public function execute()
{
if ($this->isLogged()) {
if (isset($_POST['cur_password']) && isset($_POST['new_password']) && isset($_POST['new_password2'])) {
$cur_password = $_POST['cur_password'];
$new_password = $_POST['new_password'];
$new_password2 = $_POST['new_password2'];
//test current password
if ($this->user->testPassword($cur_password)) {
//testing if the two new password are the same
if (strcmp($new_password, $new_password2) == 0) {
//change the password !
//todo
//settings with default hash,
//generate a salt
$salt = User::GenerateSalt();
$hash_type = $this->settings->getString('hash_type', 'sha256');
DbUser::UpdateUserPassword($this->user->id, $hash_type, $salt, $new_password);
$this->status = ChangePasswordAction::$Success;
} else {
$this->status = ChangePasswordAction::$Error;
$this->message = "The two passwords aren't the same";
}
} else {
$this->status = ChangePasswordAction::$Error;
$this->message = "Invalid current password";
}
}
} else {
//how you can change your password !?!
//todo normalize a redirection with BaseAction::__construct
header('location: login.php');
}
}
public function execute()
{
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$user = DbUser::GetByUsername($username);
if (!$user->isNull()) {
if ($user->testPassword($password)) {
$_SESSION['user_id'] = $user->id;
$this->pushAlert(Alert::CreateSuccess('Success', 'You\'re now connected with success.'));
header('location: index.php');
} else {
$this->addAlert(Alert::CreateDanger('Error', 'Invalid Username and/or password.'));
}
} else {
$this->addAlert(Alert::CreateDanger('Error', 'Invalid Username and/or password.'));
}
}
}
public function execute()
{
if ($this->isSignUpOpen()) {
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['password2']) && isset($_POST['email'])) {
$u_name = $_POST['username'];
$u_pass = $_POST['password'];
$pass2 = $_POST['password2'];
$u_email = $_POST['email'];
if (strcmp($u_pass, $pass2) == 0) {
if (!DbUser::IsUsernameOrEmailExists($u_name, $u_email)) {
$len_username = strlen($u_name);
if ($len_username >= $this->settings->getInt("username_min", 4) && $len_username <= $this->settings->getInt("username_max", 12)) {
//creating the user
$salt = User::GenerateSalt();
$hashType = $this->settings->getString('hash_type', 'sha256');
DbUser::Add($u_name, $salt, $hashType, $u_pass, "", "", $u_email);
$default_group = $this->settings->getString('default_user_group', 'Users');
$group = DbGroup::GetByName($default_group);
if (!$group->isNull()) {
$user = DbUser::GetByUsername($u_name);
if (!$user->isNull()) {
DbGroup::AddUser($group->id, $user->id);
}
}
$this->pushAlert(Alert::CreateSuccess('Success', 'Account created!'));
header('location: index.php');
} else {
$this->addAlert(Alert::CreateWarning('Warning', 'Username must be between ' . $this->settings->getInt("username_min", 4) . ' and ' . $this->settings->getInt("username_max", 12) . ' characters.'));
}
} else {
$this->addAlert(Alert::CreateWarning('Warning', 'Username and/or Email already exists in the database.'));
}
} else {
$this->addAlert(Alert::CreateWarning('Warning', 'Password mismatches.'));
}
}
} else {
$this->addAlert(Alert::CreateWarning('Warning', 'You can\'t create an account!'));
}
}
public function execute()
{
$action = "";
if (isset($_GET['action'])) {
$action = $_GET['action'];
}
if (strcmp($action, 'save_info') == 0) {
//save user info here
//todo
if (isset($_POST['first_name']) && isset($_POST['last_name'])) {
$firstName = $_POST['first_name'];
$lastName = $_POST['last_name'];
$user = $this->user;
$user->firstName = $firstName;
$user->lastName = $lastName;
DbUser::Update($user);
}
$this->addAlert(Alert::CreateSuccess('Success', 'Account information saved.'));
$this->reloadUser();
}
$this->accountPermissions = DbGroup::GetUserPermissions($this->user->id);
$this->accountGroups = DbGroup::GetUserGroups($this->user->id);
}
$redirectUrl = "../views/my_sold_auctions_view.php";
}
// Validate feedback input
