function __construct() { date_default_timezone_set('Europe/Berlin'); define('IN_CORE', true); require 'config/config.php'; $dbconfig = array('hostname' => $mysql_hostname, 'username' => $mysql_username, 'password' => $mysql_password, 'database' => $mysql_database); $this->DB = new mysqli($dbconfig['hostname'], $dbconfig['username'], $dbconfig['password'], $dbconfig['database']); if (mysqli_connect_errno()) { die("Can't connect to database"); } self::$db_con = $this->DB; $res = $this->query('SELECT type, name, value FROM {settings}') or die($this->error()); while ($setting = $res->fetch_array()) { if ($setting['type'] == '1' || $setting['type'] == '2' || $setting['type'] == '3') { $this->settings[$setting['name']] = stripslashes($setting['value']); } else { $this->settings[$setting['name']] = NULL; } } $this->rootpath = $this->settings['Bloglink']; $this->adminrootpath = $this->rootpath . '/admin'; $this->design = $this->settings['Design']; $this->encoding = $this->settings['Zeichensatz']; session_start(); $username = $this->visitor_as_user(); if ($username) { $this->user = User::find_by_name($username); if ($this->user) { $this->user->is_online(); } } else { $this->user = new User(); } }
public function testShouldShowUserButtonInNavbar() { $user = User::find_by_name('NeechyUser'); $user->login(); $html = $this->renderTemplate(); $needle = '<div class="btn btn-group user-button logged-in">'; $this->assertContains($needle, $html); }
public static function current($field = null) { if (!User::is_logged_in()) { return null; } elseif (!$field) { return User::find_by_name($_SESSION['user']['name']); } else { return $_SESSION['user'][$field]; } }
public function __construct($fields = array()) { parent::__construct($fields); # Set primogenitor if ($this->field('primogenitor_id')) { $this->primogenitor = $this->find_by_id($this->field('primogenitor_id')); } if ($this->field('editor')) { $this->editor = User::find_by_name($this->field('editor')); } }
private function confirm_password_reset() { $user_name = count($this->params) > 1 ? $this->params[1] : null; if (!$user_name) { $this->help(); $this->print_error('You must provide a user name'); } $user = User::find_by_name($user_name); if (!$user) { $this->print_error(sprintf('User "%s" not found', $user_name)); } $confirmed = $this->prompt_user(sprintf('Are you sure your want to reset the password for user "%s"? [Y/n] ', $user_name)); if ($confirmed == 'Y') { $new_password = $this->reset_user_password($user); $stdout = <<<STDOUT Password for user %s has been reset to: %s STDOUT; printf($stdout, $user_name, $new_password); } else { $this->println('Password will not be reset.'); } }
public function resetPassword() { if ($this->request()->isPost()) { $user = User::find_by_name($this->params()->user['name']); if ($user) { $new_password = $user->reset_password(); $this->notice('Password reset to ' . $new_password); if ($user->email) { // try { UserMailer::mail('new_password', [$user, $new_password])->deliver(); // } catch (\Exception $e) { // $this->respond_to_success("Specified user's email address was invalid", // ['#reset_password'], ['api' => ['result' => 'invalid-email']]); // return; // } } } else { $this->notice('That account does not exist'); $this->redirectTo('#reset_password'); } } else { $this->user = new User(); } }
public function assertPasswordUnchanged($user_name, $old_password) { $user = User::find_by_name($user_name); $new_password = $user->field('password'); $this->assertEquals($old_password, $new_password); }
