public function post() { $f3 = \Base::instance(); $userId = User::getUserId($f3->get("POST.username")); if ($userId) { if (User::verifyUserPassword($userId, $f3->get("POST.password"))) { $user = User::getUser($userId); // Check if the user is suspended if ($user->suspended_time != null) { $f3->set('error', sprintf('Your account is suspended since %s, check your email.', $user->suspended_time)); } else { // GO GO GO ! $f3->set('SESSION.id', $user->id); $f3->reroute("/dashboard"); return; } } else { $f3->set('error', 'Wrong username/password combination'); } } else { $f3->set('error', 'Wrong username/password combination'); } $f3->set('css', array('/static/css/auth.css')); $f3->set('target', 'auth/login.html'); $this->_render('base.html'); }
/** * Allows admins do create a new user * * @url /dashboard/admin/users/create */ public function createpost() { $f3 = \Base::instance(); // Login requires $this->_requireLogin(); $this->_requireRank('support'); // Create user $user = User::createUser(array('name' => $f3->get("POST.name"), 'username' => $f3->get("POST.username"), 'email' => $f3->get("POST.email"), 'password' => $f3->get("POST.password"))); // Data missing if ($user == false) { $f3->set('errors', ['Some information has not been entered correctly or is not long enough.']); } elseif (is_array($user)) { $f3->set('errors', $user); } else { // Redirect to that user's info page OR stay at this page if ($f3->exists('POST.disable-user-forward')) { $f3->reroute($f3->get('PATH')); } else { $f3->reroute("/dashboard/admin/users/details/" . $user->id); } return; } $f3->set('target', 'dashboard/admin/users/details.html'); $this->_render('base.html'); }
public function indexpost() { // Log-in stuff $f3 = \Base::instance(); $this->_requireLogin(); $user = $f3->get('user'); $activeOrganisation = User::getUserSelectedOrganisation($f3->get('PARAMS.id')); $listName = trim($f3->get('POST.listName')); if (strlen($listName) < 3) { $f3->set('error', 'List name must be at least 3 characters long'); } else { $list = Lists::createList(['listName' => $listName, 'orgId' => $activeOrganisation->id]); if ($f3->exists('POST.redirectToList')) { $f3->reroute('/dashboard/lists/' . $list); } else { $f3->reroute($f3->get('PATH')); } } $lists = Lists::getOrganisationLists($activeOrganisation->id); $orgMap = new \Models\Organisation(); $orgMap->load($activeOrganisation->id); $f3->set('user_org_selected', $orgMap->cast()); $f3->set('lists', $lists); $f3->set('target', 'dashboard/organisations/lists/index.html'); $this->_render('base.html'); }
public function post() { $f3 = \Base::instance(); // $f3->reroute('/beta'); // Exit immediately if public registrations are disabled if (!DbConfig::getOpt('openRegister')) { $f3->error(400); return; } if ($f3->get('POST.register-password') != $f3->get('POST.register-password-verify')) { $f3->set('errors', ['Password verify must match the first password.']); } else { $user = User::createUser(array('name' => $f3->get("POST.register-name"), 'username' => $f3->get("POST.register-username"), 'email' => $f3->get("POST.register-email"), 'password' => $f3->get("POST.register-password"))); // Data missing if ($user == false) { $f3->set('errors', ['Some information has not been entered correctly or is not long enough.']); } elseif (is_array($user)) { $f3->set('errors', $user); } else { $f3->set('SESSION.id', $user->id); $f3->set('tplData', ['name' => $f3->get("POST.register-username")]); SendingAPI::send(['mailTo' => $f3->get("POST.register-email"), 'mailSubject' => 'Thank you for registering on SquareMS !', 'mailContents' => ['html' => \Template::instance()->render('mails/register.html'), 'text' => "Thank you for registering on SquareMS ! \n" . "You can access your account now on https://squarems.net/ ! \n\n" . "Please do not respond to this email, it is sent by an automated system."]]); $f3->reroute("/dashboard"); return; } } $f3->set('css', array('/static/css/auth.css')); $f3->set('target', 'auth/register.html'); $this->_render('base.html'); }
