require_once 'config.php';
require_once 'auth.php';
require_once 'verify_lib.php';
header("Content-Type: application/json");
if ($https && !isset($_SERVER['HTTPS'])) {
// We're using mod_rewrite .htaccess for HTTPS redirect; this shouldn't happen
header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
exit;
}
if (!user_logged_in()) {
exit(json_encode(array('error' => 'not_logged_in')));
}
if (!isset($_POST['email']) || !isset($_POST['new_password']) || !isset($_POST['old_password'])) {
exit(json_encode(array('error' => 'invalid_parameters')));
}
$user = get_viewer_id();
$old_password = $_POST['old_password'];
$new_password = $_POST['new_password'];
$email = $_POST['email'];
$result = $conn->query("SELECT username, email, hash FROM users WHERE id=\"{$user}\"");
$user_row = $result->fetch_assoc();
if (!$user_row) {
exit(json_encode(array('error' => 'internal_error')));
}
if (!password_verify($old_password, $user_row['hash'])) {
exit(json_encode(array('error' => 'invalid_credentials')));
}
$change_email = "";
if ($user_row['email'] !== $email) {
$valid_email_regex = "/^[a-zA-Z0-9.!#\$%&'*+\\/=?^_`{|}~-]+" . "@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?" . "(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\$/";
if (!preg_match($valid_email_regex, $email)) {
header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
exit;
}
if (!isset($_POST['id']) || !isset($_POST['timestamp']) || !isset($_POST['session_id'])) {
exit(json_encode(array('error' => 'invalid_parameters')));
}
$id = intval($_POST['id']);
$timestamp = intval($_POST['timestamp']);
$session_id = $conn->real_escape_string($_POST['session_id']);
$can_see = viewer_can_see_entry($id);
if ($can_see === null) {
exit(json_encode(array('error' => 'invalid_parameters')));
}
if (!$can_see) {
exit(json_encode(array('error' => 'invalid_credentials')));
}
$result = $conn->query("SELECT r.id, r.author, r.text, r.session_id, r.last_update, r.deleted, " . "e.creation_time " . "FROM revisions r LEFT JOIN entries e ON r.entry = e.id " . "LEFT JOIN days d ON d.id = e.day " . "WHERE r.entry = {$id} ORDER BY r.last_update DESC LIMIT 1");
$last_revision_row = $result->fetch_assoc();
if (!$last_revision_row) {
exit(json_encode(array('error' => 'unknown_error')));
}
if (!$last_revision_row['deleted']) {
exit(json_encode(array('error' => 'entry_not_deleted')));
}
$text = $last_revision_row['text'];
$viewer_id = get_viewer_id();
$conn->query("INSERT INTO ids(table_name) VALUES('revisions')");
$revision_id = $conn->insert_id;
$conn->query("INSERT INTO revisions(id, entry, author, text, creation_time, " . "session_id, last_update, deleted) VALUES ({$revision_id}, {$id}, " . "{$viewer_id}, '{$text}', {$timestamp}, '{$session_id}', {$timestamp}, 0)");
$conn->query("UPDATE entries SET deleted = 0 WHERE id = {$id}");
exit(json_encode(array('success' => true, 'creation_time' => intval($last_revision_row['creation_time']), 'text' => $text)));
function viewer_can_see_entry($entry)
{
global $conn;
$viewer_id = get_viewer_id();
$result = $conn->query("SELECT c.hash IS NOT NULL AND (r.calendar IS NULL OR r.role < " . ROLE_SUCCESSFUL_AUTH . ") AS requires_auth FROM entries e " . "LEFT JOIN days d ON d.id = e.day " . "LEFT JOIN calendars c ON c.id = d.calendar " . "LEFT JOIN roles r ON r.calendar = d.calendar AND r.user = {$viewer_id} " . "WHERE e.id = {$entry}");
