket, $message) { if ($ticket->user_id !== '0') { $username = User::exists(array('id' => $ticket->user_id)) ? ' ' . User::find($ticket->user_id)->username : ''; $to = User::exists(array('id' => $ticket->user_id)) ? User::find($ticket->user_id)->email : $ticket->user_id; $subject = '[DreamVids] Avancement de votre demande d\'assistance #' . $ticket->id; $message = str_replace('{{tech}}', Utils::secure(StaffContact::getShownName(Session::get())), $message); $message = "Bonjour{$username},\r\n\r\n{$message}\r\n\r\nCordialement,\r\nL'équipe DreamVids."; $headers = 'From: DreamVids <*****@*****.**>'; mail($to, $subject, utf8_decode($message), $headers); } }
public function update($id, $request) { if (!Session::isActive()) { return new RedirectResponse(Utils::generateLoginURL()); } $req = $request->getParameters(); $data = $req; $data['current'] = 'account'; $data['email'] = Session::get()->email; $data['currentPageTitle'] = 'Mon compte'; if ($id == 'infos') { if (isset($req['profileSubmit']) && Session::isActive()) { $user = Session::get(); $currentMail = Session::get()->email; $currentUsername = Session::get()->username; if (isset($req['email']) && $req['email'] != $currentMail) { $newMail = Utils::secure($req['email']); if (Utils::validateMail($newMail)) { $user->email = $newMail; $user->save(); $data['email'] = $newMail; } else { $response = new ViewResponse('account/profile', $data); $response->addMessage(ViewMessage::error('L\'adresse E-Mail n\'est pas valide')); return $response; } } if (isset($req['username']) && $req['username'] != $currentUsername) { $newUsername = Utils::secure($req['username']); if (Utils::validateUsername($newUsername) && !User::exists(array('username' => $newUsername)) && !UserChannel::exists(['name' => $newUsername])) { $channel = Session::get()->getMainChannel(); $user->username = $newUsername; $user->save(); $channel->name = $newUsername; $channel->save(); $data['username'] = $newUsername; } else { $response = new ViewResponse('account/profile', $data); $response->addMessage(ViewMessage::error('Le nom d\'utilisateur doit être disponible, contenir uniquement des lettres, des chiffres, des points, des traits d\'union et des _ et doit être compris entre 3 et 40 caractères.')); return $response; } } $response = new ViewResponse('account/profile', $data); $response->addMessage(ViewMessage::success('Préférences enregistrées !')); return $response; } } if ($id == 'password') { if (isset($req['passwordSubmit']) && Session::isActive()) { if (isset($req['newPass']) && isset($req['newPassConfirm']) && isset($req['currentPass'])) { if ($req['newPass'] == $req['newPassConfirm']) { $currentPass = $req['currentPass']; $newPass = $req['newPass']; $data = $req; $data['current'] = 'password'; if (password_verify($currentPass, Session::get()->pass)) { Session::get()->setPassword(password_hash($newPass, PASSWORD_BCRYPT)); $response = new ViewResponse('account/password', $data); $response->addMessage(ViewMessage::success('Préférences enregistrées !')); return $response; } else { $response = new ViewResponse('account/password', $data); $response->addMessage(ViewMessage::error('Le mot de passe actuel est erroné')); return $response; } } else { $response = new ViewResponse('account/password', $data); $response->addMessage(ViewMessage::error('Les mots de passe ne sont pas identiques')); return $response; } } } } if ($id == 'volume') { $data = $req; Session::get()->setSoundSetting($data["volume"]); return new Response(200); } if ($id == 'definition') { $data = $req; Session::get()->setDefinitionSetting($data["definition"]); return new Response(200); } if ($id == 'notifications') { $data = $request->getParameters(); $data['current'] = 'notifications'; Session::get()->setNotificationSettings($data); $data = array_merge($data, Session::get()->getNotificationSettings()); $response = new ViewResponse('account/notifications', $data); $response->addMessage(ViewMessage::success("Paramètres de notifications sauvegardés")); return $response; } if ($id == 'language') { $data['currentPageTitle'] = "Paramètre de langues"; $data['current'] = 'language'; Session::get()->setLanguageSetting($req['language']); $data['settings'] = Session::get()->getSettings(); $data['avaiable_languages'] = Translator::getLanguagesList(); $data['lang_setting'] = Session::get()->getLanguageSetting(); return new RedirectResponse('account/language', $data); } else { return new ViewResponse('account/profile', $data); } }