public function apipost() { $f3 = \Base::instance(); $this->_requireLogin(); $user = $f3->get('user'); $user_obj = $f3->get('user_obj'); $user_org = $f3->get('user_org'); $user_org_links = $f3->get('user_org_links'); $db = $f3->get('db.instance'); // Get organisation mapper $orgId = $f3->get('PARAMS.id'); if ($orgId == 'active') { $orgMap = \Helpers\User::getUserSelectedOrganisation(); } else { $orgMap = \Helpers\User::getUserSelectedOrganisation($orgId); } $f3->set('user_org_selected', $orgMap->cast()); if ($orgMap->ownerId != $user['id']) { $f3->set('target', 'dashboard/organisations/details/unauthorized.html'); } else { $key = $f3->get('POST.newKeyName'); $key = $f3->scrub($key); if (strlen($key) < 5) { $f3->set('error', 'The key name must be at least 5 characters long.'); $f3->set('target', 'dashboard/organisations/api.html'); } else { $keys = \Helpers\Api::createOrganisationKey($orgId, $key); $f3->set('publicKey', $keys['publicKey']); $f3->set('privateKey', $keys['privateKey']); $f3->set('target', 'account/api_showprivkey.html'); } } $this->_render('base.html'); }
public static function insert($db, $data) { $query = 'INSERT INTO users (id, first_name, last_name, email, username, type, password, phone, address1, address2, city, zip_code, country, state, created, modified) VALUES (:id, :first_name, :last_name, :email, :username, :type, :password, :phone, :address1, :address2, :city, :zip_code, :country, :state, NOW(), NOW())'; $stmt = $db->prepare($query); $stmt->execute(array('id' => $data['id'], 'first_name' => $data['first_name'], 'last_name' => $data['last_name'], 'email' => $data['email'], 'username' => $data['username'], 'type' => 'member', 'password' => \Helpers\User::create_password_hash($data['password']), 'phone' => $data['phone'] ? $data['phone'] : NULL, 'address1' => $data['address1'] ? $data['address1'] : NULL, 'address2' => $data['address2'] ? $data['address2'] : NULL, 'city' => $data['city'] ? $data['city'] : NULL, 'zip_code' => $data['zip_code'] ? $data['zip_code'] : NULL, 'country' => $data['country'] ? $data['country'] : NULL, 'state' => $data['state'] ? $data['state'] : NULL)); return $stmt; }
public function create() { // Log-in stuff $f3 = \Base::instance(); $this->_requireLogin(); $user = $f3->get('user'); $activeOrganisationId = User::getUserSelectedOrganisation(); $lists = Lists::getOrganisationLists($activeOrganisationId); $f3->set('lists', $lists); $f3->set('target', 'dashboard/organisations/lists/index.html'); $this->_render('base.html'); }
public static function user_id() { if (\Helpers\User::is_logged_in()) { return $_SESSION['user_id']; } else { $uid = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : NULL; if (!$uid) { $uid = \Helpers\User::uid(); $_SESSION['user_id'] = $uid; } return $uid; } }
public function index() { $current_user = User::current(); if (!$current_user->isAdmin()) { http_response_code(403); echo "Access denied"; return; } $since = $_GET['start']; $until = $_GET['end']; if ($since == NULL) { $since = strtotime("midnight"); } else { $since = $this->validate_date($since); if (!$since) { http_response_code(409); echo 'Invalid start date'; return; } $since = strtotime("midnight", $since); } if ($until == NULL) { $until = strtotime("tomorrow"); } else { $until = $this->validate_date($until); if (!$until) { http_response_code(409); echo 'Invalid end date'; return; } $until = strtotime("midnight", $until); } Breadcrumbs::add(DIR, 'Credentials'); Breadcrumbs::add('', 'Audit'); $data['breadcrumbs'] = Breadcrumbs::get(); $data['title'] = 'Audit'; $data['current_user'] = $current_user; $data['footer-logic'] = 'credentials/audit-footer'; $data['logs'] = $this->audit->get($since, $until); $data['since'] = $since; $data['until'] = $until; $data['span'] = $until - $since; View::renderTemplate('header', $data); View::render('credentials/audit', $data); View::renderTemplate('footer', $data); }
