<?php
require '../../utility/common.php';
list($user_id, $tree, $name) = logged_in();
$select_db = connect('select');
$query = 'SELECT p.message, ' . '(SELECT u.username FROM users u JOIN posts p2 ON p2.author_id = u.id WHERE p2.author_id = p.author_id LIMIT 1) as author_name, ' . 'p.image, g.name, p.created, p.id, gp.andor FROM posts p ' . 'JOIN group_posts gp ON p.id = gp.post_id ' . 'JOIN group_users gu ON gu.group_id = gp.group_id ' . 'JOIN groups g ON g.id = gu.group_id ';
if (isset($_GET['groupid']) && $_GET['groupid']) {
$params = validate_params('GET', array('groupid'), array(FILTER_VALIDATE_INT), array(FILTER_SANITIZE_NUMBER_INT));
$group_ids = get_path_to($select_db, $params['groupid']);
$stmt = $select_db->prepare($query . 'WHERE gu.user_id = ? AND gp.group_id IN (' . implode(',', array_fill(0, count($group_ids), '?')) . ') ' . 'ORDER BY p.created DESC ');
$stmt->bindParam(1, $user_id, PDO::PARAM_INT);
for ($i = 0; $i < count($group_ids); $i++) {
$stmt->bindParam($i + 2, $group_ids[$i]['id'], PDO::PARAM_INT);
}
$stmt->execute();
} else {
$stmt = dbexec($select_db, $query . 'WHERE gu.user_id = ? ' . 'ORDER BY p.created DESC ', array($user_id), array(PDO::PARAM_INT));
}
if ($stmt->rowCount() == 0) {
echo '<p>There are no posts in that group</p>';
die;
}
$doc = new DOMDocument('1.0', 'utf-8');
$root = $doc->createElement('posts');
$doc->appendChild($root);
$usergroups = $tree->vars('id');
//all groups the user is in
//can't use dbexec, need to loop
$groups_stmt = $select_db->prepare('SELECT group_id, andor FROM group_posts WHERE post_id = :postid');
$groups_stmt->bindParam(':postid', $post_id);
while ($post_row = $stmt->fetch(PDO::FETCH_ASSOC)) {
<?php
require '../../utility/common.php';
logged_out();
validate_key();
$params = validate_params('POST', array('username', 'password'), array(0, 0), array(0, 0));
if (!$params) {
error('invalid form data', '/account/login.php');
}
$select_db = connect('select');
$stmt = dbexec($select_db, 'SELECT * FROM users WHERE username = ?', array($params['username']), array(PDO::PARAM_STR));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (count($row) == 0) {
//user is not in database, they need to sign up, or they have not activated their account yet
error('You need to sign up first', '../login.php');
} elseif (!is_null($row['activation_key'])) {
error('You have not activated your account yet', '../login.php');
}
if (password_verify($params['password'], $row['password'])) {
session_start();
session_regenerate_id(true);
//stop session fixation
$_SESSION['name'] = $row['username'];
$_SESSION['user_id'] = $row['id'];
$_SESSION['tree'] = get_tree($select_db, $row['id']);
session_commit();
header('Location: /home/home.php');
} else {
//users password was entered incorrectly
error('Wrong password', '/account/login.php');
}
<?php
require '../utility/common.php';
require '../utility/htmlcommon.php';
logged_out();
validate_key();
$params = validate_params('POST', array('email'), array(FILTER_VALIDATE_EMAIL), array(FILTER_SANITIZE_EMAIL));
if (!$params) {
error('Invalid params', 'login.php');
}
$select_db = connect('select');
$stmt = dbexec($select_db, 'SELECT username FROM users WHERE email = ?', array($params['email']), array(PDO::PARAM_STR));
$res = $stmt->fetch(PDO::FETCH_ASSOC);
if ($stmt->rowCount() === 0) {
echo 'That email does not exist in our database';
die;
}
$message = 'Hello, you recently requested to recover your username for the account associated
with this email at Classmatches. If you did not request this information, we suggest
you change your password at Classmatches as soon as possible. Your username is: ' . $res['username'] . '. Thank you for using Classmatches.';
$message = wordwrap($message, 100);
