コード例 #1
0
ファイル: core.php プロジェクト: badboy/devbird
 function __construct()
 {
     date_default_timezone_set('Europe/Berlin');
     define('IN_CORE', true);
     require 'config/config.php';
     $dbconfig = array('hostname' => $mysql_hostname, 'username' => $mysql_username, 'password' => $mysql_password, 'database' => $mysql_database);
     $this->DB = new mysqli($dbconfig['hostname'], $dbconfig['username'], $dbconfig['password'], $dbconfig['database']);
     if (mysqli_connect_errno()) {
         die("Can't connect to database");
     }
     self::$db_con = $this->DB;
     $res = $this->query('SELECT type, name, value FROM {settings}') or die($this->error());
     while ($setting = $res->fetch_array()) {
         if ($setting['type'] == '1' || $setting['type'] == '2' || $setting['type'] == '3') {
             $this->settings[$setting['name']] = stripslashes($setting['value']);
         } else {
             $this->settings[$setting['name']] = NULL;
         }
     }
     $this->rootpath = $this->settings['Bloglink'];
     $this->adminrootpath = $this->rootpath . '/admin';
     $this->design = $this->settings['Design'];
     $this->encoding = $this->settings['Zeichensatz'];
     session_start();
     $username = $this->visitor_as_user();
     if ($username) {
         $this->user = User::find_by_name($username);
         if ($this->user) {
             $this->user->is_online();
         }
     } else {
         $this->user = new User();
     }
 }
コード例 #2
0
 public function testShouldShowUserButtonInNavbar()
 {
     $user = User::find_by_name('NeechyUser');
     $user->login();
     $html = $this->renderTemplate();
     $needle = '<div class="btn btn-group user-button logged-in">';
     $this->assertContains($needle, $html);
 }
コード例 #3
0
ファイル: user.php プロジェクト: klenwell/neechy-app-engine
 public static function current($field = null)
 {
     if (!User::is_logged_in()) {
         return null;
     } elseif (!$field) {
         return User::find_by_name($_SESSION['user']['name']);
     } else {
         return $_SESSION['user'][$field];
     }
 }
コード例 #4
0
ファイル: page.php プロジェクト: klenwell/neechy-app-engine
 public function __construct($fields = array())
 {
     parent::__construct($fields);
     # Set primogenitor
     if ($this->field('primogenitor_id')) {
         $this->primogenitor = $this->find_by_id($this->field('primogenitor_id'));
     }
     if ($this->field('editor')) {
         $this->editor = User::find_by_name($this->field('editor'));
     }
 }
コード例 #5
0
    private function confirm_password_reset()
    {
        $user_name = count($this->params) > 1 ? $this->params[1] : null;
        if (!$user_name) {
            $this->help();
            $this->print_error('You must provide a user name');
        }
        $user = User::find_by_name($user_name);
        if (!$user) {
            $this->print_error(sprintf('User "%s" not found', $user_name));
        }
        $confirmed = $this->prompt_user(sprintf('Are you sure your want to reset the password for user "%s"? [Y/n] ', $user_name));
        if ($confirmed == 'Y') {
            $new_password = $this->reset_user_password($user);
            $stdout = <<<STDOUT
    Password for user %s has been reset to:

    %s
STDOUT;
            printf($stdout, $user_name, $new_password);
        } else {
            $this->println('Password will not be reset.');
        }
    }
コード例 #6
0
ファイル: AdminController.php プロジェクト: JCQS04/myimouto
 public function resetPassword()
 {
     if ($this->request()->isPost()) {
         $user = User::find_by_name($this->params()->user['name']);
         if ($user) {
             $new_password = $user->reset_password();
             $this->notice('Password reset to ' . $new_password);
             if ($user->email) {
                 // try {
                 UserMailer::mail('new_password', [$user, $new_password])->deliver();
                 // } catch (\Exception $e) {
                 // $this->respond_to_success("Specified user's email address was invalid",
                 // ['#reset_password'], ['api' => ['result' => 'invalid-email']]);
                 // return;
                 // }
             }
         } else {
             $this->notice('That account does not exist');
             $this->redirectTo('#reset_password');
         }
     } else {
         $this->user = new User();
     }
 }
コード例 #7
0
 public function assertPasswordUnchanged($user_name, $old_password)
 {
     $user = User::find_by_name($user_name);
     $new_password = $user->field('password');
     $this->assertEquals($old_password, $new_password);
 }
コード例 #8
0
ファイル: FinderTest.php プロジェクト: scottdavis/nimblize
 public function testMagicFindAllFinder()
 {
     $id = User::find_by_name('names1')->id;
     $obj = Photo::find_all_by_user_id($id);
