public static function add($username, $password, $realname)
{
// escape input
$username = Fari_Escape::html($username);
$password = Fari_Escape::html($password);
$realname = Fari_Escape::html(Fari_Decode::javascript($realname));
// verify that credentials are provided in a valid form
if (!empty($username) && ctype_alnum($username) && strlen($username) <= 10) {
if (!empty($password) && ctype_alnum($password) && strlen($password) <= 10) {
if (!empty($realname) && strlen($realname) <= 100) {
// all OK, db insert
Fari_Db::insert('users', array('username' => $username, 'password' => sha1($password), 'realname' => $realname));
Fari_Message::success("Welcome {$realname}!");
return TRUE;
} else {
Fari_Message::fail("Please provide a valid real name.");
}
} else {
Fari_Message::fail("Please provide a valid password.");
}
} else {
Fari_Message::fail("Please provide a valid username.");
}
return FALSE;
}
/**
* Invitation form and processing of invited user details
*/
public function actionIndex($p)
{
if ($this->request->isPost()) {
$firstName = Fari_Decode::accents($this->request->getPost('first'));
$lastName = Fari_Decode::accents($this->request->getPost('last'));
$email = $this->request->getPost('email');
if (!Fari_Filter::isEmail($email) or empty($firstName)) {
$this->bag->message = array('status' => 'fail', 'message' => 'Whoops, make sure you enter a full name and proper email address.');
$this->bag->first = $this->request->getRawPost('first');
$this->bag->last = $this->request->getRawPost('last');
$this->bag->email = $this->request->getRawPost('email');
} else {
$name = $this->accounts->newInvitation($firstName, $lastName, $email);
// mail the instructions
$mail = new Mailer();
try {
$mail->sendInvitation();
} catch (UserNotFoundException $e) {
$this->redirectTo('/error404/');
}
$this->flashSuccess = "{$name} is now added to your account. An email with instructions was sent to {$email}";
$this->redirectTo('/users/');
}
}
$this->bag->tabs = $this->user->inRooms();
$this->renderAction('new');
}
/**
* Check for uniqueness of the username
*
* @param string $username URL encoded username
*/
public function actionCheckUsername($username)
{
// is this Ajax?
if ($this->request->isAjax()) {
// URL decode & filter out username
$username = Fari_Escape::text(Fari_Decode::url($username));
if (empty($username)) {
$this->renderJson("The username can't be empty.");
} else {
// alphanumeric only?
if (!Fari_Filter::isAlpha($username)) {
$this->renderJson("Only alphanumeric characters are allowed.");
} else {
// do we have a match?
if (!$this->accounts->isUsernameUnique($username)) {
$this->renderJson("The username \"{$username}\" is unavailable, sorry.");
} else {
$this->renderJson('');
}
}
}
} else {
$this->renderTemplate('error404/javascript');
}
}
/**
* Send a message from a room
*
* @uses Ajax
*/
public function actionSpeak($roomId)
{
$text = Fari_Escape::text(Fari_Decode::javascript($this->request->getRawPost('text')));
if (!empty($text)) {
$time = mktime();
// a text message
$message = new MessageSpeak($roomId, $time);
$message->text($roomId, $time, $this->user->getShortName(), $this->user->getId(), $text);
// the message might be saved under wrong room id, but activity updater will kick us...
try {
$this->room->updateUserActivity($roomId, $time, $this->user->getId());
} catch (UserNotFoundException $e) {
$this->renderJson('bye');
}
}
}
/**
* User sign-in/login
*/
public function actionLogin()
{
// authenticate user if form data POSTed
if ($this->request->getPost('username')) {
$username = Fari_Decode::accents($this->request->getPost('username'));
$password = Fari_Decode::accents($this->request->getPost('password'));
try {
$this->user = new UserLogin($username, $password, $this->request->getPost('token'));
} catch (UserNotAuthenticatedException $e) {
$this->flashFail = 'Sorry, your username or password wasn\'t recognized';
}
$this->redirectTo('/');
}
// create token & display login form
$this->bag->token = Fari_FormToken::create();
$this->renderAction();
}
public function actionLogin()
{
// authenticate user if form data POSTed
if ($this->request->getPost('username')) {
$username = Fari_Decode::accents($this->request->getPost('username'));
$password = Fari_Decode::accents($this->request->getPost('password'));
$this->user = new Fari_AuthenticatorSimple();
if ($this->user->authenticate($username, $password, $this->request->getPost('token'))) {
$this->redirectTo('/');
} else {
$this->flashFail = 'Sorry, your username or password wasn\'t recognized';
}
}
$this->flashNotify = 'Use \'admin\' for username and password.';
// create token & display login form
$this->bag->token = Fari_FormToken::create();
$this->renderAction();
}
public function results($query)
{
if (!empty($query)) {
// cleanup, convert, replace, strip...
