public function save() { $stmt = CW::$app->db->executeQuery("SELECT `password` FROM `users` WHERE `id` = {$this->userId}"); $result = $stmt->fetchAll(\PDO::FETCH_ASSOC); $oldPass = 0 < count($result) ? $result[0]['password'] : null; if (null === $oldPass) { return false; } if ($this->newPassword === $this->confirmPassword && Security::verifyHash($this->oldPassword, $oldPass)) { $stmt = CW::$app->db->prepare("UPDATE `users` SET `password` = :newPassword WHERE `id` = :userId"); return $stmt->execute([':newPassword' => Security::hash($this->newPassword), ':userId' => $this->userId]); } return false; }
public function signUp($username, $email, $password) { $stmt = \CW::$app->db->prepare("INSERT INTO `users` (`username`, `password`, `email`) VALUES (:username, :password, :email)"); return $stmt->execute([':username' => $username, ':password' => \components\Security::hash($password), ':email' => $email]); }
<?php use models\Update; use components\UrlManager; use components\helpers\ArrayHelper; $categoryName = CW::$app->request->get('category'); $type = CW::$app->request->get('type'); if (!Update::isValidType($type) && \components\web\Controller::DEFAULT_ACTION === $action && App::DEFAULT_CONTROLLER === $controller) { $type = Update::TYPE_FRESH; } $csrfHash = isset($_SESSION['_csrf']) ? \components\Security::hash($_SESSION['_csrf']) : null; ?> <!DOCTYPE html> <html> <head> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script> <script src="/js/app.js"></script> <script src="http://masonry.desandro.com/masonry.pkgd.js"></script> <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css"> <link href="/css/app.css" rel="stylesheet" type="text/css"> <link rel="shortcut icon" href="/images/logo.ico"> <title><?php echo $view->title; ?> </title> <?php foreach ($view->getLinks() as $link) { echo '<link ' . ArrayHelper::getArrayToString($link, ' ', function ($v, $k) { return "\"{$k}\"=\"{$v}\"";
?> [tags][]" value="<?php echo $tag; ?> "> <span onclick="removeEle(this.parentNode)">x</span> </span> <?php } ?> </div> <div id="tags-error"style="margin-top: 5px; color: red;"> <?php echo $model->getError('tags'); ?> </div> </div> <input type="hidden" name="_csrf" value="<?php echo \components\Security::hash($_SESSION['_csrf']); ?> "> <input type="submit" value="create update" class="submit-btn" style="margin-top: 10px;"> </form> </div> <?php } ?> </div>
public function endForm() { if ('post' === strtolower($this->method) && isset($_SESSION['_csrf'])) { echo sprintf('<input type="hidden" name="%s" value="%s">', '_csrf', \components\Security::hash($_SESSION['_csrf'])); } echo '</form>'; $jsValidation = ''; foreach ($this->jsValidators as $v) { $jsValidation .= "{$v}\n"; } $jsFieldValidators = ''; foreach ($this->jsOnChangeValidators as $v) { $jsFieldValidators .= "{$v}\n"; } echo <<<JS <script> \$(function() { function showError(jqEle, message) { jqEle.css({'display' : 'block'}); jqEle.html(message); } function hideError(jqEle) { jqEle.css({'display' : 'none'}); } \$("#{$this->id}").on("submit", function() { {$jsValidation} return true; }); {$jsFieldValidators} }); </script> JS; return ob_get_clean(); }