$feedback = ["score" => $_POST["score"], "comment" => $_POST["comment"]];
if (ValidationOperator::hasEmtpyFields($feedback)) {
// Create a session for all inputs so that they can be recovered after the page returns
SessionOperator::setFormInput($feedback);
// Redirect back
HelperOperator::redirectTo($redirectUrl);
}
$auctionId = $_POST["auctionId"];
$creatorId = SessionOperator::getUser()->getUserId();
//get the id of receiver
$receiverUsername = $_POST["receiverUsername"];
/* @var DbUser $receiver */
$receiver = DbUser::withConditions("WHERE username = '******'")->first();
//check receiver exists AND there is no existing feedback (we only allow one)
if ($receiver == null or DbFeedback::withConditions("WHERE auctionId = " . $auctionId . " AND creatorId = " . $creatorId . " AND receiverId = " . $receiver->getId())->exists()) {
HelperOperator::redirectTo($redirectUrl);
}
// Create Feedback
$now = new DateTime("now", new DateTimeZone(TIMEZONE));
$feedback = new DbFeedback(array("auctionId" => $_POST["auctionId"], "creatorId" => SessionOperator::getUser()->getUserId(), "receiverId" => $receiver->getId(), "score" => $_POST["score"], "comment" => $_POST["comment"], "time" => $now->format('Y-m-d H:i:s')));
$feedback->create();
// Notify receiver
$auction = DbAuction::find($auctionId);
$item = DbItem::find($auction->getField("itemId"));
$comment = "You received a feedback from \"" . SessionOperator::getUser()->getUserName() . "\" in your participation in \"";
$comment .= $item->getField("itemName") . " - " . $item->getField("itemBrand") . "\".";
QueryOperator::addNotification($receiver->getId(), $comment, QueryOperator::NOTIFICATION_FEEDBACK_RECEIVED);
// Set feedback session
if (!isset($_SESSION['attempts'])) {
$_SESSION['attempts'] = 0;
}
if (!isset($_SESSION['loggedIn'])) {
$tpl->setTemplate('admin/admin_index.tpl');
if ($_SESSION['attempts'] > 2) {
// To many attempts
echo 'aantal pogingen is te groot, uw account wordt geblokkeerd!';
//Todo: Block user in db
$_SESSION['attempts'] = 0;
} else {
if ($name == '' || $pass == '') {
$_SESSION['attempts']++;
$tpl->assign('login', true);
} else {
$user = new DbUser();
try {
$password = $user->getPassword($name);
if ($pass == $password['password']) {
$_SESSION['loggedIn'] = true;
$_SESSION['user'] = $name;
setPage($param);
} else {
$_SESSION['attempts']++;
$tpl->assign('login', true);
}
} catch (Exception $e) {
$tpl->assign('login', true);
}
}
}
public function __construct($constraints = array())
{
$this->alerts = array();
$this->alertRenderer = new AlertRenderer();
if (isset($_SESSION['alerts'])) {
//fetching alerts
//clearing them when they are show
$this->alerts = $_SESSION['alerts'];
}
$this->constraints = $constraints;
$this->user = new User();
//todo
//do some methhods for getBoolConstraint, and other data type
$no_redirect = $this->getConstraint('no_redirect');
if (is_int($no_redirect)) {
$no_redirect = false;
} else {
$no_redirect = $no_redirect->value;
}
//loading settings
$settings = DbSetting::GetAll();
$this->settings = new SettingContainer($settings);
if ($this->settings->size() == 0) {
$this->initSettings();
}
if (isset($_SESSION['user_id'])) {
$user_id = $_SESSION['user_id'];
$this->user->id = $user_id;
$user = DbUser::GetById($user_id);
$perms = DbPermission::GetAll();
$this->permissions = new PermissionContainer($perms);
if (!$user->isNull()) {
$this->user = $user;
//loading permissions
$userPermissions = DbGroup::GetUserPermissions($this->user->id);
$this->userPermissions = $userPermissions->getPermissionsInt();
if ($this->user->isClearPassword()) {
//force a password change
//todo
$no_change = $this->getConstraint("no_change_password");
if (!is_int($no_change)) {
if (!$no_change->value) {
header('location: change_password.php');
}
} else {
header('location: change_password.php');
}
}
} else {
//sending the user directly to the login
if (!$no_redirect) {
header('location: login.php');
}
}
} else {
//sending the user directly to the login
if (!$no_redirect) {
header('location: login.php');