mail($params['email'], 'Username account recovery', $message, 'From: accountrecovery@classmatches.com');
top(false, 'Account recovery submit');
?>
<div>
<p>An email has been sent to <?php
echo htmlspecialchars($params['email']);
?>
with your username</p>
<p><a href="login.php">Log In</a></p>
</div>
<?php
require '../../utility/common.php';
logged_in();
if (isset($_GET['groupsearch'])) {
$params = validate_params('GET', array('groupsearch'), array(0), array(0));
if (!$params) {
echo 'Wrong';
die;
}
} else {
$params = array('groupsearch' => '');
}
$tree = $_SESSION['tree'];
$search = '%' . $params['groupsearch'] . '%';
$select_db = connect('select');
$stmt = dbexec($select_db, 'SELECT id, name, type, description FROM groups WHERE LOWER(name) LIKE LOWER(?) ORDER BY name', array($search), array(PDO::PARAM_STR));
$doc = new DOMDocument('1.0', 'utf-8');
$root = $doc->createElement('groups');
$doc->appendChild($root);
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$node = $doc->createElement('group');
$node->setAttribute('group-id', htmlspecialchars($row['id']));
$node->setAttribute('name', htmlspecialchars($row['name']));
$node->setAttribute('type', htmlspecialchars($row['type']));
$node->appendChild($doc->createTextNode(htmlspecialchars($row['description'])));
$parents = $doc->createElement('parents');
$path = get_path_to($select_db, $row['id']);
for ($i = count($path) - 1; $i >= 0; $i--) {
$parent = $doc->createElement('parent');
$parent->setAttribute('group-id', htmlspecialchars($path[$i]['id']));
echo "\t" . '-s --host' . "\t" . $lang_convert['Database server hostname'] . ' ' . sprintf($lang_convert['Default value'], $db_config_default['host']) . "\n";
echo "\t" . '-n --name' . "\t" . $lang_convert['Database name'] . "\n";
echo "\t" . '-u --user' . "\t" . $lang_convert['Database username'] . ' ' . sprintf($lang_convert['Default value'], $db_config_default['username']) . "\n";
echo "\t" . '-p --pass' . "\t" . $lang_convert['Database password'] . "\n";
echo "\t" . '-r --prefix' . "\t" . $lang_convert['Table prefix'] . "\n";
echo "\t" . '-c --charset' . "\t" . $lang_convert['Database charset'] . ' ' . sprintf($lang_convert['Default value'], $db_config_default['charset']) . "\n";
echo "\n" . $lang_convert['Note'] . "\n";
echo $lang_convert['Note info'] . "\n";
exit(1);
}
$forum_config = array('type' => isset($options['f']) ? $options['f'] : (isset($options['forum']) ? $options['forum'] : null), 'path' => isset($options['d']) ? $options['d'] : (isset($options['path']) ? $options['path'] : null));
$old_db_config = array('type' => isset($options['t']) ? $options['t'] : (isset($options['type']) ? $options['type'] : $db_config_default['type']), 'host' => isset($options['s']) ? $options['s'] : (isset($options['host']) ? $options['host'] : $db_config_default['host']), 'name' => isset($options['n']) ? $options['n'] : (isset($options['name']) ? $options['name'] : $db_config_default['name']), 'username' => isset($options['u']) ? $options['u'] : (isset($options['user']) ? $options['user'] : $db_config_default['username']), 'password' => isset($options['p']) ? $options['p'] : (isset($options['pass']) ? $options['pass'] : $db_config_default['password']), 'prefix' => isset($options['r']) ? $options['r'] : (isset($options['prefix']) ? $options['prefix'] : $db_config_default['prefix']), 'charset' => isset($options['c']) ? $options['c'] : (isset($options['charset']) ? $options['charset'] : $db_config_default['charset']));
$forum_config = array_map('trim', $forum_config);
$old_db_config = array_map('trim', $old_db_config);
// Check whether we have all needed data valid
validate_params($forum_config, $old_db_config);
if (!array_key_exists($forum_config['type'], $forums)) {