     $this->assertEquals($obj->length, 11);
     foreach ($obj as $record) {
         $this->assertEquals($record->user_id, $id);
     }
 }
コード例 #9
0
 public function validate_signup_user($value, $error_key = 'base')
 {
     if ($this->string_is_empty($value)) {
         $message = 'User name required';
         $this->add_error($error_key, $message);
         return FALSE;
     }
     if ($this->string_is_too_short($value, self::MIN_USERNAME_LENGTH)) {
         $message = sprintf('User name too short: must be at least %d chars', self::MIN_USERNAME_LENGTH);
         $this->add_error($error_key, $message);
         return FALSE;
     }
     if (!preg_match(self::RE_VALID_USERNAME, $value)) {
         $message = 'Invalid format: please use something like neechy, ' . 'neechy_user, or NeechyUser';
         $this->add_error($error_key, $message);
         return FALSE;
     }
     # Name used by another user/page
     $user = User::find_by_name($value);
     if ($user->exists()) {
         $message = 'This user name is not available. Please choose another.';
         $this->add_error($error_key, $message);
         return FALSE;
     }
     $page = Page::find_by_title($value);
     if (!$page->is_new()) {
         $message = 'This user name is not available. Please choose another.';
         $this->add_error($error_key, $message);
         return FALSE;
     }
     return TRUE;
 }
コード例 #10
0
ファイル: tag.php プロジェクト: laiello/my-imouto-booru
 static function parse_query($query, $options = array())
 {
     $q = array();
     foreach (self::scan_query($query) as $token) {
         if (preg_match('/^([qse])$/', $token, $m)) {
             $q['rating'] = $m[1];
             continue;
         }
         if (preg_match('/^(unlocked|deleted|ext|user|sub|vote|-vote|fav|md5|-rating|rating|width|height|mpixels|score|source|id|date|pool|-pool|parent|order|change|holds|pending|shown|limit):(.+)$/', $token, $m)) {
             if ($m[1] == "user") {
                 $q['user'] = $m[2];
             } elseif ($m[1] == "vote") {
                 list($vote, $user) = explode(':', $m[2]);
                 if ($user = User::find_by_name($user)) {
                     $user_id = $user->id;
                 } else {
                     $user_id = null;
                 }
                 $q['vote'] = array(self::parse_helper($vote), $user_id);
             } elseif ($m[1] == "-vote") {
                 if ($user = User::find_by_name($m[2])) {
                     $user_id = $user->id;
                 } else {
                     $user_id = null;
                 }
                 $q['vote_negated'] = $user_id;
                 // $q['vote_negated'] = User.find_by_name_nocase($m[2]).id rescue nil
                 if (!$q['vote_negated']) {
                     $q['error'] = "no user named " . $m[2];
                 }
             } elseif ($m[1] == "fav") {
                 $q['fav'] = $m[2];
             } elseif ($m[1] == "sub") {
                 $q['subscriptions'] = $m[2];
             } elseif ($m[1] == "md5") {
                 $q['md5'] = $m[2];
             } elseif ($m[1] == "-rating") {
                 $q['rating_negated'] = $m[2];
             } elseif ($m[1] == "rating") {
                 $q['rating'] = $m[2];
             } elseif ($m[1] == "id") {
                 $q['post_id'] = self::parse_helper($m[2]);
             } elseif ($m[1] == "width") {
                 $q['width'] = self::parse_helper($m[2]);
             } elseif ($m[1] == "height") {
                 $q['height'] = self::parse_helper($m[2]);
             } elseif ($m[1] == "mpixels") {
                 $q['mpixels'] = self::parse_helper($m[2], 'float');
             } elseif ($m[1] == "score") {
                 $q['score'] = self::parse_helper($m[2]);
             } elseif ($m[1] == "source") {
                 $q['source'] = $m[2] . '%';
             } elseif ($m[1] == "date") {
                 $q['date'] = self::parse_helper($m[2], 'date');
             } elseif ($m[1] == "pool") {
                 $q['pool'] = $m[2];
                 if (preg_match('/^(\\d+)$/', $q['pool'])) {
                     $q['pool'] = (int) $q['pool'];
                 }
             } elseif ($m[1] == "-pool") {
                 $pool = $m[2];
                 if (preg_match('/^(\\d+)$/', $pool)) {
                     $pool = (int) $pool;
                 }
                 $q['exclude_pools'][] = $pool;
             } elseif ($m[1] == "parent") {
                 $q['parent_id'] = $m[2] == "none" ? false : (int) $m[2];
             } elseif ($m[1] == "order") {
                 $q['order'] = $m[2];
             } elseif ($m[1] == "unlocked") {
                 $m[2] == "rating" && ($q['unlocked_rating'] = true);
