/**
* A widget that lists all comments for a given recipe
* @param Recipe $recipe A recipe object
**/
public function __construct($recipe)
{
$GLOBALS['RTK']->AddJavascript('/commentview.js');
parent::__construct('CommentView');
if (is_a($recipe, 'Recipe')) {
$this->AddChild(new RTK_Header('Comments'));
$comments = Comment::LoadComments('R=' . $recipe->GetId());
$box = null;
if (sizeof($comments) > 0) {
$box = new RTK_Box('Comments');
$this->TraverseComment($box, $comments);
} else {
if (Login::IsLoggedIn()) {
$message = 'No comments yet, be the first to comment on this recipe!';
} else {
$message = 'No comments yet, log in and be the first to comment on this recipe!';
}
$box = new RTK_Textview($message, false, null, 'commentnone');
}
if (Site::HasHttps() && Login::IsLoggedIn()) {
$form = new RTK_Form('CommentForm');
$form->AddChild($box);
$inputbox = new RTK_Box('NewComment');
$inputbox->AddChild(new HtmlElement('a', array('href' => '#', 'onclick' => 'SelectComment(\'\')'), 'New comment'));
$inputbox->AddChild(new HtmlElement('input', array('name' => 'CommentSelect', 'id' => 'CommentSelect', 'type' => 'hidden')));
$inputbox->AddChild(new HtmlElement('input', array('name' => 'CommentInput', 'id' => 'CommentInput', 'type' => 'text', 'autocomplete' => 'off')));
$inputbox->AddChild(new RTK_Button('submit', 'Send'));
$form->AddChild($inputbox);
$this->AddChild($form);
} else {
$this->AddChild($box);
}
}
}
/**
* A widget that lists all comments for a given article
* @param string $articleid The id of the article
**/
public function __construct($articleid)
{
parent::__construct('CommentView');
$this->AddJavascript(RTK_DIRECTORY . 'script/rtk-commentview.js');
if ($articleid != null) {
$this->AddChild(new RTK_Header('Comments'));
$this->_display = new HtmlElement();
$this->_commentbox = new RTK_Box('Comments');
$this->_comments = Comment::LoadComments($articleid);
if (sizeof($this->_comments) > 0) {
$this->TraverseComment($this->_commentbox, $this->_comments);
}
if (Login::IsLoggedIn()) {
$message = 'No comments yet, be the first to comment on this recipe!';
} else {
$message = 'No comments yet, log in and be the first to comment on this recipe!';
}
$this->_nocomments = new RTK_Textview($message, false, null, 'commentnone');
if (Site::HasHttps() && Login::IsLoggedIn()) {
$form = new RTK_Form('CommentForm', EMPTYSTRING, 'POST', true, array('autocomplete' => 'off'));
$form->AddChild($this->_commentbox);
$inputbox = new RTK_Box('NewComment');
$inputbox->AddChild(new HtmlElement('a', array('href' => '#', 'onclick' => 'SelectComment(\'\')'), 'New comment'));
$inputbox->AddChild(new HtmlElement('input', array('name' => 'CommentSelect', 'id' => 'CommentSelect', 'type' => 'hidden')));
$inputbox->AddChild(new HtmlElement('input', array('name' => 'CommentInput', 'id' => 'CommentInput', 'type' => 'text', 'autocomplete' => 'off')));
$inputbox->AddChild(new RTK_Button('submit', 'Send'));
$form->AddChild($inputbox);
$this->_commentbox = $form;
}
$this->AddChild($this->_display);
}
}
/**
* Returns true if the client is connecting via HTTPS, otherwise it returns false.