public function testMagicFindAllFinder() { $id = User::find_by_name('names1')->id; $obj = Photo::find_all_by_user_id($id); $this->assertEquals($obj->length, 11); foreach ($obj as $record) { $this->assertEquals($record->user_id, $id); } }
public function validate_signup_user($value, $error_key = 'base') { if ($this->string_is_empty($value)) { $message = 'User name required'; $this->add_error($error_key, $message); return FALSE; } if ($this->string_is_too_short($value, self::MIN_USERNAME_LENGTH)) { $message = sprintf('User name too short: must be at least %d chars', self::MIN_USERNAME_LENGTH); $this->add_error($error_key, $message); return FALSE; } if (!preg_match(self::RE_VALID_USERNAME, $value)) { $message = 'Invalid format: please use something like neechy, ' . 'neechy_user, or NeechyUser'; $this->add_error($error_key, $message); return FALSE; } # Name used by another user/page $user = User::find_by_name($value); if ($user->exists()) { $message = 'This user name is not available. Please choose another.'; $this->add_error($error_key, $message); return FALSE; } $page = Page::find_by_title($value); if (!$page->is_new()) { $message = 'This user name is not available. Please choose another.'; $this->add_error($error_key, $message); return FALSE; } return TRUE; }
static function parse_query($query, $options = array()) { $q = array(); foreach (self::scan_query($query) as $token) { if (preg_match('/^([qse])$/', $token, $m)) { $q['rating'] = $m[1]; continue; } if (preg_match('/^(unlocked|deleted|ext|user|sub|vote|-vote|fav|md5|-rating|rating|width|height|mpixels|score|source|id|date|pool|-pool|parent|order|change|holds|pending|shown|limit):(.+)$/', $token, $m)) { if ($m[1] == "user") { $q['user'] = $m[2]; } elseif ($m[1] == "vote") { list($vote, $user) = explode(':', $m[2]); if ($user = User::find_by_name($user)) { $user_id = $user->id; } else { $user_id = null; } $q['vote'] = array(self::parse_helper($vote), $user_id); } elseif ($m[1] == "-vote") { if ($user = User::find_by_name($m[2])) { $user_id = $user->id; } else { $user_id = null; } $q['vote_negated'] = $user_id; // $q['vote_negated'] = User.find_by_name_nocase($m[2]).id rescue nil if (!$q['vote_negated']) { $q['error'] = "no user named " . $m[2]; } } elseif ($m[1] == "fav") { $q['fav'] = $m[2]; } elseif ($m[1] == "sub") { $q['subscriptions'] = $m[2]; } elseif ($m[1] == "md5") { $q['md5'] = $m[2]; } elseif ($m[1] == "-rating") { $q['rating_negated'] = $m[2]; } elseif ($m[1] == "rating") { $q['rating'] = $m[2]; } elseif ($m[1] == "id") { $q['post_id'] = self::parse_helper($m[2]); } elseif ($m[1] == "width") { $q['width'] = self::parse_helper($m[2]); } elseif ($m[1] == "height") { $q['height'] = self::parse_helper($m[2]); } elseif ($m[1] == "mpixels") { $q['mpixels'] = self::parse_helper($m[2], 'float'); } elseif ($m[1] == "score") { $q['score'] = self::parse_helper($m[2]); } elseif ($m[1] == "source") { $q['source'] = $m[2] . '%'; } elseif ($m[1] == "date") { $q['date'] = self::parse_helper($m[2], 'date'); } elseif ($m[1] == "pool") { $q['pool'] = $m[2]; if (preg_match('/^(\\d+)$/', $q['pool'])) { $q['pool'] = (int) $q['pool']; } } elseif ($m[1] == "-pool") { $pool = $m[2]; if (preg_match('/^(\\d+)$/', $pool)) { $pool = (int) $pool; } $q['exclude_pools'][] = $pool; } elseif ($m[1] == "parent") { $q['parent_id'] = $m[2] == "none" ? false : (int) $m[2]; } elseif ($m[1] == "order") { $q['order'] = $m[2]; } elseif ($m[1] == "unlocked") { $m[2] == "rating" && ($q['unlocked_rating'] = true); } elseif ($m[1] == "deleted") { # This