// Try to correct forum name (ignore case)
$keys = array_keys($forums);
$values = array();
foreach ($keys as $cur_key) {
if (strpos(strtolower($cur_key), strtolower($forum_config['type'])) === 0) {
$values[] = $cur_key;
}
}
if (count($values) == 1) {
$forum_config['type'] = $values[0];
} else {
if (($key = array_search(strtolower($forum_config['type']), array_map('strtolower', $keys))) !== false) {
$forum_config['type'] = $keys[$key];
} else {
<?php
require '../../utility/common.php';
list($user_id, $tree, $name) = logged_in();
validate_key();
$params = validate_params('POST', array('message', 'subject'), array(0, 0), array(0, 0));
if (!$params) {
error('Illegal params', '../contactus.php');
}
$select_db = connect('select');
$stmt = dbexec($select_db, 'SELECT email FROM users WHERE id = ?', array($user_id), array(PDO::PARAM_INT));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
mail('*****@*****.**', htmlspecialchars($params['subject']), htmlspecialchars($params['message']), 'From: ' . $row['email']);
header('Location: ../contactus.php');
<?php
require '../utility/common.php';
require '../utility/htmlcommon.php';
logged_out();
validate_key();
$params = validate_params('POST', array('email', 'first_name', 'last_name', 'username', 'password', 'password_conf'), array(FILTER_VALIDATE_EMAIL, 0, 0, 0, 0, 0), array(FILTER_SANITIZE_EMAIL, 0, 0, 0, 0, 0));
if (!$params || $params['password'] !== $params['password_conf']) {
error('Two passwords didn\'t match', 'newaccount.php');
}
/*$regex = '/^.+@(uw\\.edu|u\\.washington\\.edu)\$/';
if(!preg_match($regex, $params['email'])) {
header('Location: login.php?error=regexnomatch');
die();
}*/
$params['password'] = password_hash($params['password'], PASSWORD_BCRYPT);
$key = new SecureKey($params['username']);
$insert_db = connect('insert');
$stmt = dbexec($insert_db, 'INSERT IGNORE INTO users (email, first_name, last_name, username, password, last_update, activation_key)
VALUES (?, ?, ?, ?, ?, ?, ?)', array($params['email'], $params['first_name'], $params['last_name'], $params['username'], $params['password'], 0, $key->get_key()), array(PDO::PARAM_STR, PDO::PARAM_STR, PDO::PARAM_STR, PDO::PARAM_STR, PDO::PARAM_STR, PDO::PARAM_INT, PDO::PARAM_STR));
$last_id = $insert_db->lastInsertId();
$stmt = $insert_db->prepare('INSERT INTO group_users (user_id, group_id) VALUES (?, ?)');
$stmt->bindParam(1, $last_id, PDO::PARAM_INT);
$stmt->bindParam(2, $group_id);
$group_id = GROUP_ROOT;
$stmt->execute();
//for the alpha
//$group_id = CLASSMATCHES_ROOT;
//$stmt->execute();
$message = 'Thank you for registering for an account with us here at Classmatches. To help
ensure security for our website, we have sent you this email with a confirmation key. Follow
<?php
require '../utility/common.php';
logged_out();
validate_key();
$params = validate_params('POST', array('username', 'temp_passwd', 'password', 'password_conf'), array(0, 0, 0, 0), array(0, 0, 0, 0));
if (!$params || $params['password'] !== $params['password_conf']) {
error('The two passwords don\'t match', 'login.php');
}
session_start();
$temp_id = $_SESSION['temp_id'];
session_commit();
$select_db = connect('select');
$stmt = dbexec($select_db, 'SELECT u.id, pc.password_id FROM users u JOIN password_change pc ON pc.user_id = u.id
WHERE u.username = ? AND u.id = ? LIMIT 1', array($params['username'], $temp_id), array(PDO::PARAM_STR, PDO::PARAM_INT));
if (!$stmt->rowCount()) {
error('No username matches that', 'login.php');
}
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (!password_verify($params['temp_passwd'], $row['password_id'])) {
error('Passwords didn\'t match', 'login.php');
}
$params['password'] = password_hash($params['password'], PASSWORD_BCRYPT);
$update_db = connect('update');