public function viewpost() { $f3 = \Base::instance(); $this->_requireLogin(); $user = $f3->get('user'); $user_obj = $f3->get('user_obj'); $user_org_links = $f3->get('user_org_links'); $db = $f3->get('db.instance'); $ticketId = $f3->get('PARAMS.id'); $ticket = new Ticket(); $ticket->load($ticketId); if ($ticket->loaded() and $ticket->memberId == $user['id']) { $text = $f3->get('POST.text'); $text = $f3->clean($text); if (strlen($text) > 10) { // Add response and redirect $ticketmsg = new TicketMessage(); $ticketmsg->ticketId = $ticket->id; $ticketmsg->text = $text; $ticketmsg->senderId = $user['id']; $ticketmsg->sendTime = date("Y-m-d H:i:s"); $ticketmsg->save(); // Set ticket to active if closed if ($ticket->status == 'closed') { $ticket->status = 'active'; $ticket->save(); } // Sending a mail to admins $admins = \Helpers\User::getUsersRankedHigherThen(1); $adminEmails = []; foreach ($admins as $admin) { $adminEmails[] = $admin['email']; } $f3->set('ticket_id', $ticket->id); $f3->set('ticket_text', $text); $f3->set('ticket_priority', $ticket->priority); SendingAPI::send(['mailTo' => $adminEmails, 'mailSubject' => 'An answer has been made to a ticket', 'mailContents' => ['html' => \Template::instance()->render('mails/ticketAnswer.html'), 'text' => "An answer has been made to a ticket. \n\n" . "From: " . $user['name'] . "\n" . "Priority: " . $ticket->priority . "\n" . "URL: " . 'https://squarems.net/dashboard/admin/support/ticket/' . $ticket->id . "\n\n" . $text . "\n\n" . "You can unsubscribe in your user settings: 'Notifications'."]]); $f3->reroute($f3->get('PATH')); } else { new Notification('Text must be at least 10 characters long.', 'danger', true); $f3->reroute($f3->get('PATH') . '?content=' . urlencode($text)); } } else { $f3->set('target', 'support/unauthorized.html'); } }
public function claimpost() { $f3 = \Base::instance(); if ($f3->get('user')) { if ($f3->get('user')['rank'] == 1) { new Notification('You cannot claim an invite while logged in.', 'danger', true); $f3->reroute('/dashboard'); return; } } $key = $f3->get('PARAMS.invite'); if (\Helpers\Invites::isValidKey($key)) { if ($f3->get('POST.register-password') != $f3->get('POST.register-password-verify')) { $f3->set('errors', ['Password verify must match the first password.']); } else { $user = User::createUser(array('name' => $f3->get("POST.register-name"), 'username' => $f3->get("POST.register-username"), 'email' => $f3->get("POST.register-email"), 'password' => $f3->get("POST.register-password"))); // Data missing if ($user == false) { $f3->set('errors', ['Some information has not been entered correctly or is not long enough.']); } elseif (is_array($user)) { $f3->set('errors', $user); } else { $f3->set('SESSION.id', $user->id); // Delete the key \Helpers\Invites::deleteInvite($key); // Send a mail $f3->set('tplData', ['name' => $f3->get("POST.register-username")]); SendingAPI::send(['mailTo' => $f3->get("POST.register-email"), 'mailSubject' => 'Thank you for registering on SquareMS !', 'mailContents' => ['html' => \Template::instance()->render('mails/register.html'), 'text' => "Thank you for registering on SquareMS ! \n" . "You can access your account now on https://squarems.net/ ! \n\n" . "Please do not respond to this email, it is sent by an automated system."]]); $f3->reroute("/dashboard"); return; } } $f3->set('css', array('/static/css/auth.css')); $f3->set('target', 'invite.html'); $this->_render('base.html'); } else { $f3->error(404); } }