naming is slightly odd, to retain API compatibility with Danbooru's "deleted:true" # search flag. if ($m[2] == "true") { $q['show_deleted_only'] = true; } elseif ($m[2] == "all") { $q['show_deleted_only'] = false; } # all posts, deleted or not } elseif ($m[1] == "ext") { $q['ext'] = $m[2]; } elseif ($m[1] == "change") { $q['change'] = self::parse_helper($m[2]); } elseif ($m[1] == "shown") { $q['shown_in_index'] = $m[2] == "true"; } elseif ($m[1] == "holds") { if ($m[2] == "true" or $m[2] == "only") { $q['show_holds'] = 'only'; } elseif ($m[2] == "all") { $q['show_holds'] = 'yes'; } elseif ($m[2] == "false") { $q['show_holds'] = 'hide'; } } elseif ($m[1] == "pending") { if ($m[2] == "true" or $m[2] == "only") { $q['show_pending'] = 'only'; } elseif ($m[2] == "all") { $q['show_pending'] = 'yes'; } elseif ($m[2] == "false") { $q['show_pending'] = 'hide'; } } elseif ($m[1] == "limit") { $q['limit'] = $m[2]; } } elseif ($token[0] == '-' && strlen($token) > 1) { $q['exclude'][] = substr($token, 1); } elseif ($token[0] == '~' && count($token) > 1) { $q['include'][] = substr($token, 1); } elseif (strstr('*', $token)) { $tags = Tag::find_all(array('conditions' => array("name LIKE ?", $token), 'select' => "name, post_count", 'limit' => 25, 'order' => "post_count DESC")); foreach ($tags as $i) { $matches = $i->name; } !$matches && ($matches = array('~no_matches~')); $q['include'] += $matches; } else { $q['related'][] = $token; } } if (!isset($options['skip_aliasing'])) { isset($q['exclude']) && ($q['exclude'] = TagAlias::to_aliased($q['exclude'])); isset($q['include']) && ($q['include'] = TagAlias::to_aliased($q['include'])); isset($q['related']) && ($q['related'] = TagAlias::to_aliased($q['related'])); } return $q; }
public static function generate_sql($q, $options = array()) { if (is_array($q)) { $original_query = isset($options['original_query']) ? $options['original_query'] : null; } else { $original_query = $q; $q = Tag::parse_query($q); } # Filling default values. $q = array_merge(array_fill_keys(array('md5', 'ext', 'source', 'fav', 'user', 'rating', 'rating_negated', 'unlocked_rating', 'show_holds', 'shown_in_index', 'exclude', 'related', 'post_id', 'mpixels', 'width', 'height', 'score', 'date', 'change'), null), $q); $options = array_merge(array_fill_keys(array('pending', 'flagged', 'from_api', 'limit', 'offset', 'count', 'select', 'having'), null), $options); $conds = array('true'); $joins = array('posts p'); $join_params = array(); $cond_params = array(); if (!empty($q['error'])) { $conds[] = "FALSE"; } self::generate_sql_range_helper($q['post_id'], "p.id", $conds, $cond_params); self::generate_sql_range_helper($q['mpixels'], "p.width*p.height/1000000.0", $conds, $cond_params); self::generate_sql_range_helper($q['width'], "p.width", $conds, $cond_params); self::generate_sql_range_helper($q['height'], "p.height", $conds, $cond_params); self::generate_sql_range_helper($q['score'], "p.score", $conds, $cond_params); self::generate_sql_range_helper($q['date'], "DATE(p.created_at)", $conds, $cond_params); self::generate_sql_range_helper($q['change'], "p.change_seq", $conds, $cond_params); if (is_string($q['md5'])) { $conds[] = "p.md5 IN (?)"; $cond_params[] = explode(',', $q['md5']); } if (is_string($q['ext'])) { $conds[] = "p.file_ext IN (?)"; $cond_params[] = explode(',', strtolower($q['ext'])); } if (isset($q['show_deleted_only'])) { if ($q['show_deleted_only']) { $conds[] = "p.status = 'deleted'"; } } elseif (empty($q['post_id'])) { # If a specific post_id isn't specified, default to filtering deleted posts. $conds[] = "p.status <> 'deleted'"; } if (isset($q['parent_id']) && is_numeric($q['parent_id'])) { $conds[] = "(p.parent_id = ? or p.id = ?)"; $cond_params[] = $q['parent_id']; $cond_params[] = $q['parent_id']; } elseif (isset($q['parent_id']) && $q['parent_id'] == false) { $conds[] = "p.parent_id is null"; } if (is_string($q['source'])) { $conds[] = "lower(p.source) LIKE lower(?)"; $cond_params[] = $q['source']; } if (isset($q['subscriptions'])) { preg_match('/^(.