public static function add($username, $password, $realname) { // escape input $username = Fari_Escape::html($username); $password = Fari_Escape::html($password); $realname = Fari_Escape::html(Fari_Decode::javascript($realname)); // verify that credentials are provided in a valid form if (!empty($username) && ctype_alnum($username) && strlen($username) <= 10) { if (!empty($password) && ctype_alnum($password) && strlen($password) <= 10) { if (!empty($realname) && strlen($realname) <= 100) { // all OK, db insert Fari_Db::insert('users', array('username' => $username, 'password' => sha1($password), 'realname' => $realname)); Fari_Message::success("Welcome {$realname}!"); return TRUE; } else { Fari_Message::fail("Please provide a valid real name."); } } else { Fari_Message::fail("Please provide a valid password."); } } else { Fari_Message::fail("Please provide a valid username."); } return FALSE; }
/** * Invitation form and processing of invited user details */ public function actionIndex($p) { if ($this->request->isPost()) { $firstName = Fari_Decode::accents($this->request->getPost('first')); $lastName = Fari_Decode::accents($this->request->getPost('last')); $email = $this->request->getPost('email'); if (!Fari_Filter::isEmail($email) or empty($firstName)) { $this->bag->message = array('status' => 'fail', 'message' => 'Whoops, make sure you enter a full name and proper email address.'); $this->bag->first = $this->request->getRawPost('first'); $this->bag->last = $this->request->getRawPost('last'); $this->bag->email = $this->request->getRawPost('email'); } else { $name = $this->accounts->newInvitation($firstName, $lastName, $email); // mail the instructions $mail = new Mailer(); try { $mail->sendInvitation(); } catch (UserNotFoundException $e) { $this->redirectTo('/error404/'); } $this->flashSuccess = "{$name} is now added to your account. An email with instructions was sent to {$email}"; $this->redirectTo('/users/'); } } $this->bag->tabs = $this->user->inRooms(); $this->renderAction('new'); }
/** * Check for uniqueness of the username * * @param string $username URL encoded username */ public function actionCheckUsername($username) { // is this Ajax? if ($this->request->isAjax()) { // URL decode & filter out username $username = Fari_Escape::text(Fari_Decode::url($username)); if (empty($username)) { $this->renderJson("The username can't be empty."); } else { // alphanumeric only? if (!Fari_Filter::isAlpha($username)) { $this->renderJson("Only alphanumeric characters are allowed."); } else { // do we have a match? if (!$this->accounts->isUsernameUnique($username)) { $this->renderJson("The username \"{$username}\" is unavailable, sorry."); } else { $this->renderJson(''); } } } } else { $this->renderTemplate('error404/javascript'); } }
/** * Send a message from a room * * @uses Ajax */ public function actionSpeak($roomId) { $text = Fari_Escape::text(Fari_Decode::javascript($this->request->getRawPost('text'))); if (!empty($text)) { $time = mktime(); // a text message $message = new MessageSpeak($roomId, $time); $message->text($roomId, $time, $this->user->getShortName(), $this->user->getId(), $text); // the message might be saved under wrong room id, but activity updater will kick us... try { $this->room->updateUserActivity($roomId, $time, $this->user->getId()); } catch (UserNotFoundException $e) { $this->renderJson('bye'); } } }
/** * User sign-in/login */ public function actionLogin() { // authenticate user if form data POSTed if ($this->request->getPost('username')) { $username = Fari_Decode::accents($this->request->getPost('username')); $password = Fari_Decode::accents($this->request->getPost('password')); try { $this->user = new UserLogin($username, $password, $this->request->getPost('token')); } catch (UserNotAuthenticatedException $e) { $this->flashFail = 'Sorry, your username or password wasn\'t recognized'; } $this->redirectTo('/'); } // create token & display login form $this->bag->token = Fari_FormToken::create(); $this->renderAction(); }
public function actionLogin() { // authenticate user if form data POSTed if ($this->request->getPost('username')) { $username = Fari_Decode::accents($this->request->getPost('username')); $password = Fari_Decode::accents($this->request->getPost('password')); $this->user = new Fari_AuthenticatorSimple(); if ($this->user->authenticate($username, $password, $this->request->getPost('token'))) { $this->redirectTo('/'); } else { $this->flashFail = 'Sorry, your username or password wasn\'t recognized'; } } $this->flashNotify = 'Use \'admin\' for username and password.'; // create token & display login form $this->bag->token = Fari_FormToken::create(); $this->renderAction(); }
