/**
* Checks to see if the request from the server is valid.
*
* @param string $uri The uri that was requested
* @param string $method The request method
* @return boolean The request validity
*/
public function is_valid($uri, $method)
{
$data = $this->data;
$hash = $data['oauth_signature'];
unset($data['oauth_signature']);
$checksum = Hash::generate($uri, $method, $data, $this->private_key);
return Hash::is_match($hash, $checksum);
}
/**
* Prepares data for a request.
*
* @param string $uri The uri to hit
* @param string $method The HTTP method (verb)
* @param array $data The data to send
* @return Asylum\Client $this....
*/
public function prepare($uri, $method, array $data)
{
/**
* Required oauth headers
* @link http://tools.ietf.org/html/rfc5849#section-3.1
*/
$headers = array('oauth_consumer_key' => $this->public_key, 'oauth_token' => '', 'oauth_signature_method' => "HMAC-SHA256", 'oauth_timestamp' => time(), 'oauth_nonce' => '', 'oauth_version' => '1.0');
$headers['oauth_signature'] = Hash::generate($this->endpoint . $uri, $method, $data + $headers, $this->private_key);
return array_merge($data, $headers);
}
public function addUser($data)
{
$safe_data['user_id'] = md5(uniqid(mt_rand, TRUE));
$safe_data['password'] = Hash::generate($data['password']);
$safe_data['username'] = $data['username'];
$safe_data['first_name'] = $data['first_name'];
$safe_data['last_name'] = $data['last_name'];
$safe_data['email'] = $data['email'];
$safe_data['gender'] = $data['gender'];
$safe_data['dob'] = $data['year'] . '-' . $data['month'] . '-' . $data['day'];
$safe_data['country'] = $data['country'];
DB::insert('user', $safe_data);
}
public function login($email, $pw, $pwIsHashed = false)
{
if (!$pwIsHashed) {
$pw = Hash::generate($pw);
}
$db = Database::getObject();
$db->query("SELECT * FROM <p>user WHERE email = <email> AND pw = <pw> AND active = '1'", compact("email", "pw"));
if ($db->numRows() == 1) {
$my = $db->fetchAssoc();
$this->setCookie($email, $pw);
return new User($my);
} else {
return $this->loginAsGuest();
}
}
public static function checkPW($pw)
{
$db = Database::getObject();
$data = array('id' => Me::get()->getId(), 'pw' => Hash::generate($pw));
$db->query("SELECT id FROM <p>user WHERE id = <id:int> AND pw = <pw> AND active = '1' LIMIT 1", $data);
return $db->numRows() == 1;
}
public function edit()
{
$id = Request::get(1, VAR_INT);
$action = Request::get(2, VAR_URI);
$this->breadcrumb->add('Bearbeiten');
$this->header();
$member = UserUtils::getById($id);
if ($member === null) {
CmsPage::error('Das angeforderte Mitglied wurde leider nicht gefunden.');
$this->members();
} else {
$min_year = date('Y') - 110;
$max_year = date('Y') - 8;
$countries = CmsTools::getCountries();
$db = Database::getObject();
$db->query("SELECT id, title FROM <p>group WHERE registered = 1 ORDER BY admin ASC, editor ASC, title");
$groups = array();
while ($row = $db->fetchAssoc()) {
$groups[$row['id']] = $row['title'];
}
$options = UserPages::getFieldValidation($countries, $min_year, $max_year);
$options['pw1'][Validator::OPTIONAL] = true;
$options['email'] = array(Validator::MULTIPLE => array(array(Validator::MESSAGE => 'Die E-Mail-Adresse ist nicht korrekt.', Validator::CALLBACK => Validator::CB_MAIL), array(Validator::MESSAGE => 'Diese E-Mail-Adresse ist bereits registriert.', Validator::CLOSURE => function ($mail) use($id) {
$other = UserUtils::getByEmail($mail);
return !($other !== null && $id != $other->getId());
})));
if (Me::get()->getId() != $id) {
$options['group_id'] = array(Validator::MESSAGE => 'Die Gruppe ist nicht gültig.', Validator::LIST_CS => array_keys($groups));
$options['active'] = array(Validator::OPTIONAL => true, Validator::EQUALS => 1, Validator::VAR_TYPE => VAR_INT);
}
$error = array();
$data = array();
if ($action == 'send') {
extract(Validator::checkRequest($options));
if (count($error) > 0) {
CmsPage::error($error);
} else {
// Update data
if (!empty($data['pw1']) && !empty($data['pw2'])) {
$data['pw'] = Hash::generate($data['pw1']);
}
// prepare SQL update
$sql = $data;
unset($sql['pw1'], $sql['pw2'], $sql['birthday'], $sql['birthmonth'], $sql['birthyear']);
if (Me::get()->getId() == $id) {
unset($sql['group_id'], $sql['active']);
// Don't allow to change own group or active state
}
$dt = new DT();
$dt->setDate($data['birthyear'], $data['birthmonth'], $data['birthday']);
$sql['birth'] = $dt->dbDate();
$update = array();
foreach ($sql as $field => $value) {
$update[] = "{$field} = <{$field}>";
}
$update = implode(', ', $update);
$sql['id'] = $id;
$db->query("UPDATE <p>user SET {$update} WHERE id = <id:int>", $sql);
// Update global data about me
Session::getObject()->refreshMe();
CmsPage::ok("Ihre Angaben wurden erfolgreich gespeichert.");
}
}
$user = $member->getArray();
$user = array_merge($user, $data);
$tpl = Response::getObject()->appendTemplate("Cms/admin/members_edit");
$tpl->assign('user', $user);
$tpl->assign('r_birthday', range(1, 31));
$tpl->assign('r_birthmonth', range(1, 12));
$tpl->assign('r_birthyear', range($min_year, $max_year));
$tpl->assign('countries', $countries);
$tpl->assign('groups', $groups);
$tpl->output();
}
$this->footer();
}