             } elseif ($m[1] == "deleted") {
                 # This naming is slightly odd, to retain API compatibility with Danbooru's "deleted:true"
                 # search flag.
                 if ($m[2] == "true") {
                     $q['show_deleted_only'] = true;
                 } elseif ($m[2] == "all") {
                     $q['show_deleted_only'] = false;
                 }
                 # all posts, deleted or not
             } elseif ($m[1] == "ext") {
                 $q['ext'] = $m[2];
             } elseif ($m[1] == "change") {
                 $q['change'] = self::parse_helper($m[2]);
             } elseif ($m[1] == "shown") {
                 $q['shown_in_index'] = $m[2] == "true";
             } elseif ($m[1] == "holds") {
                 if ($m[2] == "true" or $m[2] == "only") {
                     $q['show_holds'] = 'only';
                 } elseif ($m[2] == "all") {
                     $q['show_holds'] = 'yes';
                 } elseif ($m[2] == "false") {
                     $q['show_holds'] = 'hide';
                 }
             } elseif ($m[1] == "pending") {
                 if ($m[2] == "true" or $m[2] == "only") {
                     $q['show_pending'] = 'only';
                 } elseif ($m[2] == "all") {
                     $q['show_pending'] = 'yes';
                 } elseif ($m[2] == "false") {
                     $q['show_pending'] = 'hide';
                 }
             } elseif ($m[1] == "limit") {
                 $q['limit'] = $m[2];
             }
         } elseif ($token[0] == '-' && strlen($token) > 1) {
             $q['exclude'][] = substr($token, 1);
         } elseif ($token[0] == '~' && count($token) > 1) {
             $q['include'][] = substr($token, 1);
         } elseif (strstr('*', $token)) {
             $tags = Tag::find_all(array('conditions' => array("name LIKE ?", $token), 'select' => "name, post_count", 'limit' => 25, 'order' => "post_count DESC"));
             foreach ($tags as $i) {
                 $matches = $i->name;
             }
             !$matches && ($matches = array('~no_matches~'));
             $q['include'] += $matches;
         } else {
             $q['related'][] = $token;
         }
     }
     if (!isset($options['skip_aliasing'])) {
         isset($q['exclude']) && ($q['exclude'] = TagAlias::to_aliased($q['exclude']));
         isset($q['include']) && ($q['include'] = TagAlias::to_aliased($q['include']));
         isset($q['related']) && ($q['related'] = TagAlias::to_aliased($q['related']));
     }
     return $q;
 }
コード例 #11
0
ファイル: SqlMethods.php プロジェクト: JCQS04/myimouto
 public static function generate_sql($q, $options = array())
 {
     if (is_array($q)) {
         $original_query = isset($options['original_query']) ? $options['original_query'] : null;
     } else {
         $original_query = $q;
         $q = Tag::parse_query($q);
     }
     # Filling default values.
     $q = array_merge(array_fill_keys(array('md5', 'ext', 'source', 'fav', 'user', 'rating', 'rating_negated', 'unlocked_rating', 'show_holds', 'shown_in_index', 'exclude', 'related', 'post_id', 'mpixels', 'width', 'height', 'score', 'date', 'change'), null), $q);
     $options = array_merge(array_fill_keys(array('pending', 'flagged', 'from_api', 'limit', 'offset', 'count', 'select', 'having'), null), $options);
     $conds = array('true');
     $joins = array('posts p');
     $join_params = array();
     $cond_params = array();
     if (!empty($q['error'])) {
         $conds[] = "FALSE";
     }
     self::generate_sql_range_helper($q['post_id'], "p.id", $conds, $cond_params);
     self::generate_sql_range_helper($q['mpixels'], "p.width*p.height/1000000.0", $conds, $cond_params);
     self::generate_sql_range_helper($q['width'], "p.width", $conds, $cond_params);
     self::generate_sql_range_helper($q['height'], "p.height", $conds, $cond_params);
     self::generate_sql_range_helper($q['score'], "p.score", $conds, $cond_params);
     self::generate_sql_range_helper($q['date'], "DATE(p.created_at)", $conds, $cond_params);
     self::generate_sql_range_helper($q['change'], "p.change_seq", $conds, $cond_params);
     if (is_string($q['md5'])) {
         $conds[] = "p.md5 IN (?)";
         $cond_params[] = explode(',', $q['md5']);
     }
     if (is_string($q['ext'])) {
         $conds[] = "p.file_ext IN (?)";
         $cond_params[] = explode(',', strtolower($q['ext']));
     }
     if (isset($q['show_deleted_only'])) {
         if ($q['show_deleted_only']) {
             $conds[] = "p.status = 'deleted'";