private function executeAction($request, $controller, $uriParameters) { $is_admin = false; if (isset($uriParameters[0]) && $uriParameters[0] == "admin") { unset($uriParameters[0]); $is_admin = true; $uriParameters = array_values($uriParameters); } switch ($request->getMethod()) { case Method::GET: // Example: /posts/ if (count($uriParameters) < 1 || $is_admin && count($uriParameters) < 2) { if ($controller->isActionAllowed(Action::INDEX)) { $response = call_user_func_array(array($controller, 'index'), array($request)); Utils::sendResponse($response); } else { Utils::getForbiddenResponse()->send(); } } else { if (count($uriParameters) == 2) { // Example: /posts/latest --> calls the 'latest' method from controller if (method_exists($controller, $uriParameters[1]) || $is_admin) { if (!$this->isCallableAsAction($uriParameters[1])) { $response = Utils::getForbiddenResponse(); } else { unset($uriParameters[0]); $response = call_user_func_array(array($controller, $uriParameters[1]), array($request)); } Utils::sendResponse($response); } else { if ($controller->isActionAllowed(Action::GET)) { $response = call_user_func_array(array($controller, 'get'), array($uriParameters[1], $request)); Utils::sendResponse($response); } else { Utils::getForbiddenResponse()->send(); } } } else { if (count($uriParameters) > 2) { // Example: /posts/recents/4 --> calls recents(4) from PostsController, to retrive the 4 most recent posts if (method_exists($controller, $uriParameters[1]) || $is_admin) { $methodName = $uriParameters[1]; unset($uriParameters[0]); unset($uriParameters[1]); if (!$this->isCallableAsAction($methodName)) { $response = Utils::getForbiddenResponse(); } else { $response = call_user_func_array(array($controller, $methodName), array_merge($uriParameters, array($request))); } Utils::sendResponse($response); } else { $methodName = $uriParameters[2]; if (method_exists($controller, $methodName)) { unset($uriParameters[0]); unset($uriParameters[2]); if (!$this->isCallableAsAction($methodName)) { $response = Utils::getForbiddenResponse(); } else { $response = call_user_func_array(array($controller, $methodName), array(Utils::secureArray($uriParameters), $request)); } Utils::sendResponse($response); } else { Utils::getNotFoundResponse()->send(); } } } } } break; case Method::POST: if ($controller->isActionAllowed(Action::CREATE)) { $request->setParameters(array_merge($_POST, array('_FILES_' => $_FILES))); $response = call_user_func_array(array($controller, 'create'), array($request)); Utils::sendResponse($response); } else { Utils::getForbiddenResponse()->send(); } break; case Method::PUT: if (count($uriParameters) == 2) { if ($controller->isActionAllowed(Action::UPDATE)) { $parameters = array(); parse_str(file_get_contents('php://input'), $parameters); $request->setParameters($parameters); if (empty($parameters) && !empty($_POST)) { // If the request is not a real PUT request but needs to be handled like one (html form) $request->setParameters(array_merge($_POST, array('_FILES_' => $_FILES))); } $response = call_user_func_array(array($controller, 'update'), array(Utils::secure($uriParameters[1]), $request)); Utils::sendResponse($response); } else { Utils::getForbiddenResponse()->send(); } } break; case Method::DELETE: if (count($uriParameters) == 2) { if ($controller->isActionAllowed(Action::DESTROY)) { $parameters = array(); parse_str(file_get_contents('php://input'), $parameters); $request->setParameters($parameters); if (empty($parameters) && !empty($_POST)) { // If the request is not a real DELETE request but needs to be handled like one (html form) $request->setParameters($_POST); } $response = call_user_func_array(array($controller, 'destroy'), array(Utils::secure($uriParameters[1]), $request)); Utils::sendResponse($response); } else { Utils::getForbiddenResponse()->send(); } } break; default: break; } }