public function loadCurrent() { $f3 = \Base::instance(); // Admins can masquerade as clients, so we need to load that $mask = $f3->get('SESSION.mask'); if ($mask && \Helpers\User::validateUser($mask)) { $user = \Helpers\User::getUser($mask); } else { // No mask, try to load from session $id = $f3->get('SESSION.id'); if ($id && \Helpers\User::validateUser($id)) { $user = \Helpers\User::getUser($id); } } if (isset($user)) { // User is logged in if ($user->suspended_time != null) { // User is suspended $f3->clear('SESSION.id'); $f3->reroute('/auth/login'); } else { // Valid, go // Set defaults $f3->set('user', $user->cast()); $f3->set('user_obj', $user); $f3->set('user_org', \Helpers\User::getUserOrganisations($user->id)); $f3->set('user_org_links', \Helpers\User::getUserOrganisationLinks($user->id)); if ($user->exists('language') and $user->language) { $f3->set('LANGUAGE', $user->language); } return true; } } // We'll never come here, but the IDE complains so here it is return true; }
public function index($id = NULL) { $current_user = User::current(); if ($id == NULL) { if ($current_user->isAdmin()) { // User is admin, show index of users Breadcrumbs::add(DIR, 'Credentials'); Breadcrumbs::add('', 'Users'); $data['breadcrumbs'] = Breadcrumbs::get(); $data['title'] = 'User overview'; $data['current_user'] = $current_user; $data['users'] = $this->users->getAll(); $data['footer-logic'] = 'credentials/users-footer'; View::renderTemplate('header', $data); View::render('credentials/users', $data); View::renderTemplate('footer', $data); } else { // User is not admin, redirect to their page $this->index($current_user->id); } } else { $user = $this->users->getById($id); if ($user == NULL) { http_response_code(404); echo "Not found"; return; } if ($current_user->id != $user->id && !$current_user->isAdmin()) { http_response_code(403); echo "Not allowed"; return; } Breadcrumbs::add(DIR, 'Credentials'); Breadcrumbs::add(DIR . 'users', 'Users'); Breadcrumbs::add('', $user->login); $data['breadcrumbs'] = Breadcrumbs::get(); $data['title'] = 'User ' . $user->login; $data['current_user'] = $current_user; $data['user'] = $user; $data['keys'] = $this->keys->getAllByUser($user); $data['footer-logic'] = 'credentials/user-footer'; View::renderTemplate('header', $data); View::render('credentials/user', $data); View::renderTemplate('footer', $data); } }
} } else { $pathInfo = $env['PATH_INFO'] . (substr($env['PATH_INFO'], -1) !== '/' ? '/' : ''); // extract lang from PATH_INFO foreach ($availableLangs as $availableLang) { $match = '/' . $availableLang; if (strpos($pathInfo, $match . '/') === 0) { $lang = $availableLang; $env['PATH_INFO'] = substr($env['PATH_INFO'], strlen($match)); if (strlen($env['PATH_INFO']) == 0) { $env['PATH_INFO'] = '/'; } } } } $base_url = $config['base_url']; if ($app->environment()['slim.url_scheme'] == 'https') { define('BASE_URL', str_replace('http', 'https', $base_url)); } else { define('BASE_URL', $base_url); } $uid = \Helpers\User::user_id(); $cart_items = \Data\CartRepository::get_shopping_cart_contents($db, $uid); if ($cart_items && count($cart_items)) { $cart = \Helpers\Util::parse_cart_items($cart_items); } $app->view()->setLang($lang); $app->view()->setAvailableLangs($availableLangs); $app->view()->setPathInfo($env['PATH_INFO']); $app->view()->appendData(array('page_title' => NULL, 'cart' => isset($cart) ? $cart : NULL, 'db' => $db)); });
Audit::log('console', 'set user admin ' . $user->login . '(' . $user->id . ')'); $users->setAdmin($user->id, 1); } else { dbg('Login not found'); exit(1); } } } else { if ($action == "user") { if ($var == NULL) { $result = User::instance()->get(); foreach ($result as $user) { show_user($user); } } else { $user = User::instance()->find($var); if ($user != NULL) { show_user($user); } else { dbg('Login not found'); exit(1); } } } else { if ($action == "keys") { if ($var == NULL) { dbg("Missing login"); usage(); } $user = $users->getByLogin($var); if ($user == NULL) {