         }
     } elseif (empty($q['post_id'])) {
         # If a specific post_id isn't specified, default to filtering deleted posts.
         $conds[] = "p.status <> 'deleted'";
     }
     if (isset($q['parent_id']) && is_numeric($q['parent_id'])) {
         $conds[] = "(p.parent_id = ? or p.id = ?)";
         $cond_params[] = $q['parent_id'];
         $cond_params[] = $q['parent_id'];
     } elseif (isset($q['parent_id']) && $q['parent_id'] == false) {
         $conds[] = "p.parent_id is null";
     }
     if (is_string($q['source'])) {
         $conds[] = "lower(p.source) LIKE lower(?)";
         $cond_params[] = $q['source'];
     }
     if (isset($q['subscriptions'])) {
         preg_match('/^(.+?):(.+)$/', $q['subscriptions'], $m);
         $username = $m[1] ?: $q['subscriptions'];
         $subscription_name = $m[2];
         $user = User::find_by_name($username);
         if ($user) {
             if ($post_ids = TagSubscription::find_post_ids($user->id, $subscription_name)) {
                 $conds[] = 'p.id IN (?)';
                 $cond_params[] = $post_ids;
             }
         }
     }
     if (is_string($q['fav'])) {
         $joins[] = "JOIN favorites f ON f.post_id = p.id JOIN users fu ON f.user_id = fu.id";
         $conds[] = "lower(fu.name) = lower(?)";
         $cond_params[] = $q['fav'];
     }
     if (isset($q['vote_negated'])) {
         $joins[] = "LEFT JOIN post_votes v ON p.id = v.post_id AND v.user_id = ?";
         $join_params[] = $q['vote_negated'];
         $conds[] = "v.score IS NULL";
     }
     if (isset($q['vote'])) {
         $joins[] = "JOIN post_votes v ON p.id = v.post_id";
         // $conds[] = sprintf("v.user_id = %d", $q['vote'][1]);
         $conds[] = 'v.user_id = ?';
         $cond_params[] = $q['vote'][1];
         self::generate_sql_range_helper($q['vote'][0], "v.score", $conds, $cond_params);
     }
     if (is_string($q['user'])) {
         $joins[] = "JOIN users u ON p.user_id = u.id";
         $conds[] = "lower(u.name) = lower(?)";
         $cond_params[] = $q['user'];
     }
     if (isset($q['exclude_pools'])) {
         foreach (array_keys($q['exclude_pools']) as $i) {
             if (is_int($q['exclude_pools'][$i])) {
                 $joins[] = "LEFT JOIN pools_posts ep{$i} ON (ep{$i}.post_id = p.id AND ep{$i}.pool_id = ?)";
                 $join_params[] = $q['exclude_pools'][$i];
                 $conds[] = "ep{$i}.id IS NULL";
             }
             if (is_string($q['exclude_pools'][$i])) {
                 $joins[] = "LEFT JOIN pools_posts ep{$i} ON ep{$i}.post_id = p.id LEFT JOIN pools epp{$i} ON (ep{$i}.pool_id = epp{$i}.id AND LOWER(epp{$i}.name) LIKE ?)";
                 $join_params[] = "%" . strtolower($q['exclude_pools'][$i]) . "%";
                 $conds[] = "ep{$i}.id IS NULL";
             }
         }
     }
     if (isset($q['pool'])) {
         $conds[] = "pools_posts.active = true";
         if (!isset($q['order'])) {
             $paramsool_ordering = " ORDER BY pools_posts.pool_id ASC, CAST(pools_posts.sequence AS UNSIGNED), pools_posts.post_id";
         }
         if (is_int($q['pool'])) {
             $joins[] = "JOIN pools_posts ON pools_posts.post_id = p.id JOIN pools ON pools_posts.pool_id = pools.id";
             $conds[] = "pools.id = " . $q['pool'];
         }
         if (is_string($q['pool'])) {
             if ($q['pool'] == "*") {
                 $joins[] = "JOIN pools_posts ON pools_posts.post_id = p.id JOIN pools ON pools_posts.pool_id = pools.id";
             } else {
                 $joins[] = "JOIN pools_posts ON pools_posts.post_id = p.id JOIN pools ON pools_posts.pool_id = pools.id";
                 $conds[] = "LOWER(pools.name) LIKE ?";
                 $cond_params[] = "%" . strtolower($q['pool']) . "%";
