private function takeWidgetFromURI(RequestContext $context)
{
try {
return Widget::getByID($context->takeNextPathComponent());
} catch (\Chipin\Widgets\NoSuchWidget $_) {
return $this->pageNotFound("No such widget");
}
}
/**
* @param string $query SELECT portion of SQL query
* @param array $params parameters to pass with the query
* @return Widget[]
*/
public static function getManyByQuery($query, array $params)
{
return array_map(function ($row) {
$obj = new Widget();
$obj->populateFromArray($row);
return $obj;
}, select($query, $params));
}
public function endWidget(RequestContext $context)
{
$w = Widget::getByOwnerAndID($this->user, $context->takeNextPathComponent());
if ($this->isPostRequest()) {
Widgets\endWidget($w);
return $this->redirect('/dashboard/');
} else {
return $this->render('end-widget.diet-php', array('widget' => $w));
}
}
function getWidget(User $u = null)
{
require_once 'chipin/widgets.php';
if ($u == null) {
$u = getUser();
}
$w = new Widget();
$w->ownerID = $u->id;
$w->title = "Test Widget";
$w->ending = new DateTime('2020-06-30');
$w->setGoal(100, 'USD');
$w->setDimensions(350, 310);
$colors = Widgets\allowedColors();
$w->color = $colors[0];
$w->bitcoinAddress = getBitcoinAddr();
$w->countryCode = 'CA';
$w->about = "This is a test widget!";
$w->save();
return $w;
}
function testEndingWidget()
{
$w = getWidget($this->user);
$this->updateEndingDate($w, new DateTime('+7 days'));
assertFalse($w->hasEnded());
$this->get('/dashboard/');
$this->clickLink("//a[contains(text(), 'End') and contains(@href, '{$w->id}')]");
$this->submitForm($this->getForm('end-widget-' . $w->id));
$wNow = Widget::getByID($w->id);
assertTrue($wNow->hasEnded());
}
function testProgressProperlyCalculated()
{
$w = getWidget();
$addr = getBitcoinAddr($btcBalance = 2);
# Case where widget uses BTC as base currency.
$w->bitcoinAddress = $addr;
$w->setGoal(4, Currencies\BTC());
$w->save();
$reloaded = Widget::getByID($w->id);
assertTrue($reloaded->progressPercent > 49 && $reloaded->progressPercent < 51);
# Case where widget uses fiat as base currency.
setPriceForBTC(Currencies\USD(), 100);
$w->bitcoinAddress = $addr;
$w->setGoal(600, Currencies\USD());
$w->save();
$reloaded = Widget::getByID($w->id);
$expected = 200 / 600 * 100;
assertTrue($reloaded->progressPercent > floor($expected) && $reloaded->progressPercent < ceil($expected));
}
function contentForThisStep()
{
?>
<script type="text/javascript" charset="utf-8">
$(document).ready(function() {
$('#widget-end-date').datepicker({ dateFormat: 'yy-mm-dd', minDate: +1 });
});
</script>
<?php
echo $this->javascriptValidation(1);
?>
<div id="step-1">
<h3>Step 1: Basic Information</h3>
<?php
if ($this->form && $this->form->hasErrors()) {
?>
<?php
foreach ($this->form->getErrors() as $e) {
?>
<div class="alert alert-error"><?php
echo $e;
?>
</div>
<?php
}
?>
<?php
}
?>
<br />
<div class="row-fluid">
<div class="span6" style="width: 100%;">
<div class="control-group">
<label class="control-label" for="widget-title">Title of Widget</label>
<div class="controls">
<input type="text" class="input-large" id="widget-title" name="title" maxlength="30"
value="<?php
echo htmlspecialchars($this->widget->title);
?>
" />
<span class="help-inline error-msg">Please provide a title.</span>
</div>
</div>
<div class="control-group" id="widget-goal">
<label class="control-label" for="widget-want-to-raise">Amount to Raise</label>
<div class="controls">
<?php
$goal = isset($this->widget->goalAmnt) ? Currency\trimZeros($this->widget->goalAmnt->numUnits) : "";
?>