+?):(.+)$/', $q['subscriptions'], $m); $username = $m[1] ?: $q['subscriptions']; $subscription_name = $m[2]; $user = User::find_by_name($username); if ($user) { if ($post_ids = TagSubscription::find_post_ids($user->id, $subscription_name)) { $conds[] = 'p.id IN (?)'; $cond_params[] = $post_ids; } } } if (is_string($q['fav'])) { $joins[] = "JOIN favorites f ON f.post_id = p.id JOIN users fu ON f.user_id = fu.id"; $conds[] = "lower(fu.name) = lower(?)"; $cond_params[] = $q['fav']; } if (isset($q['vote_negated'])) { $joins[] = "LEFT JOIN post_votes v ON p.id = v.post_id AND v.user_id = ?"; $join_params[] = $q['vote_negated']; $conds[] = "v.score IS NULL"; } if (isset($q['vote'])) { $joins[] = "JOIN post_votes v ON p.id = v.post_id"; // $conds[] = sprintf("v.user_id = %d", $q['vote'][1]); $conds[] = 'v.user_id = ?'; $cond_params[] = $q['vote'][1]; self::generate_sql_range_helper($q['vote'][0], "v.score", $conds, $cond_params); } if (is_string($q['user'])) { $joins[] = "JOIN users u ON p.user_id = u.id"; $conds[] = "lower(u.name) = lower(?)"; $cond_params[] = $q['user']; } if (isset($q['exclude_pools'])) { foreach (array_keys($q['exclude_pools']) as $i) { if (is_int($q['exclude_pools'][$i])) { $joins[] = "LEFT JOIN pools_posts ep{$i} ON (ep{$i}.post_id = p.id AND ep{$i}.pool_id = ?)"; $join_params[] = $q['exclude_pools'][$i]; $conds[] = "ep{$i}.id IS NULL"; } if (is_string($q['exclude_pools'][$i])) { $joins[] = "LEFT JOIN pools_posts ep{$i} ON ep{$i}.post_id = p.id LEFT JOIN pools epp{$i} ON (ep{$i}.pool_id = epp{$i}.id AND LOWER(epp{$i}.name) LIKE ?)"; $join_params[] = "%" . strtolower($q['exclude_pools'][$i]) . "%"; $conds[] = "ep{$i}.id IS NULL"; } } } if (isset($q['pool'])) { $conds[] = "pools_posts.active = true"; if (!isset($q['order'])) { $paramsool_ordering = " ORDER BY pools_posts.pool_id ASC, CAST(pools_posts.sequence AS UNSIGNED), pools_posts.post_id"; } if (is_int($q['pool'])) { $joins[] = "JOIN pools_posts ON pools_posts.post_id = p.id JOIN pools ON pools_posts.pool_id = pools.id"; $conds[] = "pools.id = " . $q['pool']; } if (is_string($q['pool'])) { if ($q['pool'] == "*") { $joins[] = "JOIN pools_posts ON pools_posts.post_id = p.id JOIN pools ON pools_posts.pool_id = pools.id"; } else { $joins[] = "JOIN pools_posts ON pools_posts.post_id = p.id JOIN pools ON pools_posts.pool_id = pools.id"; $conds[] = "LOWER(pools.name) LIKE ?"; $cond_params[] = "%" . strtolower($q['pool']) . "%"; } } } # http://stackoverflow.com/questions/8106547/how-to-search-on-mysql-using-joins/8107017 $tags_index_query = array(); if (!empty($q['include']) && ($tags_include = self::generate_sql_escape_helper($q['include']))) { $joins[] = 'INNER JOIN posts_tags pti ON p.id = pti.post_id JOIN tags ti ON pti.tag_id = ti.id'; $tags_index_query[] = 'ti.name IN (' . implode(', ', array_fill(0, count($tags_include), '?')) . ')'; $cond_params = array_merge($cond_params, $tags_include); } if (!empty($q['related'])) { if (count($q['exclude']) > CONFIG()->tag_query_limit) { throw new Exception("You cannot