public function results($query) { if (!empty($query)) { // cleanup, convert, replace, strip... $query = Fari_Decode::url($query); $query = preg_replace('~\\s{2,}~', ' ', implode(' ', explode('-', strtolower($query)))); $query = substr($query, -1) == ' ' ? substr($query, 0, -1) : $query; // trailing space $query = substr($query, 0, 1) == ' ' ? substr($query, 1) : $query; // leading space $this->view->query = $query = Fari_Escape::alpha($query); $this->view->keywords = implode('-', explode(' ', $query)); // implode back to have clean keywords } else { $this->redirect('/'); die; } // fetch the result and add relevance to it $this->view->result = Search::query($query); $this->view->display('results'); }
/** * User sign-in/login */ public function actionLogin() { // authenticate user if form data POSTed if ($this->request->getPost('username')) { $username = Fari_Decode::accents($this->request->getPost('username')); $password = Fari_Decode::accents($this->request->getPost('password')); try { $user = new AuthAuth($username, $password, $this->request->getPost('token')); // redirect us to the route originally requested if (isset($_SESSION['Route'])) { $route = $_SESSION['Route']; unset($_SESSION['Route']); $this->redirectTo($route); } else { $this->redirectTo('/' . self::ADMIN); } } catch (AuthUserNotAuthenticatedException $e) { $this->flashFail = "Sorry, your username or password wasn't recognized"; } } // create token & display login form $this->bag->token = Fari_FormToken::create(); $this->renderAction('login'); }
/** * Generate a slug from a text (e.g., "Červený 'nejede'!" will turn into "cerveny-nejede"). * * @param string $input * @return string */ public static function slug($input) { return preg_replace("/\\s+/", "-", preg_replace("/[^a-zA-Z0-9 ]/", "", strtolower(Fari_Decode::accents($input)))); }
/** * Get POSTed value(s), filtered. * @param string $key Key under which values are saved under, otherwise get all (optional) * @param string $filter Fari_Escape applied on getting the value (optional) * @return mixed Values in $_POST variable */ function getPost($key = NULL, $filter = 'text') { // can we apply the filter passed? try { if (!method_exists('Fari_Escape', $filter)) { // ... throw exception if filter function is invalid throw new Fari_Exception('Fari_Escape::' . $filter . ' is not a valid escaping function.'); } } catch (Fari_Exception $exception) { $exception->fire(); } // return the value(s), filtered if (isset($key)) { return $this->isAjax() ? Fari_Escape::$filter(Fari_Decode::javascript($this->post->{$key})) : Fari_Escape::$filter($this->post->{$key}); } else { // get the values $post = $this->post->values; // decode from AJAX? if ($this->isAjax()) { $post = Fari_Decode::javascript($post); } // filter them foreach ($post as $key => &$value) { $value = Fari_Escape::$filter($value); } return $post; } }
/** * Get code and name from the form and create a new user for us (generate username) */ public function actionCreate() { $name = Fari_Decode::accents($this->request->getPost('name')); $code = $this->request->getPost('code'); if (!empty($name)) { $name = explode(' ', $name); // do we have a 'long' name? if (count($name) > 1) { $short = $name[0] . ' ' . substr(end($name), 0, 1) . '.'; $long = implode(' ', $name); $surname = end($name); $name = $name[0]; } else { $short = $long = $name = $name[0]; $surname = ''; } // generate a username $username = Fari_Escape::slug($long) . Fari_Tools::randomCode(10); $db = Fari_Db::getConnection(); // insert the user in a guest role $userId = $db->insert('users', array('short' => $short, 'long' => $long, 'name' => $name, 'surname' => $surname, 'role' => 'guest', 'username' => $username)); // log them in automatically Fari_AuthenticatorSimple::forceAuthenticate($username); // give them permissions to enter this room $room = $db->selectRow('rooms', 'id', array('guest' => $code)); if (!empty($room)) { $db->insert('user_permissions', array('room' => $room['id'], 'user' => $userId)); } } // redirect to the room, if we've ailed will be asked for guest's name again $this->redirectTo('/g/' . $code); }