$stmt = dbexec($update_db, 'UPDATE users SET password = ? WHERE id = ?', array($params['password'], $row['id']), array(PDO::PARAM_STR, PDO::PARAM_INT));
header('Location: login.php');
<?php
require '../../utility/common.php';
list($user_id, $tree, $name) = logged_in();
$_POST['message'] = stripslashes(substr($_POST['message'], 1, -1));
$_POST['post'] = (int) substr($_POST['post'], 1, -1);
$params = validate_params('POST', array('message', 'post'), array(0, FILTER_VALIDATE_INT), array(0, FILTER_SANITIZE_NUMBER_INT));
if (!$params) {
echo 'Wrong';
die;
}
$insert_db = connect('insert');
$stmt = dbexec($insert_db, 'INSERT INTO comments (message, post_id, author_id) VALUES (?, ?, ?)', array($params['message'], $params['post'], $_SESSION['user_id']), array(PDO::PARAM_STR, PDO::PARAM_INT, PDO::PARAM_INT));
if ($stmt->rowCount() == 1) {
echo 'Worked';
} else {
echo 'Didn\'t work';
}
$last_id = $insert_db->lastInsertId();
$select_db = connect('select');
$stmt = dbexec($select_db, 'SELECT gp.group_id, gp.andor FROM comments c JOIN posts p ON p.id = c.post_id
JOIN group_posts gp ON gp.post_id = p.id WHERE c.id = ? AND c.post_id = ?', array($last_id, $params['post']), array(PDO::PARAM_INT, PDO::PARAM_INT));
$notify_info = array('groups' => array(), 'andors' => array());
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
array_push($notify_info['groups'], $row['group_id']);
array_push($notify_info['andors'], $row['andor']);
}
notify($select_db, $insert_db, $user_id, 'created', $last_id, 'comments', $notify_info['groups'], $notify_info['andors']);
<?php
require '../../utility/common.php';
list($user_id, $tree, $name) = logged_in();
$_POST['post'] = stripslashes(substr($_POST['post'], 1, -1));
$_POST['group_ids'] = json_decode($_POST['group_ids']);
$_POST['andors'] = json_decode($_POST['andors']);
$params = validate_params('POST', array('post', 'group_ids', 'andors'), array(0, array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY), array('filter' => FILTER_VALIDATE_BOOLEAN, 'flags' => FILTER_REQUIRE_ARRAY)), array(0, array('filter' => FILTER_SANITIZE_NUMBER_INT, 'flags' => FILTER_FORCE_ARRAY), array('flags' => FILTER_FORCE_ARRAY)));
if (!$params) {
echo 'Wrong';
die;
}
if ($params['post'] == '' || count($params['group_ids']) !== count($params['andors'])) {
echo 'Semantically Wrong';
die;
}
if (isset($_POST['image'])) {
$image = $_POST['image'];
} else {
$image = false;
}
$insert_db = connect('insert');
if ($image) {
$stmt = dbexec($insert_db, 'INSERT INTO posts (author_id, message, image) VALUES (?, ?, ?)', array($user_id['user_id'], $params['post'], $image), array(PDO::PARAM_INT, PDO::PARAM_STR, PDO::PARAM_STR));
} else {
$stmt = dbexec($insert_db, 'INSERT INTO posts (author_id, message) VALUES (?, ?)', array($user_id, $params['post']), array(PDO::PARAM_INT, PDO::PARAM_STR));
}
if ($stmt->rowCount() > 1) {
echo 'Inserted more than one?';
die;
} elseif ($stmt->rowCount() < 1) {
<?php
require '../../utility/common.php';
list($user_id, $tree, $name) = logged_in();
validate_key();
$params = validate_params('POST', array('event_name', 'date', 'start_time', 'end_time', 'location', 'description', 'group'), array(0, 0, 0, 0, 0, 0, FILTER_VALIDATE_INT), array(0, 0, 0, 0, 0, 0, FILTER_SANITIZE_NUMBER_INT));
if (!$params) {
error('Illegal params', '../create.php');
}
$andors = array(true);
$params['date'] = date('Y-m-d', strtotime($params['date']));
$params['start_time'] = date('H:i:s', strtotime($params['start_time']));
$params['end_time'] = date('H:i:s', strtotime($params['end_time']));
$insert_db = connect('insert');
$stmt = dbexec($insert_db, 'INSERT IGNORE INTO events
(name, creator_id, date, start_time, end_time, location, description)