search for more than " . CONFIG()->tag_query_limit . " tags at a time"); } $tags_index_query[] = '(' . implode(', ', array_map(function ($v, $k) { return 't' . ($k + 1) . '.name'; }, $q['related'], array_keys($q['related']))) . ') = (' . implode(', ', array_fill(0, count($q['related']), '?')) . ')'; $cond_params = array_merge($cond_params, $q['related']); $joins[] = implode(' ', array_map(function ($k) { return 'INNER JOIN posts_tags pt' . ($k + 1) . ' ON p.id = pt' . ($k + 1) . '.post_id INNER JOIN tags t' . ($k + 1) . ' ON pt' . ($k + 1) . '.tag_id = t' . ($k + 1) . '.id'; }, array_keys($q['related']))); } if (!empty($q['exclude'])) { if (count($q['exclude']) > CONFIG()->tag_query_limit) { throw new Exception("You cannot search for more than " . CONFIG()->tag_query_limit . " tags at a time"); } $tags_index_query[] = 'NOT EXISTS (SELECT * FROM posts_tags pt INNER JOIN tags t ON pt.tag_id = t.id WHERE p.id = pt.post_id AND t.name IN (' . implode(', ', array_fill(0, count($q['exclude']), '?')) . ') )'; $cond_params = array_merge($cond_params, $q['exclude']); } if (!empty($tags_index_query)) { $conds[] = implode(' AND ', $tags_index_query); } if (is_string($q['rating'])) { $r = strtolower(substr($q['rating'], 0, 1)); if ($r == "s") { $conds[] = "p.rating = 's'"; } elseif ($r == "q") { $conds[] = "p.rating = 'q'"; } elseif ($r == "e") { $conds[] = "p.rating = 'e'"; } } if (is_string($q['rating_negated'])) { $r = strtolower(substr($q['rating_negated'], 0, 1)); if ($r == "s") { $conds[] = "p.rating <> 's'"; } elseif ($r == "q") { $conds[] = "p.rating <> 'q'"; } elseif ($r == "e") { $conds[] = "p.rating <> 'e'"; } } if ($q['unlocked_rating'] == true) { $conds[] = "p.is_rating_locked = FALSE"; } if (isset($options['flagged'])) { $conds[] = "p.status = 'flagged'"; } if (isset($q['show_holds'])) { if ($q['show_holds'] == 'only') { $conds[] = "p.is_held"; } elseif ($q['show_holds'] == 'hide') { $conds[] = "NOT p.is_held"; } elseif ($q['show_holds'] == 'yes') { /*do nothing?*/ } } else { # Hide held posts by default only when not using the API. if (!$options['from_api']) { $conds[] = "NOT p.is_held"; } } /** * MyImouto: Moved the following condition here so only one * of the conditions that set the pending status is met. * Before this, in post#moderate, when searching for a user's * pending posts, the SQL query would end up like this: * ... AND p.status = 'pending' ... AND p.status <> 'pending' ... */ if (isset($options['pending'])) { $conds[] = "p.status = 'pending'"; } else { if (isset($q['show_pending'])) { if ($q['show_pending'] == 'only') { $conds[] = "p.status = 'pending'"; } elseif ($q['show_pending'] == 'hide') { $conds[] = "p.status <> 'pending'"; } elseif ($q['show_pending'] == 'yes') { /*do nothing?*/ } } else { # Hide pending posts by default only when not using the API. if (CONFIG()->hide_pending_posts && !isset($options['from_api'])) { $conds[] = "p.status <> 'pending'"; } } } if (isset($q['shown_in_index'])) { if ($q['shown_in_index']) { $conds[] = "p.is_shown_in_index"; } else { $conds[] = "NOT p.is_shown_in_index"; } } elseif (!$original_query && !$options['from_api']) { # Hide not shown posts by default only when not using the API. $conds[] = "p.is_shown_in_index"; } $sql = "SELECT "; if ($options['count']) { $sql .= " COUNT(*)"; } elseif ($options['select']) { $sql .= ' ' . $options['select']; } else { $sql .= " p.*"; } $sql .= " FROM " . implode(' ', $joins); $sql .= " WHERE " . implode(' AND ', $conds); if (!$options['count']) { $sql .