<?php /** * Routes - all standard routes are defined here. * * @author David Carr - dave@daveismyname.com * @version 2.2 * @date updated Sept 19, 2015 */ /** Create alias for Router. */ use Core\Router; use Helpers\Hooks; use Helpers\User; /** Define routes. */ Router::any('', 'Controllers\\Welcome@index'); Router::any('subpage', 'Controllers\\Welcome@subPage'); Router::any('test', function () { echo User::getIp(); }); /** Module routes. */ $hooks = Hooks::get(); $hooks->run('routes'); /** If no route found. */ Router::error('Core\\Error@index'); /** Turn on old style routing. */ Router::$fallback = false; /** Execute matched routes. */ Router::dispatch();
if (isset($params['cart'])) { add_to_cart($app, $db, $params); } elseif (isset($params['wishlist'])) { add_to_wish_list($app, $db, $params); } }); $app->get('/shop/checkout', $require_ssl, function () use($app, $db) { $app->view()->set_template('layouts/basic.php'); $app->render('shop/checkout.php', array('page_title' => 'Checkout Options')); }); $app->get('/shop/cccheckout', $require_ssl, function () use($app, $db) { $flash = $app->view()->getData('flash'); if (!isset($flash['data'])) { $user = \Data\UserRepository::get_user_by_id($db, $_SESSION['user_id']); if ($user) { \Helpers\User::copy_user_to_flash($user); } } $checkout_errors = isset($flash['checkout_errors']) ? $flash['checkout_errors'] : array(); $app->view()->set_template('layouts/basic.php'); $app->render('shop/cccheckout.php', array('page_title' => 'Checkout', 'checkout_errors' => $checkout_errors)); }); $app->post('/shop/cccheckout', $require_ssl, function () use($app, $db, $config) { $cart = $app->view()->getData('cart'); $data = $app->request()->post(); if (isset($cart['messages']) && count($cart['messages'])) { $app->flash('checkout_errors', $cart['messages']); $app->flash('data', $data); $app->redirect($app->view()->url_secure('/shop/checkout')); } include BASE_URI . DS . 'routes' . DS . 'validators' . DS . 'checkout.php';
public function createpost() { $f3 = \Base::instance(); $this->_requireLogin(); $user = $f3->get('user'); $user_obj = $f3->get('user_obj'); $user_org_links = $f3->get('user_org_links'); $db = $f3->get('db.instance'); $name = $f3->get('POST.name'); $priority = $f3->get('POST.priority'); $text = $f3->get('POST.content'); $errors = []; if (!empty($name)) { $name = $f3->clean($name); if (strlen($name) < 7) { $errors[] = 'Ticket name must be at least 8 characters long'; } } else { $errors[] = 'Ticket name cannot be empty'; } $priority = (int) $priority; if ($priority > 4 or $priority < 1) { $errors[] = 'Priority is 4 max, 1 min.'; } if (!empty($text)) { $text = $f3->clean($text); if (strlen($text) < 30) { $errors[] = 'Ticket content must be at least 30 characters long.'; } } else { $errors[] = 'Ticket text cannot be empty'; } if (empty($errors)) { // No errors, create ticket // Ticket $ticket = new Ticket(); $ticket->memberId = $user['id']; $ticket->status = 'active'; $ticket->statusColor = 'red'; $ticket->assignedUserId = 0; $ticket->title = $name; $ticket->create_time = date("Y-m-d H:i:s"); $ticket->priority = $priority; $ticket->save(); // First ticket message $ticketmsg = new TicketMessage(); $ticketmsg->ticketId = $ticket->id; $ticketmsg->text = $text; $ticketmsg->senderId = $user['id']; $ticketmsg->sendTime = date("Y-m-d H:i:s"); $ticketmsg->save(); // Sending a mail to admins $admins = User::getUsersRankedHigherThen(1); $adminEmails = []; foreach ($admins as $admin) { $adminEmails[] = $admin['email']; } $f3->set('ticket_id', $ticket->id); $f3->set('ticket_text', $text); $f3->set('ticket_priority', $priority); SendingAPI::send(['mailTo' => $adminEmails, 'mailSubject' => 'New support ticket opened', 'mailContents' => ['html' => \Template::instance()->render('mails/newTicket.html'), 'text' => "A new ticket has just been opened. \n\n" . "From: " . $user['name'] . "\n" . "Priority: " . $priority . "\n" . "URL: " . 'https://squarems.net/dashboard/admin/support/ticket/' . $ticket->id . "\n\n" . $text . "\n\n" . "You can unsubscribe in your user settings: 'Notifications'."]]); // Redirect to ticket $f3->reroute('/support/ticket/' . $ticket->id); } else { // Show him his errors $f3->set('errors', $errors); } $f3->set('target', 'support/new.html'); $this->_render('base.html'); }