             }
         }
     }
     # http://stackoverflow.com/questions/8106547/how-to-search-on-mysql-using-joins/8107017
     $tags_index_query = array();
     if (!empty($q['include']) && ($tags_include = self::generate_sql_escape_helper($q['include']))) {
         $joins[] = 'INNER JOIN posts_tags pti ON p.id = pti.post_id JOIN tags ti ON pti.tag_id = ti.id';
         $tags_index_query[] = 'ti.name IN (' . implode(', ', array_fill(0, count($tags_include), '?')) . ')';
         $cond_params = array_merge($cond_params, $tags_include);
     }
     if (!empty($q['related'])) {
         if (count($q['exclude']) > CONFIG()->tag_query_limit) {
             throw new Exception("You cannot search for more than " . CONFIG()->tag_query_limit . " tags at a time");
         }
         $tags_index_query[] = '(' . implode(', ', array_map(function ($v, $k) {
             return 't' . ($k + 1) . '.name';
         }, $q['related'], array_keys($q['related']))) . ') = (' . implode(', ', array_fill(0, count($q['related']), '?')) . ')';
         $cond_params = array_merge($cond_params, $q['related']);
         $joins[] = implode(' ', array_map(function ($k) {
             return 'INNER JOIN posts_tags pt' . ($k + 1) . ' ON p.id = pt' . ($k + 1) . '.post_id INNER JOIN tags t' . ($k + 1) . ' ON pt' . ($k + 1) . '.tag_id = t' . ($k + 1) . '.id';
         }, array_keys($q['related'])));
     }
     if (!empty($q['exclude'])) {
         if (count($q['exclude']) > CONFIG()->tag_query_limit) {
             throw new Exception("You cannot search for more than " . CONFIG()->tag_query_limit . " tags at a time");
         }
         $tags_index_query[] = 'NOT EXISTS
         (SELECT *
             FROM posts_tags pt
                 INNER JOIN tags t ON pt.tag_id = t.id
             WHERE p.id = pt.post_id 
                 AND t.name IN (' . implode(', ', array_fill(0, count($q['exclude']), '?')) . ')
         )';
         $cond_params = array_merge($cond_params, $q['exclude']);
     }
     if (!empty($tags_index_query)) {
         $conds[] = implode(' AND ', $tags_index_query);
     }
     if (is_string($q['rating'])) {
         $r = strtolower(substr($q['rating'], 0, 1));
         if ($r == "s") {
             $conds[] = "p.rating = 's'";
         } elseif ($r == "q") {
             $conds[] = "p.rating = 'q'";
         } elseif ($r == "e") {
             $conds[] = "p.rating = 'e'";
         }
     }
     if (is_string($q['rating_negated'])) {
         $r = strtolower(substr($q['rating_negated'], 0, 1));
         if ($r == "s") {
             $conds[] = "p.rating <> 's'";
         } elseif ($r == "q") {
             $conds[] = "p.rating <> 'q'";
         } elseif ($r == "e") {
             $conds[] = "p.rating <> 'e'";
         }
     }
     if ($q['unlocked_rating'] == true) {
         $conds[] = "p.is_rating_locked = FALSE";
     }
     if (isset($options['flagged'])) {
         $conds[] = "p.status = 'flagged'";
     }
     if (isset($q['show_holds'])) {
         if ($q['show_holds'] == 'only') {
             $conds[] = "p.is_held";
         } elseif ($q['show_holds'] == 'hide') {
             $conds[] = "NOT p.is_held";
         } elseif ($q['show_holds'] == 'yes') {
             /*do nothing?*/
         }
     } else {
         # Hide held posts by default only when not using the API.
         if (!$options['from_api']) {
             $conds[] = "NOT p.is_held";
         }
     }
     /**
      * MyImouto: Moved the following condition here so only one
      * of the conditions that set the pending status is met.
      * Before this, in post#moderate, when searching for a user's
      * pending posts, the SQL query would end up like this:
      * ... AND p.status = 'pending' ... AND p.status <> 'pending' ...