VALUES (?, ?, ?, ?, ?, ?, ?)', array($params['event_name'], $user_id, $params['date'], $params['start_time'], $params['end_time'], $params['location'], $params['description']), array(PDO::PARAM_STR, PDO::PARAM_INT, PDO::PARAM_STR, PDO::PARAM_STR, PDO::PARAM_STR, PDO::PARAM_STR, PDO::PARAM_STR));
if ($stmt->rowCount() === 1) {
echo 'Worked';
} else {
echo 'Didn\'t work';
}
$event_id = $insert_db->lastInsertId();
//come back and fix the andors
$stmt = dbexec($insert_db, 'INSERT INTO group_events VALUES (?, ?, ?)', array($event_id, $params['group'], $andors[0]), array(PDO::PARAM_INT, PDO::PARAM_INT, PDO::PARAM_BOOL));
if ($stmt->rowCount() === 1) {
echo 'Worked';
} else {
echo 'Didn\'t work';
die;
}
<?php
require '../utility/common.php';
require '../utility/htmlcommon.php';
logged_out();
$params = validate_params('GET', array('username', 'passwd'), array(0, 0), array(0, 0));
if (!$params) {
error('Invalid params', 'login.php');
}
$select_db = connect('select');
$stmt = dbexec($select_db, 'SELECT user_id, time, password_id FROM password_change pc JOIN users u ON u.id = pc.user_id
WHERE u.username = ? LIMIT 1', array($params['username']), array(PDO::PARAM_STR));
if (!$stmt->rowCount()) {
error('No match for that username', 'login.php');
}
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (!password_verify($params['passwd'], $row['password_id'])) {
error('Passwords don\'t match', 'login.php');
}
session_start();
$_SESSION['temp_id'] = $row['user_id'];
session_commit();
top(false, 'Forgot password');
?>
<form action="forgotreturn.php" method="post">
<input type="hidden" value="<?php
echo htmlspecialchars($params['username']);
?>
" name="username" />
<input type="hidden" value="<?php
<?php
require '../utility/common.php';
require '../utility/htmlcommon.php';
logged_out();
$params = validate_params('GET', array('key', 'username'), array(0, 0), array(0, 0));
if (!$params) {
error('Invalid params', 'login.php');
}
$update_db = connect('update');
$stmt = dbexec($update_db, 'UPDATE users SET activation_key = NULL WHERE username = ? AND activation_key = ?', array($params['username'], $params['key']), array(PDO::PARAM_STR, PDO::PARAM_STR));
if ($stmt->rowCount() !== 1) {
error('Wrong username or activation key', 'login.php');
}
top(false, 'Account Activation');
?>
<p>You've successfully activated your account!</p>
<p><a href="/account/login.php">Log in</a> to go to your new home page!</p>
<?php
bottom();
<?php
require '../../utility/common.php';
list($user_id, $tree, $name) = logged_in();
validate_key();
$params = validate_params('POST', array('groupname', 'description', 'parent'), array(0, 0, FILTER_VALIDATE_INT), array(0, 0, FILTER_SANITIZE_NUMBER_INT));
$select_db = connect('select');
$stmt = dbexec($select_db, 'SELECT depth FROM groups g2 WHERE g2.id = ? LIMIT 1', array($params['parent']), array(PDO::PARAM_INT));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//come back and check if that name and child_of already exists
$insert_db = connect('insert');
$stmt = dbexec($insert_db, 'INSERT IGNORE INTO groups (child_of, depth, name, type, description)
VALUES (?, ?, ?, (SELECT type FROM groups g2 WHERE g2.id = ? LIMIT 1), ?)', array($params['parent'], $row['depth'] + 1, $params['groupname'], $params['parent'], $params['description']), array(PDO::PARAM_INT, PDO::PARAM_INT, PDO::PARAM_STR, PDO::PARAM_INT, PDO::PARAM_STR));
if ($stmt->rowCount() === 0) {
echo 'Inserted none';
die;
} else {
$lastid = $insert_db->lastInsertId();
$stmt = dbexec($insert_db, 'INSERT IGNORE INTO group_users VALUES (?, ?)', array($user_id, $lastid), array(PDO::PARAM_INT, PDO::PARAM_INT));
session_start();
$_SESSION['tree'] = get_tree($select_db, $user_id);
session_commit();
header('Location: ../groups.php');
}