<input type="text" class="input-small" id="widget-want-to-raise"
name="goal" value="<?php
echo $goal;
?>
"/>
<?php
$s = new SelectField('currency', 'Currency', array('USD' => 'USD', 'EUR' => 'EUR', 'GBP' => 'GBP', 'CNY' => 'CNY', 'CAD' => 'CAD', 'JPY' => 'JPY', 'BTC' => 'BTC'));
$s->setID('currency')->setAttribute('style', 'width: 6em;');
$s->setValue(empty($this->widget->currency) ? 'USD' : $this->widget->currency);
?>
<?php
echo $s->renderInputHtml();
?>
<span class="help-inline error-msg">Please enter a valid (numeric) amount.</span>
</div>
</div>
<div class="control-group">
<label class="control-label" for="widget-end-date">End Date</label>
<div class="controls">
<input type="text" class="input-small" id="widget-end-date" name="ending"
value="<?php
echo $this->widget->endingDateAsString();
?>
"/>
<span class="help-inline error-msg">Please correct the error.</span>
</div>
</div>
<div class="control-group" id="bitcoin-addr-control-group">
<label class="control-label" for="widget-bitcoin-address">Bitcoin Address</label>
<div class="controls">
<input type="text" class="input-large bitcoin-address" id="widget-bitcoin-address"
name="bitcoinAddress" value="<?php
echo $this->widget->bitcoinAddress;
?>
" />
<span class="help-inline error-msg">Please provide a valid Bitcoin address.</span>
<span class="help-inline not-error">
Please use a new, dedicated Bitcoin address for each
widget. In this way, we are able to measure the amount that has been donated
to your cause.</span>
</div>
</div>
</div> <!-- /span6 -->
<div class="span5 offset1">
<!--
<div class="well">
</div>
-->
</div> <!-- /span5 -->
</div> <!-- /row-fluid -->
</div> <!-- /step-1 -->
<?php
}
private function getWidget()
{
if (isset($_GET['w'])) {
# Looks like we're editing a widget...
$user = $this->getActiveUser();
if (empty($user)) {
$_SESSION['authenticationRequired'] = true;
return $this->redirect("/account/signin");
} else {
$w = Widget::getByOwnerAndID($user, $_GET['w']);
$this->storeWidgetInSession($w);
return $w;
}
} else {
$w = at($_SESSION, 'unsaved-widget', null);
if (isset($w) && isset($w->ownerID) && empty($this->user)) {
$this->clearWidgetInSession();
$w = null;
}
if (empty($w)) {
$w = new Widget();
}
$w->color = Widgets\defaultColor();
$w->width = Widgets\defaultSize()->width;
$w->height = Widgets\defaultSize()->height;
return $w;
}
}
/**
* Here we aim to assert we're not vulnerable to "CSRF" attacks. We do this simply by
* asserting a "raw" POST request will not be accepted for widget editing, as this should
* indicate the server is requiring some sort of "nonce" or "token" for accepting any
* form submission. More on CSRF here:
* https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
*/
function testResilienceToCrossSiteRequestForgeryAttack()
{
$w = getWidget($this->user);
$this->get("/widget-wiz/step-one?w={$w->id}");
try {
$this->post("/widget-wiz/step-one", array('title' => 'Hijacked', 'goal' => '1000', 'currency' => 'USD', 'ending' => "12/15/2020", 'bitcoinAddress' => '1E3FqrQTZSvTUdw7qZ4NnZppqiqnqqNcUN'));
} catch (UnexpectedHttpResponseCode $_) {
/* That will do... */
}
try {
$this->post("/widget-wiz/step-two", array('about' => 'Show me the money!', 'color' => Widgets\defaultColor(), 'size' => (string) Widgets\defaultSize()));
} catch (UnexpectedHttpResponseCode $_) {
/* That's good... */
}
$widgetNow = Widget::getByID($w->id);
assertNotEqual('Hijacked', $widgetNow->title);
assertNotEqual('1E3FqrQTZSvTUdw7qZ4NnZppqiqnqqNcUN', $widgetNow->bitcoinAddress);
assertNotEqual('Show me the money!', $widgetNow->about);
}