      */
     if (isset($options['pending'])) {
         $conds[] = "p.status = 'pending'";
     } else {
         if (isset($q['show_pending'])) {
             if ($q['show_pending'] == 'only') {
                 $conds[] = "p.status = 'pending'";
             } elseif ($q['show_pending'] == 'hide') {
                 $conds[] = "p.status <> 'pending'";
             } elseif ($q['show_pending'] == 'yes') {
                 /*do nothing?*/
             }
         } else {
             # Hide pending posts by default only when not using the API.
             if (CONFIG()->hide_pending_posts && !isset($options['from_api'])) {
                 $conds[] = "p.status <> 'pending'";
             }
         }
     }
     if (isset($q['shown_in_index'])) {
         if ($q['shown_in_index']) {
             $conds[] = "p.is_shown_in_index";
         } else {
             $conds[] = "NOT p.is_shown_in_index";
         }
     } elseif (!$original_query && !$options['from_api']) {
         # Hide not shown posts by default only when not using the API.
         $conds[] = "p.is_shown_in_index";
     }
     $sql = "SELECT ";
     if ($options['count']) {
         $sql .= " COUNT(*)";
     } elseif ($options['select']) {
         $sql .= ' ' . $options['select'];
     } else {
         $sql .= " p.*";
     }
     $sql .= " FROM " . implode(' ', $joins);
     $sql .= " WHERE " . implode(' AND ', $conds);
     if (!$options['count']) {
         $sql .= ' GROUP BY p.id ';
     }
     if (isset($q['order']) && !$options['count']) {
         if ($q['order'] == "id") {
             $sql .= " ORDER BY p.id";
         } elseif ($q['order'] == "id_desc") {
             $sql .= " ORDER BY p.id DESC";
         } elseif ($q['order'] == "score") {
             $sql .= " ORDER BY p.score DESC";
         } elseif ($q['order'] == "score_asc") {
             $sql .= " ORDER BY p.score";
         } elseif ($q['order'] == "mpixels") {
             # Use "w*h/1000000", even though "w*h" would give the same result, so this can use
             # the posts_mpixels index.
             $sql .= " ORDER BY width*height/1000000.0 DESC";
         } elseif ($q['order'] == "mpixels_asc") {
             $sql .= " ORDER BY width*height/1000000.0";
         } elseif ($q['order'] == "portrait") {
             $sql .= " ORDER BY 1.0*width/GREATEST(1, height)";
         } elseif ($q['order'] == "landscape") {
             $sql .= " ORDER BY 1.0*width/GREATEST(1, height) DESC";
         } elseif ($q['order'] == "portrait_pool") {
             # We can only do this if we're searching for a pool.
             if (isset($q['pool'])) {
                 $sql .= " ORDER BY 1.0*width / GREATEST(1, height), CAST(pools_posts.sequence AS UNSIGNED), pools_posts.post_id";
             }
         } elseif ($q['order'] == "change" || $q['order'] == "change_asc") {
             $sql .= " ORDER BY change_seq";
         } elseif ($q['order'] == "change_desc") {
             $sql .= " ORDER BY change_seq DESC";
         } elseif ($q['order'] == "vote") {
             if (isset($q['vote'])) {
                 $sql .= " ORDER BY v.updated_at DESC";
             }
         } elseif ($q['order'] == "fav") {
             if (is_string($q['fav'])) {
                 $sql .= " ORDER BY f.id DESC";
             }
         } elseif ($q['order'] == "random") {
             $sql .= " ORDER BY RAND()";
         } else {
             $use_default_order = true;
         }
     } else {
         $use_default_order = true;
     }
     if (isset($use_default_order) && !$options['count']) {
         if (isset($paramsool_ordering)) {
             $sql .= $paramsool_ordering;
         } else {
             if (!empty($options['from_api'])) {
                 # When using the API, default to sorting by ID.
                 $sql .= " ORDER BY p.id DESC";