= ' GROUP BY p.id '; } if (isset($q['order']) && !$options['count']) { if ($q['order'] == "id") { $sql .= " ORDER BY p.id"; } elseif ($q['order'] == "id_desc") { $sql .= " ORDER BY p.id DESC"; } elseif ($q['order'] == "score") { $sql .= " ORDER BY p.score DESC"; } elseif ($q['order'] == "score_asc") { $sql .= " ORDER BY p.score"; } elseif ($q['order'] == "mpixels") { # Use "w*h/1000000", even though "w*h" would give the same result, so this can use # the posts_mpixels index. $sql .= " ORDER BY width*height/1000000.0 DESC"; } elseif ($q['order'] == "mpixels_asc") { $sql .= " ORDER BY width*height/1000000.0"; } elseif ($q['order'] == "portrait") { $sql .= " ORDER BY 1.0*width/GREATEST(1, height)"; } elseif ($q['order'] == "landscape") { $sql .= " ORDER BY 1.0*width/GREATEST(1, height) DESC"; } elseif ($q['order'] == "portrait_pool") { # We can only do this if we're searching for a pool. if (isset($q['pool'])) { $sql .= " ORDER BY 1.0*width / GREATEST(1, height), CAST(pools_posts.sequence AS UNSIGNED), pools_posts.post_id"; } } elseif ($q['order'] == "change" || $q['order'] == "change_asc") { $sql .= " ORDER BY change_seq"; } elseif ($q['order'] == "change_desc") { $sql .= " ORDER BY change_seq DESC"; } elseif ($q['order'] == "vote") { if (isset($q['vote'])) { $sql .= " ORDER BY v.updated_at DESC"; } } elseif ($q['order'] == "fav") { if (is_string($q['fav'])) { $sql .= " ORDER BY f.id DESC"; } } elseif ($q['order'] == "random") { $sql .= " ORDER BY RAND()"; } else { $use_default_order = true; } } else { $use_default_order = true; } if (isset($use_default_order) && !$options['count']) { if (isset($paramsool_ordering)) { $sql .= $paramsool_ordering; } else { if (!empty($options['from_api'])) { # When using the API, default to sorting by ID. $sql .= " ORDER BY p.id DESC"; } else { # MI: Added p.id DESC so posts with same index_timestamp are ordered by id. $sql .= " ORDER BY p.index_timestamp DESC, p.id DESC"; } } } if (isset($options['limit']) && isset($options['offset'])) { $sql .= ' LIMIT ' . $options['offset'] . ', ' . $options['limit']; } elseif (isset($options['limit'])) { $sql .= " LIMIT " . $options['limit']; } $params = array_merge($join_params, $cond_params); return array($sql, $params); }
/** * @Given /^I am logged in as "([^"]*)"$/ */ public function iAmLoggedInAs($arg1) { $CurrentUser = User::find_by_name($arg1); }
<?php //require the framework require_once "requires/initialize.php"; // create the page $page = new Page(); $page->name = "Forgot my Password"; // check to see if a user is already logged in if ($session->is_logged_in) { $session->message("You are already logged in! To use the Forgot my Password feature, please logout first."); redirect_head(ROOT_URL); } // the user submitted the form if (isset($_POST["submit"])) { $found_user = User::find_by_name($database->escape_value($_POST['email_address']), 'email_address'); if ($found_user) { //the e-mail address was found //now we need to make sure it does not belong to an account that is deleted if ($found_user->is_deleted == '1') { $session->message("The account associated to that Email Address is disabled."); } } else { //the e-mail address is not associated with an account $session->message("The e-mail address you entered does not belong to an account."); } //only execute here if there was an account found, AND it is not soft-deleted if (empty($session->message())) { $new_request = new Reset_Password(); $new_request->set_new_key(); $new_request->user_wk = $found_user->user_wk; //save the record