$query = Fari_Decode::url($query);
$query = preg_replace('~\\s{2,}~', ' ', implode(' ', explode('-', strtolower($query))));
$query = substr($query, -1) == ' ' ? substr($query, 0, -1) : $query;
// trailing space
$query = substr($query, 0, 1) == ' ' ? substr($query, 1) : $query;
// leading space
$this->view->query = $query = Fari_Escape::alpha($query);
$this->view->keywords = implode('-', explode(' ', $query));
// implode back to have clean keywords
} else {
$this->redirect('/');
die;
}
// fetch the result and add relevance to it
$this->view->result = Search::query($query);
$this->view->display('results');
}
/**
* User sign-in/login
*/
public function actionLogin()
{
// authenticate user if form data POSTed
if ($this->request->getPost('username')) {
$username = Fari_Decode::accents($this->request->getPost('username'));
$password = Fari_Decode::accents($this->request->getPost('password'));
try {
$user = new AuthAuth($username, $password, $this->request->getPost('token'));
// redirect us to the route originally requested
if (isset($_SESSION['Route'])) {
$route = $_SESSION['Route'];
unset($_SESSION['Route']);
$this->redirectTo($route);
} else {
$this->redirectTo('/' . self::ADMIN);
}
} catch (AuthUserNotAuthenticatedException $e) {
$this->flashFail = "Sorry, your username or password wasn't recognized";
}
}
// create token & display login form
$this->bag->token = Fari_FormToken::create();
$this->renderAction('login');
}
/**
* Generate a slug from a text (e.g., "Červený 'nejede'!" will turn into "cerveny-nejede").
*
* @param string $input
* @return string
*/
public static function slug($input)
{
return preg_replace("/\\s+/", "-", preg_replace("/[^a-zA-Z0-9 ]/", "", strtolower(Fari_Decode::accents($input))));
}
/**
* Get POSTed value(s), filtered.
* @param string $key Key under which values are saved under, otherwise get all (optional)
* @param string $filter Fari_Escape applied on getting the value (optional)
* @return mixed Values in $_POST variable
*/
function getPost($key = NULL, $filter = 'text')
{
// can we apply the filter passed?
try {
if (!method_exists('Fari_Escape', $filter)) {
// ... throw exception if filter function is invalid
throw new Fari_Exception('Fari_Escape::' . $filter . ' is not a valid escaping function.');
}
} catch (Fari_Exception $exception) {
$exception->fire();
}
// return the value(s), filtered
if (isset($key)) {
return $this->isAjax() ? Fari_Escape::$filter(Fari_Decode::javascript($this->post->{$key})) : Fari_Escape::$filter($this->post->{$key});
} else {
// get the values
$post = $this->post->values;
// decode from AJAX?
if ($this->isAjax()) {
$post = Fari_Decode::javascript($post);
}
// filter them
foreach ($post as $key => &$value) {
$value = Fari_Escape::$filter($value);
}
return $post;
}
}
/**
* Get code and name from the form and create a new user for us (generate username)
*/
public function actionCreate()
{
$name = Fari_Decode::accents($this->request->getPost('name'));
$code = $this->request->getPost('code');
if (!empty($name)) {
$name = explode(' ', $name);
// do we have a 'long' name?
if (count($name) > 1) {
$short = $name[0] . ' ' . substr(end($name), 0, 1) . '.';
$long = implode(' ', $name);
$surname = end($name);
$name = $name[0];
} else {
$short = $long = $name = $name[0];
$surname = '';
}
// generate a username
$username = Fari_Escape::slug($long) . Fari_Tools::randomCode(10);
$db = Fari_Db::getConnection();
// insert the user in a guest role
$userId = $db->insert('users', array('short' => $short, 'long' => $long, 'name' => $name, 'surname' => $surname, 'role' => 'guest', 'username' => $username));
// log them in automatically
Fari_AuthenticatorSimple::forceAuthenticate($username);
// give them permissions to enter this room
$room = $db->selectRow('rooms', 'id', array('guest' => $code));
if (!empty($room)) {
$db->insert('user_permissions', array('room' => $room['id'], 'user' => $userId));
}
}
// redirect to the room, if we've ailed will be asked for guest's name again
$this->redirectTo('/g/' . $code);
}