$entry_row = $result->fetch_assoc();
if (!$entry_row) {
return null;
}
return !$entry_row['requires_auth'];
}
break;
default:
}
}
User::leaveStatusMode();
include "views/show.view.php";
}
}
} else {
if ($action == 'login') {
$vid = get_viewer_id();
session_regenerate_id();
$res = User::Authenticate($params['name'], $params['password'], $error);
if ($res) {
Error::generate('notice', 'Authentication successful');
Pageview::RenameUser($vid, get_viewer_id());
if (isset($_SESSION) && $_SESSION['last_rendered_page']) {
redirect_raw($_SESSION['last_rendered_page']);
} else {
redirect();
}
} else {
Error::generate('notice', $error, Error::$FLAGS['single']);
include "views/login.view.php";
}
} else {
if ($action == 'forgot_password') {
$name = $params['name'];
$email = User::GetAttrib(User::GetUserID($name), 'email');
if ($email != $params['email']) {
Error::generate('notice', 'Invalid email address and/or username');
<?php
/***** RECENTLY VIEWED COURSES *****/
$recents = Pageview::ListAllForUser(get_viewer_id());
Error::generate('debug', $recents);
if ($recents && count($recents) > 0) {
?>
<div id="recent_courses">
<?php
} else {
?>
<div id="recent_courses" class="hidden">
<?php
}
?>
<div id="sidebar_recent_courses">Recent courses:</div>
<?php
$ctr = 0;
$unique_recents = array();
foreach ($recents as $r) {
$found = false;
foreach ($unique_recents as $u) {
if ($u['comment_id'] == $r['comment_id']) {
$found = true;
break;
}
}
if (!$found) {
$unique_recents[] = $r;
if (++$ctr == 5) {
break;
if (strtolower($name) === "home") {
exit(json_encode(array('error' => 'name_taken')));
}
$result = $conn->query("SELECT id FROM calendars WHERE LCASE(name) = LCASE('{$name}')");
$calendar_row = $result->fetch_assoc();
if ($calendar_row) {
exit(json_encode(array('error' => 'name_taken')));
}
$is_closed = $_POST['type'] === 'closed';
$password = null;
if ($is_closed) {
if (!isset($_POST['password'])) {
exit(json_encode(array('error' => 'invalid_parameters')));
}
$password = $_POST['password'];
}
$time = round(microtime(true) * 1000);
// in milliseconds
$conn->query("INSERT INTO ids(table_name) VALUES('calendars')");
$id = $conn->insert_id;
$creator = get_viewer_id();
$edit_rules = $is_closed ? 1 : 0;
// temporary hack
if ($is_closed) {
$hash = password_hash($password, PASSWORD_BCRYPT);
$conn->query("INSERT INTO calendars" . "(id, name, description, hash, edit_rules, " . "creator, creation_time, color) " . "VALUES ({$id}, '{$name}', '{$description}', '{$hash}', " . "{$edit_rules}, {$creator}, {$time}, '{$color}')");
} else {
$conn->query("INSERT INTO calendars" . "(id, name, description, hash, edit_rules, " . "creator, creation_time, color) " . "VALUES ({$id}, '{$name}', '{$description}', NULL, {$edit_rules}, " . "{$creator}, {$time}, '{$color}')");
}
$conn->query("INSERT INTO roles(calendar, user, creation_time, last_view, role, " . "subscribed) " . "VALUES ({$id}, {$creator}, {$time}, {$time}, " . ROLE_CREATOR . ", 1)");
exit(json_encode(array('success' => true, 'new_calendar_id' => $id)));
public static function format_error($error)
{
global $CONFIG;
if ($CONFIG['debug']) {
return sprintf("%s | %s > %s [%d] %s\r\n", $GLOBALS['client'], substr((string) get_viewer_id(), 0, 5), number_format(profiling_get_elapsed('all')), $error['priority'], $error['msg']);
} else {
return sprintf("%s\r\n", $error['msg']);
}
}