* @param boolean $forcehttps Specify if the link has to have https
*/
public static function GetBaseURL($forcehttps = false)
{
if (Site::HasHttps() || $forcehttps) {
return 'https://' . BASEURL;
} else {
return 'http://' . BASEURL;
}
}
public static function Insert($message, $recipe, $id = EMPTYSTRING)
{
$result = false;
if (Site::HasHttps() && Login::IsLoggedIn()) {
if (Value::SetAndNotEmpty($message) && Value::SetAndNotNull($recipe)) {
$path = 'R=' . $recipe;
if ($id != EMPTYSTRING) {
if ($stmt = Database::GetLink()->prepare('SELECT `comment_path` FROM `Comment` WHERE `comment_path` LIKE ?;')) {
$stmt->bindParam(1, $path, PDO::PARAM_STR, 255);
$stmt->execute();
$stmt->bindColumn(1, $result);
$stmt->fetch();
$stmt->closeCursor();
if ($result != null && _string::StartsWith($result, $path)) {
$path = $result . '>' . $id;
} else {
$path = null;
}
}
}
if ($path != null) {
$userid = Login::GetId();
$timestamp = time();
if ($stmt = Database::GetLink()->prepare('INSERT INTO `Comment` (`user_id`, `comment_path`, `comment_contents`, `sent_at`) VALUES (?, ?, ?, ?);')) {
$stmt->bindParam(1, $userid, PDO::PARAM_INT);
$stmt->bindParam(2, $path, PDO::PARAM_STR, 255);
$stmt->bindParam(3, $message, PDO::PARAM_STR, 255);
$stmt->bindParam(4, $timestamp, PDO::PARAM_INT);
$stmt->execute();
$stmt->closeCursor();
}
}
}
}
return $result;
}
// Handle the login
if (!Login::IsLoggedIn() && Site::CheckSecurityToken()) {
if (Login::TryToLogin()) {
Site::BackToHome();
}
}
// Page Output
include_once 'Pages/OnAllPages.php';
$RTK->AddJavascript('/jquery-2.1.4.min.js');
$RTK->AddJavascript('/login.js');
if (Login::GetError() != EMPTYSTRING) {
$RTK->AddElement(new RTK_Textview(Login::GetError()));
}
$loginbox = new RTK_Box('loginbox');
if (Login::IsLoggedIn()) {
// If a user is logged in
$loginbox->AddChild(new RTK_Textview('You are logged in as: ' . Login::GetUsername()));
$loginbox->AddChild(new RTK_Link('Logout' . URLPAGEEXT, 'click here for log out', true));
} elseif (Site::HasHttps()) {
// If a user is not logged in, but the site is running secure
$loginform = new RTK_Form('loginform', EMPTYSTRING, 'POST');
$loginform->AddTextField('loginname', 'Username:'******'loginpass', 'Password:'******'submit', 'log in');
$loginbox->AddChild($loginform);
} else {
// If a user is not logged in, and the site is not running secure
$loginbox->AddChild(new RTK_Textview('You are not running secure and therefore cannot be allowed to log in.'));
$loginbox->AddChild(new RTK_Link('Login' . URLPAGEEXT, 'click here for encrypted login', true));
}
$RTK->AddElement($loginbox);
/**
* Tries to login, given that all the requirements are met.
**/
public static function TryToLogin()
{
$result = false;
// Check if the site is connected to via https, and if there is input from the login form
if (Site::HasHttps() && Login::HasLoginInput()) {
$username = hash('sha512', $_POST['loginname']);
$password = $_POST['loginpass'];
$salt1 = STATIC_SALT;
// Static salt
$salt2 = Login::FetchUserSalt($username);
// Dynamic salt
if ($salt2 != EMPTYSTRING) {
$password = hash('sha512', $salt1 . $password . $salt2 . $username);
if ($password != EMPTYSTRING) {
$id = Login::FetchUserId($username, $password);
if ($id > 0) {
Login::SetId($id);
Login::SetUsername(Login::FetchUsername($id));
Login::SetAttempts(0);
$result = true;
}
}
}
Login::LogAttempt($username, $result);
}
return $result;
}
<?php
// Page Logic
if (!Site::HasHttps() || Login::IsLoggedIn()) {
Site::BackToHome();
}
$errors = null;
$userName = EMPTYSTRING;
$firstName = EMPTYSTRING;
$lastName = EMPTYSTRING;
$email = EMPTYSTRING;
$telNo = EMPTYSTRING;
if (Value::SetAndNotNull($_POST, 'Submit') && Site::CheckSecurityToken()) {
$errors = array();
$userName = Site::GetPostValueSafely("UserName");
// need to be hashed client-side
$password = Site::GetPostValueSafely("Password");
// need to be hashed client-side
$password2 = Site::GetPostValueSafely("Password2");
// need to be hashed client-side
$firstName = Site::GetPostValueSafely("FirstName");
$lastName = Site::GetPostValueSafely("LastName");
$email = Site::GetPostValueSafely("email");
$telNo = Site::GetPostValueSafely("telNo");
Site::ValidateUserName($userName, $errors);
Site::ValidatePassword($password, $password2, $errors);
Site::ValidateEmail($email, $errors);
Site::ValidatePhoneNo($telNo, $errors);
if (sizeof($errors) == 0) {
$user = new User();
$user->create($userName, $password, $firstName, $lastName, $email, $telNo);
