function room() { global $sr_root; global $sr_channel_server_uri; global $sr_room_ui_title; global $sr_join_anonymous; global $sr_join_non_authorized; global $sr_default_chat_name; $db = sr_pdo(); $browser = room_get_browser(); if ($browser['name'] != 'Mozilla Firefox' && $browser['name'] != 'Google Chrome') { sr_redirect('/d/room/message/browser/'); } if (isset($_GET['name']) && strlen($_GET['name']) > 0) { try { $context = array(); // check if the room with the specified name exists $stmt = $db->prepare('SELECT * FROM room WHERE name = :name'); $stmt->bindParam(':name', $_GET['name']); $stmt->setFetchMode(PDO::FETCH_CLASS, 'Room'); $stmt->execute(); $room = $stmt->fetch(); if ($room === False) { // Room doesn't exist. Create a room using the requested name $room = new Room(); $room->name = $_GET['name']; $room->title = ''; $room->description = ''; $room->password = ''; $room->is_open = 1; $room->open($db); } else { $room->title = stripslashes($room->title); $room->description = stripslashes($room->description); } } catch (PDOException $e) { sr_response_error(500); } $context['sunrise_main'] = $sr_root; $context['channel_server'] = $sr_channel_server_uri; $context['room'] = $room; $context['room_link'] = sr_current_url(); $context['room_api'] = $sr_root; $context['room_ui_title'] = $sr_room_ui_title; //IF he is registered user if (sr_is_signed_in()) { //IF server allow non-authorized user to join if ($sr_join_non_authorized) { $context['user_id'] = $_SESSION['user_id']; $context['is_registered_user'] = '******'; //IF server allow only authorized user to join } else { //IF he is authorized user if (sr_is_authorized()) { $context['user_id'] = $_SESSION['user_id']; $context['is_registered_user'] = '******'; //IF he is non-authorized user } else { sr_redirect('/d/room/message/auth/'); } } //IF he is anonymous user } else { //IF server allow anonymous user to join if ($sr_join_anonymous) { $context['user_id'] = 0; $context['is_registered_user'] = '******'; //IF server not allow anonymous user to join } else { $_SESSION['next_page'] = 1; $_SESSION['room_name'] = $_GET['name']; $context['info'] = 'Only registered users can join the room.'; sr_response('views/main/signin.php', $context); } } $context['user_name'] = $_SESSION['user_name']; $context['chat_name'] = $_SESSION['chat_name']; if ($_SESSION['chat_name']) { $context['chat_name'] = $_SESSION['chat_name']; } else { if ($_SESSION['user_name']) { $context['chat_name'] = $_SESSION['user_name']; $_SESSION['chat_name'] = $_SESSION['user_name']; } else { $context['chat_name'] = $sr_default_chat_name; $_SESSION['chat_name'] = $sr_default_chat_name; } } if ($room->is_open == 1) { sr_response('views/room/room.php', $context); //IF locked room } else { if (isset($_SESSION['is_checked_password']) && $_SESSION['is_checked_password'] == $_SESSION['room_name']) { unset($_SESSION['is_checked_password']); unset($_SESSION['room_name']); sr_response('views/room/room.php', $context); } else { $_SESSION['room_name'] = $_GET['name']; sr_redirect('/d/room/message/pswd/'); } } } else { sr_response_error(400); } }
function main_profile() { if (!sr_is_signed_in()) { sr_response_error(400); } if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_POST['which'] == 'basic') { global $sr_regex_name; global $sr_regex_email; $user = new User(); $context = array(); if (!preg_match($sr_regex_email, $_POST['profile_email'])) { $context['result'] = 2; $context['msg'] = 'Please enter a valid email address'; } else { if (!preg_match($sr_regex_name, $_POST['first_name'])) { $context['result'] = 3; $context['msg'] = 'Name should consist of only alphabets (uppercase or lowercase).'; } else { if (!preg_match($sr_regex_name, $_POST['last_name'])) { $context['result'] = 4; $context['msg'] = 'Name should consist of only alphabets (uppercase or lowercase).'; } else { try { $db = sr_pdo(); $user = $user->get($db, sr_user_id()); $user->first_name = ucfirst($_POST['first_name']); $user->last_name = ucfirst($_POST['last_name']); $user->email = strtolower($_POST['profile_email']); $user->save($db); $context['result'] = 1; $context['msg'] = 'Successfully updated'; sr_set_user_first_name($user->first_name); sr_set_user_last_name($user->last_name); sr_set_user_name($user->first_name . ' ' . $user->last_name); sr_set_user_email($user->email); } catch (PDOException $e) { $context['result'] = 99; $context['msg'] = 'Failed to save. Please try it again.'; } } } } $context['which'] = 'basic'; $context['first_name'] = sr_user_first_name(); $context['last_name'] = sr_user_last_name(); $context['email'] = sr_user_email(); $context['is_authorized'] = sr_is_authorized(); $context['is_admin'] = sr_is_admin(); sr_response('views/main/profile.php', $context); } else { if ($_POST['which'] == 'password') { global $sr_regex_password; $user = new User(); $context = array(); if (!preg_match($sr_regex_password, $_POST['old_password'])) { $context['result'] = 5; $context['msg'] = 'Please enter a valid password.<br />Password should be alphanumeric.'; } else { if (!preg_match($sr_regex_password, $_POST['new_password'])) { $context['result'] = 6; $context['msg'] = 'Please enter a valid password.<br />Password should be alphanumeric.'; } else { if ($_POST['new_password'] != $_POST['repeat_password']) { $context['result'] = 7; $context['msg'] = 'Please repeat your password.'; } else { try { $db = sr_pdo(); $user = $user->get($db, sr_user_id()); if ($user->password != md5($_POST['old_password'])) { $context['result'] = 8; $context['msg'] = 'Please check your old password.'; } else { $user->password = md5($_POST['new_password']); $user->save($db); $context['result'] = 1; $context['msg'] = 'Successfully updated'; } } catch (PDOException $e) { $context['result'] = 99; $context['msg'] = 'Failed to save. Please try it again.'; } } } } $context['which'] = 'password'; $context['first_name'] = sr_user_first_name(); $context['last_name'] = sr_user_last_name(); $context['email'] = sr_user_email(); $context['is_authorized'] = sr_is_authorized(); $context['is_admin'] = sr_is_admin(); sr_response('views/main/profile.php', $context); } else { $user = new User(); $result = array(); try { $db = sr_pdo(); $user = $user->get($db, sr_user_id()); $user->delete($db); sr_signout(); echo json_encode($result); } catch (PDOException $e) { } } } } else { // Show profile view $context = array('which' => 'basic', 'first_name' => sr_user_first_name(), 'last_name' => sr_user_last_name(), 'email' => sr_user_email(), 'is_authorized' => sr_is_authorized(), 'is_admin' => sr_is_admin()); sr_response('views/main/profile.php', $context); } }