public function createMany($data) { $current_user = User::current(); if (!$current_user->isAdmin()) { http_response_code(403); echo 'Not allowed'; return; } $results = array(); foreach ($data as $data) { $result = array('user' => $data->user, 'host' => $data->host); if ($this->validate_key($data, $result)) { $user = User::instance()->get($data->user); $result['user_id'] = $user->id; $key = $this->keys->getByUserHost($user, $data->host); if ($key != NULL) { $result['status'] = 409; $result['message'] = 'Host already exists for that user'; $result['key_id'] = $key->id; } else { $key = $this->keys->create($user, $data->host, $data->hash); Audit::log($current_user, 'create key ' . $key->id . ' for ' . $user, $key); $result['key_id'] = $key->id; $result['status'] = 200; $result['message'] = 'Ok'; } } $results[] = $result; } echo json_encode($results, JSON_PRETTY_PRINT); }
function sendForgotPasswordMail($user, $password, $config) { $message = "Your password to log into WildVapor has been\n temporarily changed to '{$password}'. Please log in using that password and this\n email address. Then you may change your password to something more familiar."; if ($config['live']) { $body = file_get_contents(BASE_URI . DS . 'views' . DS . 'mail_template.html'); $body = str_replace('{{title}}', 'Your temporary password at WildVapor Inc', $body); $body = str_replace('{{message}}', $message, $body); $data = array('live' => $config['live'], 'mail_username' => $config['mail_username'], 'mail_password' => $config['mail_password'], 'mail_to_address' => $user['email'], 'mail_to_name' => \Helpers\User::get_name($user), 'subject' => 'Your temporary password at WildVapor.', 'body' => $body, 'mail_from' => $config['mail_from']); $mailer = new \Helpers\Mailer($data); if ($mailer->sendMail()) { return 'Your password has been changed. You will receive the new, temporary password via email. Once you have logged in with this new password, you may change it by clicking on the "Change Password" link.'; } else { return array('error' => $mailer->getError()); } } else { return $message; } }
<?php $authenticate = function (\Slim\Route $route) { $app = \Slim\Slim::getInstance(); if (!\Helpers\User::is_logged_in()) { $app->flash('error', $app->view()->tr('authentication.required')); $app->redirect($app->view()->url_secure('/session/login')); } }; return $authenticate;
<?php /** * Routes - all standard routes are defined here. * * @author David Carr - dave@daveismyname.com * @version 2.2 * @date updated Sept 19, 2015 */ /** Create alias for Router. */ use Core\Router; use Helpers\Hooks; use Helpers\User; /** Define routes. */ if (User::current()->isAdmin()) { Router::any('', 'Controllers\\Index@index'); } else { Router::any('', 'Controllers\\Users@index'); } Router::post('users', 'Controllers\\Users@create'); Router::get('users', 'Controllers\\Users@index'); Router::post('users/(:num)', 'Controllers\\Users@update'); Router::get('users/(:num)', 'Controllers\\Users@index'); Router::delete('users/(:num)', 'Controllers\\Users@delete'); Router::post('keys', 'Controllers\\Keys@create'); Router::post('keys/(:num)', 'Controllers\\Keys@update'); Router::get('keys/(:num)', 'Controllers\\Keys@index'); Router::delete('keys/(:num)', 'Controllers\\Keys@delete'); Router::get('audit', 'Controllers\\Audit@index'); /** Module routes. */ $hooks = Hooks::get();