<?php $cur_title = 'Login'; if (isset($_POST['user_login'])) { $username = $_POST['user_name']; $password = $_POST['user_password']; if (empty($username) || empty($password)) { $error_msg = "Bitte alle Felder ausfüllen!"; } else { $Blog->user = User::find_by_name($username); if ($Blog->user && $Blog->user->login($password)) { header("Location: {$Blog->adminrootpath}"); } else { $error_msg = "Login-Daten waren nicht richtig. Versuche es noch einmal."; } } } include 'header_user.php'; echo "<h1>{$cur_title}</h1>\n"; if (!empty($error_msg)) { ?> <form action="<?php echo $_SERVER['REQUEST_URI']; ?> " method="post"> <fieldset> <legend>Meldung</legend> <p style="text-align:center;color:red;"><strong><?php echo $error_msg; ?> </strong></p>
//assign variables to all form-submitted values $email_address = $_POST['email_address']; $hashed_password = sha1($database->escape_value($_POST['password'])); $confirmed_password = sha1($database->escape_value($_POST['confirmed_password'])); $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $phone_number = return_numeric($_POST['phone_number']); $is_notifications_enabled = $_POST['email_notifications']; // validations //make sure passwords (first and confirmed) are the same if ($hashed_password != $confirmed_password) { $session->message($session->message . "The passwords you entered do not match. "); } //make sure the email address is not already taken if ($user->email_address != $email_address) { if (User::find_by_name($database->escape_value($email_address), "email_address")) { $session->message($session->message . "That email address is already taken, please enter a new email address. "); $email_address = $user->email_address; } } //only actually create the user if there are no errors if (empty($session->message)) { $user->email_address = $email_address; //only change the password if it's not empty if (!empty($_POST['password'])) { $user->hashed_password = $hashed_password; } $user->first_name = $first_name; $user->last_name = $last_name; $user->phone_number = $phone_number; $user->is_notifications_enabled = $is_notifications_enabled;
<?php required_params('username'); // $user = new User('find_by_name', Request::$params->username); $user = User::find_by_name(Request::$params->username); // vde($user); $ret['exists'] = false; $ret['name'] = Request::$params->username; if (!$user) { $ret['response'] = "unknown-user"; respond_to_success("User does not exist", null, array('api' => $ret)); return; } # Return some basic information about the user even if the password isn't given, for # UI cosmetics. $ret['exists'] = true; $ret['id'] = $user->id; $ret['name'] = $user->name; $ret['no_email'] = empty($user->email); $pass = isset(Request::$params->password) ? Request::$params->password : ""; $user = User::authenticate(Request::$params->username, $pass); if (!$user) { $ret['response'] = "wrong-password"; respond_to_success("Wrong password", null, array('api' => $ret)); return; } $ret['pass_hash'] = $user->password_hash; $ret['user_info'] = $user->user_info_cookie(); $ret['response'] = 'success'; respond_to_success("Successful", null, array('api' => $ret));
public function testFindByWithAnd() { $user = User::find_by_name('joe'); $photo = Photo::find_by_user_id_and_title($user->id, 'photo_0'); $this->assertEquals($photo->user_id, $user->id); }
public function testShouldConvertFieldsToJSON() { $user = User::find_by_name('NeechyUser'); $expected = sprintf('{"id":"1","name":"NeechyUser","email":"*****@*****.**","password":"",' . '"status":"0","challenge":"","theme":"","show_comments":"N",' . '"created_at":"%s","updated_at":null}', $user->field('created_at')); $this->assertEquals($expected, $user->to_json()); }