             } else {
                 # MI: Added p.id DESC so posts with same index_timestamp are ordered by id.
                 $sql .= " ORDER BY p.index_timestamp DESC, p.id DESC";
             }
         }
     }
     if (isset($options['limit']) && isset($options['offset'])) {
         $sql .= ' LIMIT ' . $options['offset'] . ', ' . $options['limit'];
     } elseif (isset($options['limit'])) {
         $sql .= " LIMIT " . $options['limit'];
     }
     $params = array_merge($join_params, $cond_params);
     return array($sql, $params);
 }
コード例 #12
0
 /**
  * @Given /^I am logged in as "([^"]*)"$/
  */
 public function iAmLoggedInAs($arg1)
 {
     $CurrentUser = User::find_by_name($arg1);
 }
コード例 #13
0
<?php

//require the framework
require_once "requires/initialize.php";
// create the page
$page = new Page();
$page->name = "Forgot my Password";
// check to see if a user is already logged in
if ($session->is_logged_in) {
    $session->message("You are already logged in! To use the Forgot my Password feature, please logout first.");
    redirect_head(ROOT_URL);
}
// the user submitted the form
if (isset($_POST["submit"])) {
    $found_user = User::find_by_name($database->escape_value($_POST['email_address']), 'email_address');
    if ($found_user) {
        //the e-mail address was found
        //now we need to make sure it does not belong to an account that is deleted
        if ($found_user->is_deleted == '1') {
            $session->message("The account associated to that Email Address is disabled.");
        }
    } else {
        //the e-mail address is not associated with an account
        $session->message("The e-mail address you entered does not belong to an account.");
    }
    //only execute here if there was an account found, AND it is not soft-deleted
    if (empty($session->message())) {
        $new_request = new Reset_Password();
        $new_request->set_new_key();
        $new_request->user_wk = $found_user->user_wk;
        //save the record
コード例 #14
0
ファイル: login.php プロジェクト: badboy/devbird
<?php

$cur_title = 'Login';
if (isset($_POST['user_login'])) {
    $username = $_POST['user_name'];
    $password = $_POST['user_password'];
    if (empty($username) || empty($password)) {
        $error_msg = "Bitte alle Felder ausfüllen!";
    } else {
        $Blog->user = User::find_by_name($username);
        if ($Blog->user && $Blog->user->login($password)) {
            header("Location: {$Blog->adminrootpath}");
        } else {
            $error_msg = "Login-Daten waren nicht richtig. Versuche es noch einmal.";
        }
    }
}
include 'header_user.php';
echo "<h1>{$cur_title}</h1>\n";
if (!empty($error_msg)) {
    ?>
<form action="<?php 
    echo $_SERVER['REQUEST_URI'];
    ?>
" method="post">
 <fieldset>
  <legend>Meldung</legend>
  <p style="text-align:center;color:red;"><strong><?php 
    echo $error_msg;
    ?>
</strong></p>
コード例 #15
0
ファイル: update_user.php プロジェクト: onielmartinjr/cen4010
 //assign variables to all form-submitted values
 $email_address = $_POST['email_address'];
 $hashed_password = sha1($database->escape_value($_POST['password']));
 $confirmed_password = sha1($database->escape_value($_POST['confirmed_password']));
 $first_name = $_POST['first_name'];
 $last_name = $_POST['last_name'];
 $phone_number = return_numeric($_POST['phone_number']);
 $is_notifications_enabled = $_POST['email_notifications'];
 // validations
 //make sure passwords (first and confirmed) are the same
 if ($hashed_password != $confirmed_password) {
     $session->message($session->message . "The passwords you entered do not match. ");
 }
 //make sure the email address is not already taken
 if ($user->email_address != $email_address) {
     if (User::find_by_name($database->escape_value($email_address), "email_address")) {
         $session->message($session->message . "That email address is already taken, please enter a new email address. ");
         $email_address = $user->email_address;
     }
 }
 //only actually create the user if there are no errors
 if (empty($session->message)) {
     $user->email_address = $email_address;
     //only change the password if it's not empty
     if (!empty($_POST['password'])) {
         $user->hashed_password = $hashed_password;
     }
     $user->first_name = $first_name;
     $user->last_name = $last_name;
     $user->phone_number = $phone_number;
     $user->is_notifications_enabled = $is_notifications_enabled;
コード例 #16
0
ファイル: check.php プロジェクト: laiello/my-imouto-booru
<?php

required_params('username');
// $user = new User('find_by_name', Request::$params->username);
$user = User::find_by_name(Request::$params->username);
// vde($user);
$ret['exists'] = false;
$ret['name'] = Request::$params->username;
if (!$user) {
    $ret['response'] = "unknown-user";
    respond_to_success("User does not exist", null, array('api' => $ret));
    return;