public static function secureArray($array) { $secureArray = array(); foreach ($array as $key => $value) { if (is_string($value)) { $secureArray[$key] = Utils::secure($value); } } return $secureArray; }
public function create($request) { if (Session::isActive()) { $req = $request->getParameters(); if (isset($req['members'], $req['creator'], $req['subject']) && !empty($req['members']) && !empty($req['creator'])) { $membersStr = Utils::secure($req['members']); $creator = Utils::secure($req['creator']); $subject = Utils::secure($req['subject']); $subject = !empty($subject) ? $subject : 'Sans titre'; if ($sender = UserChannel::find($creator)) { if (Utils::stringStartsWith($membersStr, ';')) { $membersStr = substr_replace($membersStr, '', 0, 1); } if (Utils::stringEndsWith($membersStr, ';')) { $membersStr = substr_replace($membersStr, '', -1); } $membersStr = preg_replace('/\\s+/', '', $membersStr); $membersIdsFinal = ';'; if (strpos($membersStr, ';')) { foreach (explode(';', $membersStr) as $destId) { if ($dest = UserChannel::find_by_name($destId)) { $membersIdsFinal .= $dest->id . ';'; } else { $response = new Response(500); $response->setBody('Error: Le destinataire <' . $destId . '> n\'existe pas !'); return $response; } } } else { if ($chann = UserChannel::find_by_name($membersStr)) { $membersIdsFinal .= $chann->id . ';'; } else { $response = new Response(500); $response->setBody('Error: les destinataires doivent être séparés par un \';\' !'); return $response; } } if ($membersIdsFinal != ';') { $membersIdsFinal .= $sender->id . ';'; Conversation::createNew($subject, $sender, $membersIdsFinal); return new Response(200); } } } } return new Response(500); }
public function main() { //loadLanguageFile('play'); //include '../lang/English.php'; include '../lang/English.php'; $username = $this->request[0]; if (isset($this->request[1]) && $this->request[1] == 'update') { if (!empty($_FILES['img_file']) && $_FILES['img_file']['error'] == 0) { include 'includes/code/upload_avatar.php'; } $location = Utils::secure($_POST['usr']['loc']); $about = Utils::secure($_POST['usr']['bio']); $website = Utils::secure($_POST['usr']['site']); $pass = str_replace(' ', '', $_POST['usr']["pas"]); $id = $_SESSION['user_id']; Query::query("UPDATE Players SET Location='{$location}', About='{$about}', Website='{$website}' WHERE PlayerID='{$id}'") or die(mysql_error()); if ($pass != '') { echo 'PW Changes'; $password = md5($_POST['new_password']); setcookie("ava_code", $password); Query::query("UPDATE tbl_users SET password='******' WHERE id='{$id}'") or die(mysql_error()); } echo '<div id="error_message">' . PROFILE_UPDATED . "</div>"; $this->request[1] = 'edit'; } if (isset($this->request[1]) && $this->request[1] == 'edit') { if (User::login_check(Query::$mysqli) == true) { $row = Query::query('SELECT * FROM Players WHERE Username=\'' . $username . '\' LIMIT 1')->fetch_assoc(); $email = $row['Email']; $location2 = $row['Location']; $about2 = $row['About']; $website2 = $row['Website']; if ($row['AvatarType'] != '') { $avatar = $row['AvatarType']; } else { $avatar = 'default.png'; } } else { echo "You can only edit your own profile!"; } $this->set('id', $row['PlayerID']); $this->set('email', $email); $this->set('website2', $website2); $this->set('location2', $location2); $this->set('about2', $about2); $this->set('username', $username); if ($row['AvatarType'] == '') { $this->set('avatar', 'uploads/avatars/default.png'); } else { $this->set('avatar', 'uploads/avatars/' . $row['PlayerID'] . $row['AvatarType']); } $this->render("Pages/ProfileEdit"); } else { //id, comments, plays, ratings /*if (isset($_GET['name'])) { $seo_url = mysql_secure($_GET['name']); $sql = Query::query('SELECT * FROM tbl_users WHERE seo_url='.