public static function login($username = "", $password = "") { //will retrieve user credentials if username and password are a match //if a match, it will spit out 1 user object //if not a match, it will return false global $database; global $session; global $page_file_name_with_get; $username = $database->escape_value($username); $password = sha1($database->escape_value($password)); $sql = "SELECT * FROM `" . self::$table_name . "` "; $sql .= "WHERE username = '******' "; $sql .= "AND hashed_password = '******' "; $sql .= "LIMIT 1;"; $result_array = self::find_by_sql($sql); //if soft deleted, display error message if (!empty($result_array)) { $user = array_shift($result_array); if ($user->is_deleted == 1) { //account was found, but is disabled $session->message($user->username . ", your account has been disabled. If you feel this is an error please contact the administrator."); redirect_head(ROOT_URL . "login.php?username="******"Successfully logged in!"); $session->login($user); //this will determine where we redirect to //depending on whether or not there is a $_GET['url'] superglobal set if (isset($_GET['url'])) { redirect_head($_GET['url']); } else { redirect_head(ROOT_URL); } } } //the username password combination does not exist //so now, we need to do a couple of checks for the lockout security //1. We need to see if the username exists. //If it does, we ned to make a note that this username was incorrectly //logged into X number of times //Also - if the number of times this account has been logged into is 5 attempts //then we need to disable the account and display a relevant error message //If it does not exist, then do nothing $try_to_find_user = User::find_by_name($username, "username"); if ($try_to_find_user) { //the username does exist //so now we need to determine the # of login attemps, and the account if (isset($session->login_attempt)) { $login_attempt = $session->login_attempt; //depending on whether or not the username is the same //we can either increment the login attempt number, or //we set the default if ($login_attempt['username'] == $username) { $login_attempt['number']++; $session->set_variable('login_attempt', $login_attempt); } else { //there is no previous login attempt //set the default $login_attempt = array(); $login_attempt['username'] = $username; $login_attempt['number'] = 1; //save it $session->set_variable('login_attempt', $login_attempt); } //if the # of logins = 5, lockout the user account if ($login_attempt['number'] == 5) { $try_to_find_user->is_deleted = 1; $try_to_find_user->deleted_dt = current_timestamp(); $try_to_find_user->save(); $session->message("You have had 5 incorrect login attempets, your account has been locked.</br>Please contact the administrator."); $redirect = ROOT_URL . "login.php"; $redirect .= isset($_GET['url']) ? "?url=" . $_GET['url'] : ''; redirect_head($redirect); } } else { //there is no previous login attempt //set the default $login_attempt = array(); $login_attempt['username'] = $username; $login_attempt['number'] = 1; //save it $session->set_variable('login_attempt', $login_attempt); } } else { //the username does not exist $session->unset_variable('login_attempt'); } $session->message("The username and password combination does not exist."); $redirect = ROOT_URL . "login.php?username="******"&url=" . $_GET['url'] : ''; redirect_head($redirect); return false; }