}
# Return some basic information about the user even if the password isn't given, for
# UI cosmetics.
$ret['exists'] = true;
$ret['id'] = $user->id;
$ret['name'] = $user->name;
$ret['no_email'] = empty($user->email);
$pass = isset(Request::$params->password) ? Request::$params->password : "";
$user = User::authenticate(Request::$params->username, $pass);
if (!$user) {
    $ret['response'] = "wrong-password";
    respond_to_success("Wrong password", null, array('api' => $ret));
    return;
}
$ret['pass_hash'] = $user->password_hash;
$ret['user_info'] = $user->user_info_cookie();
$ret['response'] = 'success';
respond_to_success("Successful", null, array('api' => $ret));
コード例 #17
0
ファイル: FinderTest.php プロジェクト: scottdavis/active_php
 public function testFindByWithAnd()
 {
     $user = User::find_by_name('joe');
     $photo = Photo::find_by_user_id_and_title($user->id, 'photo_0');
     $this->assertEquals($photo->user_id, $user->id);
 }
コード例 #18
0
 public function testShouldConvertFieldsToJSON()
 {
     $user = User::find_by_name('NeechyUser');
     $expected = sprintf('{"id":"1","name":"NeechyUser","email":"*****@*****.**","password":"",' . '"status":"0","challenge":"","theme":"","show_comments":"N",' . '"created_at":"%s","updated_at":null}', $user->field('created_at'));
     $this->assertEquals($expected, $user->to_json());
 }
コード例 #19
0
ファイル: user.php プロジェクト: onielmartinjr/cen4010
 public static function login($username = "", $password = "")
 {
     //will retrieve user credentials if username and password are a match
     //if a match, it will spit out 1 user object
     //if not a match, it will return false
     global $database;
     global $session;
     global $page_file_name_with_get;
     $username = $database->escape_value($username);
     $password = sha1($database->escape_value($password));
     $sql = "SELECT * FROM `" . self::$table_name . "` ";
     $sql .= "WHERE username = '******' ";
     $sql .= "AND hashed_password = '******' ";
     $sql .= "LIMIT 1;";
     $result_array = self::find_by_sql($sql);
     //if soft deleted, display error message
     if (!empty($result_array)) {
         $user = array_shift($result_array);
         if ($user->is_deleted == 1) {
             //account was found, but is disabled
             $session->message($user->username . ", your account has been disabled. If you feel this is an error please contact the administrator.");
             redirect_head(ROOT_URL . "login.php?username="******"Successfully logged in!");
             $session->login($user);
             //this will determine where we redirect to
             //depending on whether or not there is a $_GET['url'] superglobal set
             if (isset($_GET['url'])) {
                 redirect_head($_GET['url']);
             } else {
                 redirect_head(ROOT_URL);
             }
         }
     }
     //the username password combination does not exist
     //so now, we need to do a couple of checks for the lockout security
     //1. We need to see if the username exists.
     //If it does, we ned to make a note that this username was incorrectly
     //logged into X number of times
     //Also - if the number of times this account has been logged into is 5 attempts
     //then we need to disable the account and display a relevant error message
     //If it does not exist, then do nothing
     $try_to_find_user = User::find_by_name($username, "username");
     if ($try_to_find_user) {
         //the username does exist
         //so now we need to determine the # of login attemps, and the account
         if (isset($session->login_attempt)) {
             $login_attempt = $session->login_attempt;
             //depending on whether or not the username is the same
             //we can either increment the login attempt number, or
             //we set the default
             if ($login_attempt['username'] == $username) {
                 $login_attempt['number']++;
                 $session->set_variable('login_attempt', $login_attempt);
             } else {
                 //there is no previous login attempt
                 //set the default
                 $login_attempt = array();
                 $login_attempt['username'] = $username;
                 $login_attempt['number'] = 1;
                 //save it
                 $session->set_variable('login_attempt', $login_attempt);
             }
             //if the # of logins = 5, lockout the user account
             if ($login_attempt['number'] == 5) {
                 $try_to_find_user->is_deleted = 1;
                 $try_to_find_user->deleted_dt = current_timestamp();
                 $try_to_find_user->save();
                 $session->message("You have had 5 incorrect login attempets, your account has been locked.</br>Please contact the administrator.");
                 $redirect = ROOT_URL . "login.php";
                 $redirect .= isset($_GET['url']) ? "?url=" . $_GET['url'] : '';
                 redirect_head($redirect);
             }
         } else {
             //there is no previous login attempt
             //set the default
             $login_attempt = array();
             $login_attempt['username'] = $username;
             $login_attempt['number'] = 1;
             //save it
             $session->set_variable('login_attempt', $login_attempt);
         }
     } else {
         //the username does not exist
         $session->unset_variable('login_attempt');
     }
     $session->message("The username and password combination does not exist.");
     $redirect = ROOT_URL . "login.php?username="******"&url=" . $_GET['url'] : '';
     redirect_head($redirect);
     return false;
 }