$seo_url.' LIMIT 1'); } else { $sql = Query::query('SELECT * FROM tbl_users WHERE id='.$id.' LIMIT 1'); }*/ $sql = Query::query('SELECT * FROM Players WHERE Username=\'' . $username . '\' LIMIT 1'); $user_exists = $sql->num_rows; if ($user_exists != 1) { header("HTTP/1.0 404 Not Found"); include 'includes/misc/404.php'; exit; } $row = $sql->fetch_assoc(); $profile = array(); $this->set('name', $row['Username']); $id = $row['PlayerID']; if ($row['Location'] == '') { $this->set('location', PROFILE_NO_INFO); } else { $this->set('location', $row['Location']); } if ($row['Website'] == '') { $this->set('website', PROFILE_NO_INFO); } else { $this->set('website', $row['Website']); } if ($row['Website'] == '') { $this->set('website_link', PROFILE_NO_INFO); } else { $this->set('website_link', '<a href="' . $row['Website'] . '">' . $row['Website'] . '</a>'); } if ($row['About'] == '') { $this->set('about', PROFILE_NO_INFO); } else { $this->set('about', $row['About']); } if ($row['Interests'] == '') { $this->set('interests', PROFILE_NO_INFO); } else { $this->set('interests', $row['Interests']); } if ($row['AvatarType'] == '') { $this->set('avatar', 'uploads/avatars/default.png'); } else { $this->set('avatar', 'uploads/avatars/' . $row['PlayerID'] . $row['AvatarType']); } //$profile['comments'] = $mysqli->query('SELECT COUNT(*) FROM '.$tp.'comments WHERE user='******'utils', ''); $this->set('id', $row['PlayerID']); $this->set('plays', $row['Plays']); $this->set('comment_count', $row['Comments']); $this->set('ratings', $row['Ratings']); if ($row['Points'] == '') { $this->set('points', 0); } else { $this->set('points', $row['Points']); } $this->set('admin', $row['Admin']); $this->set('join_date', $row['Joined']); $this->set('isdev', $row['Developer']); if (isset($_SESSION['user_id']) && $id == $_SESSION['user_id']) { $this->set('button1', '<a href="profile/' . $username . '/edit">' . PROFILE_EDIT . '</a>'); } else { $this->set('button1', '<a href="boxarcade/?task=send_message&id=' . $id . '">' . PROFILE_SEND_MESSAGE . '</a>'); } // Check if user is friend //if (($user['login_status'] == 1) && ($id != $user['id'])) { if (1 == 0) { $is_friend = $mysqli->query('SELECT * FROM ' . $tp . 'friends WHERE user1 = ' . $user['id'] . ' AND user2 =' . $id); if ($is_friend->num_rows) { $profile['button2'] = '<div id="friend_button"><a href="' . $_SERVER['REQUEST_URI'] . '#" onclick="ManageFriend(' . $row['id'] . ', \'delete_friend\', \'profile\');return false">UNFRIEND</a></div>'; } else { $request_pending = $mysqli->query('SELECT * FROM ' . $tp . 'friend_requests WHERE from_user ='******' AND to_user ='******'button2'] = '<div id="friend_button"><a href="' . $_SERVER['REQUEST_URI'] . '#">REQUEST_SENT</a></div>'; } else { $profile['button2'] = '<div id="friend_button"><a href="' . $_SERVER['REQUEST_URI'] . '#" onclick="ManageFriend(' . $row['id'] . ', \'send_request\', \'profile\');return false">ADD_FRIEND</a></div>'; } } } else { $this->set('button2', ''); } // If admin is logged in, show admin options //if ($user['admin'] == 1) { if (1 == 1) { $this->set('admin_edit', '<a href="admin/?task=manage_users#id=' . $id . '">Edit user</a>'); } else { $this->set('admin_edit', ''); } $result = Query::query('SELECT * FROM favorites f, Games g WHERE GameID=f.game_id AND f.user_id=' . $row['PlayerID'] . ' LIMIT 16'); $favs = $result->num_rows; $vars = array(); if ($favs == 0) { echo PROFILE_NO_FAVS; } else { while ($rows = $result->fetch_assoc()) { $file = Utils::TitleToFile($rows['Title']); $game['gameTitle'] = $rows['Title']; $game['gameDesc'] = $rows['Desc']; $game['url'] = 'view/' . $rows['GameID']; $game['image_url'] = "games/img/" . $file . ".png"; //Utils::FileToGameImageURL($file, "png"); array_push($vars, $game); } } $this->set('games', $vars); $result = Utils::query('SELECT * FROM tbl_badges as b, tbl_badge_relations as br WHERE b.badge_id=br.badge_id AND user_id=' . $row['PlayerID'] . ' LIMIT 6'); $favs = $result->num_rows; $vars = array(); if ($favs == 0) { echo PROFILE_NO_FAVS; } else { while ($rows = $result->fetch_assoc()) { $g = Utils::query('SELECT * from tbl_games WHERE game_id=' . $rows['game_id'])->fetch_assoc(); $file = Utils::TitleToFile($g['title']); $game['gameTitle'] = $g['title']; $game['title'] = $rows['name']; $game['game'] = $g['title']; $game['score'] = $rows['points']; $game['gameDesc'] = $rows['desc']; $game['url'] = Utils::GameUrl($g['game_id']); $game['image_url'] = $rows['image']; array_push($vars, $game); } } $this->set('badges', $vars); $vars = array(); /*if ($_GET['task'] == 'profile') { $result = $this->request['utils']->con->query('SELECT * FROM tbl_comments WHERE user='******' ORDER BY id DESC LIMIT 8'); } else { $result = $this->request['utils']->con->query('SELECT * FROM tbl_comments WHERE user='******' ORDER BY id DESC'); }*/ $result = Utils::query('SELECT * FROM tbl_comments WHERE user='******'PlayerID'] . ' ORDER BY id DESC LIMIT 8'); $total_results = $result->num_rows; if ($total_results == 0) { echo $row['Username'] . ' ' . PROFILE_NO_COMMENTS; } else { while ($row = $result->fetch_assoc()) { $game = Utils::query('SELECT * FROM Games WHERE GameID=' . $row['link_id'] . ' LIMIT 1')->fetch_assoc(); $comment['the_comment'] = nl2br($row['comment']); $comment['game_name'] = $game['Title']; $comment['date'] = $row['date']; $comment['game_url'] = 'view/' . $game['GameID']; //Utils::GameUrl($game['game_id']); ///$comment['game_img'] = Utils::FileToGameImageURL(Utils::TitleToFile($game['Title']), "png"); $file = Utils::TitleToFile($game['Title']); $comment['game_img'] = "games/img/" . $file . ".png"; if (1 == 1) { $comment['admin_options'] = ' <a href="admin/index.php?action=delete_comment&id=' . $row['id'] . '&link_id=' . $game['GameID'] . '"><img src="admin/images/delete.png" align="absmiddle" /></a>'; } array_push($vars, $comment); } } $this->set('comments', $vars); $this->render("Pages/Profile"); } }
?> <div class="card<?php echo $supp_class; ?> comment"> <a href="<?php echo WEBROOT . 'watch/' . Comment::find($action->target)->video_id; ?> "> <p><b><?php echo Utils::secure($channel_action->name); ?> </b> a aimé votre commentaire</p> <blockquote> <?php echo Utils::secure(substr(Comment::find($action->target)->comment, 0, 80)); ?> </blockquote> </a> <i><?php echo Utils::relative_time($action->timestamp); ?> </i> </div> <?php } else { if ($action->type == 'pm') { $pluriel = $action->infos['nb_msg'] > 1 ? "messages privés" : "message privé"; ?> <div class="card<?php echo $supp_class;
public function create($request) { $req = $request->getParameters(); if (isset($req['submitRegister'])) { if (isset($req['username'])) { if (isset($req['pass'])) { if (isset($req['pass-confirm'])) { if (isset($req['mail'])) { if (isset($req["g-recaptcha-response"])) { if (isset($req['CGU']) && $req['CGU'] == 'CGU') { $data = $_POST; $data['currentPageTitle'] = 'Inscription'; $data["currentPage"] = "register"; $url = "https://www.google.com/recaptcha/api/siteverify?secret="; //Adress a get $url .= Config::getValue_("recaptcha_private"); //Cle prive $url .= "&response=" . $req['g-recaptcha-response']; // Resultat de captcha $check_captcha = true; if (isset($req['cavicon'])) { $key = "key"; $check_captcha = $req['cavicon'] != $key; } $check_captcha = true; //Override if ($check_captcha) { $json_result = json_decode(file_get_contents($url), true); //Parsage de la reponse if (@$json_result["success"] != true) { $response = new ViewResponse('login/register', $data); $response->addMessage(ViewMessage::error('Erreur de captcha')); //Affichage de l'erreur return $response; } } else { //OK } } else { $response = new ViewResponse('login/register', $data); $response->addMessage(ViewMessage::error('Merci d\'accepter nos conditions avant de vous inscrire')); return $response; } } else { //Affichage de l'erreur $response = new ViewResponse('login/register', $data); $response->addMessage(ViewMessage::error('Erreur de captcha')); return $response; } $username = Utils::secure($req['username']); $pass = Utils::secure($req['pass']); $pass2 = Utils::secure($req['pass-confirm']); $mail = Utils::secure($req['mail']); if (Utils::validateUsername($username) && Utils::validateMail($mail) && $pass2 != '' && $pass != '') { if ($pass == $pass2) { if (!User::find_by_username($username)) { if (!User::isMailRegistered($mail)) { User::register($username, $pass, $mail); $created_user = User::find('first', array('username' => $username)); $created_user->sendWelcomeNotification(); $response = new ViewResponse('login/login'); $response->addMessage(ViewMessage::success('Inscription validée. Vous pouvez vous connecter !')); return $response; } else { $response = new ViewResponse('login/register', $data); $response->addMessage(ViewMessage::error('Cette adresse e-mail est déjà enregistrée')); return $response; } } else { $response = new ViewResponse('login/register', $data); $response->addMessage(ViewMessage::error('Ce nom d\'utilisateur est déjà pris')); return $response; } } else { $response = new ViewResponse('login/register', $data); $response->addMessage(ViewMessage::error('Les mots de passe ne correspondent pas')); return $response; } } else { $response = new ViewResponse('login/register', $data); $response->addMessage(ViewMessage::error('Veuillez saisir des informations valides (a-z/A-Z/0-9)')); return $response; } } else { $response = new ViewResponse('login/register', $data); $response->addMessage(ViewMessage::error('L\'adresse e-mail est requise')); return $response; } } else { $response = new ViewResponse('login/register', $data); $response->addMessage(ViewMessage::error('Veuillez confirmer le mot de passe')); return $response; } } else { $response = new ViewResponse('login/register', $data); $response->addMessage(ViewMessage::error('Le mot de passe est requis')); return $response; } } else { $response = new ViewResponse('login/register', $data); $response->addMessage(ViewMessage::error('Le nom d\'utilisateur est requis')); return $response; } } }
<?php if (false) { //if(!empty($predefined_descriptions)) { //TODO AFTER All the bug fix ?> <select onchange="insertDesc(this);"> <option value="" selected>Inserez une description prédéfinie...</option> <option disabled>──────────</option> <?php foreach ($predefined_descriptions as $desc) { ?> <option value="<?php echo stripslashes($desc->description); ?> " ><?php echo Utils::secure($desc->name); ?> </option> <?php } ?> </select> <?php } else { } ?> <label for="video-description"> Description : <textarea name="video-description" required="required" id="video-description" rows="4" placeholder="Description"></textarea> </label>
date_default_timezone_set('America/New_York'); if (isset($_POST['id']) && isset($_POST['comment'])) { include '../../../lib/sqlquery.class.php'; include '../../../lib/newmodel.class.php'; include '../../../app/models/Query.php'; include '../../../app/models/Settings.php'; include '../../../app/models/User.php'; include '../../../app/models/Utils.php'; $query = new SQLQuery(); $query->connect('localhost', 'root', '', 'boxarcade'); Settings::Init(); include '../../../lang/' . Settings::Get('language') . '.php'; User::sec_session_start(); User::Init(); $userid = intval($_SESSION['user_id']); $the_comment = Utils::secure($_POST['comment']); $id = intval($_POST['id']); if (User::login_check(Query::$mysqli) == true) { $date = date("Y-m-d H:i:s"); Query::query("INSERT INTO tbl_comments (user, comment, link_id, date, ip) VALUES ('{$userid}', '{$the_comment}', '{$id}', '{$date}', '{$_SERVER['REMOTE_ADDR']}')"); $user_url = ''; //'uploads/avatars/' . User::Get('id') . User::Get('AvatarType');//ProfileUrl($user2['id'], $user2['seo_url']); $content = stripslashes(nl2br(strip_tags($_POST['comment']))); $username = User::Get('Username'); $report_button = ''; $delete = ''; if (User::Get('AvatarType') == '') { $avatar_url = '/uploads/avatars/default.png'; } else { $avatar_url = 'uploads/avatars/' . User::Get('id') . User::Get('AvatarType'); }