}
}
}
public function execute()
{
if (isset($_GET['action'])) {
$action = $_GET['action'];
} else {
$action = 'browse';
}
if (strcmp($action, 'browse') == 0) {
$this->view = UsersAdministrationAction::$BrowseUsers;
$this->title = "Users Administration - Browse Users";
//retrieve users
$page = 0;
$users_per_page = 50;
if (isset($_GET['page'])) {
$page = $_GET['page'];
}
$start = $page * $users_per_page;
$this->users = DbUser::Get($users_per_page, $start);
} else {
if (strcmp($action, 'new_user') == 0) {
$this->view = UsersAdministrationAction::$NewUserForm;
} else {
if (strcmp($action, 'edit_user') == 0) {
if (isset($_GET['user_id'])) {
$this->pageUser = DbUser::GetById($_GET['user_id']);
$this->groups = DbGroup::GetAll();
if (!$this->pageUser->isNull()) {
$this->userGroups = DbGroup::GetUserGroups($this->pageUser->id);
$this->view = UsersAdministrationAction::$EditUserForm;
} else {
$this->addAlert(Alert::CreateDanger('Error', 'Invalid User.'));
$this->view = UsersAdministrationAction::$BrowseUsers;
$this->reexecute(array('action' => 'browse'));
}
}
} else {
if (strcmp($action, 'save_user') == 0) {
if (isset($_POST['user_id']) && isset($_POST['first_name']) && isset($_POST['last_name']) && isset($_POST['email'])) {
$user_id = $_POST['user_id'];
$firstName = $_POST['first_name'];
$lastName = $_POST['last_name'];
$email = $_POST['email'];
$user = DbUser::GetById($user_id);
if (!$user->isNull()) {
$user->firstName = $firstName;
$user->lastName = $lastName;
$user->email = $email;
DbUser::Update($user);
$this->addAlert(Alert::CreateSuccess('Success', 'User updated.'));
$this->reexecute(array('action' => 'edit_user', 'user_id' => $user_id));
} else {
//error user not found
$this->addAlert(Alert::CreateDanger('Error', 'This user doesn\'t exists.'));
$this->reexecute(array('action' => 'browse'));
}
} else {
//missing field, so edit form again
$this->view = UsersAdministrationAction::$EditUserForm;
}
} else {
if (strcmp($action, 'remove_group') == 0) {
if (isset($_GET['group_id']) && isset($_GET['user_id'])) {
DbGroup::RemoveUser($_GET['group_id'], $_GET['user_id']);
$this->addAlert(Alert::CreateSuccess('Success', 'Group removed.'));
$this->reexecute(array('action' => 'edit_user'));
}
} else {
if (strcmp($action, 'add_user') == 0) {
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['password2']) && isset($_POST['first_name']) && isset($_POST['last_name']) && isset($_POST['email'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$firstName = $_POST['first_name'];
$lastName = $_POST['last_name'];
$email = $_POST['email'];
if (strcmp($password, $password2) == 0) {
if (!DbUser::IsUsernameOrEmailExists($username, $email)) {
//username length check
$len_username = strlen($username);
if ($len_username >= $this->settings->getInt("username_min", 4) && $len_username <= $this->settings->getInt("username_max", 12)) {
//creating the user
$salt = User::GenerateSalt();
$hashType = $this->settings->getString('hash_type', 'sha256');
DbUser::Add($username, $salt, $hashType, $password, $firstName, $lastName, $email);
$default_group = $this->settings->getString('default_user_group', 'Users');
$group = DbGroup::GetByName($default_group);
if (!$group->isNull()) {
$user = DbUser::GetByUsername($username);
if (!$user->isNull()) {
DbGroup::AddUser($group->id, $user->id);
}
}
$this->addAlert(Alert::CreateSuccess('Success', 'User added !'));
$this->reexecute(array('action' => 'browse'));
} else {
$this->view = UsersAdministrationAction::$NewUserForm;
$this->addAlert(Alert::CreateWarning('Warning', 'Username must be between ' . $this->settings->getInt("username_min", 4) . ' and ' . $this->settings->getInt("username_max", 12) . ' characters.'));
}
} else {
$this->view = UsersAdministrationAction::$NewUserForm;
$this->addAlert(Alert::CreateWarning('Warning', 'Username and/or Email already exists in the database.'));
}
} else {
$this->view = UsersAdministrationAction::$NewUserForm;
$this->addAlert(Alert::CreateWarning('Warning', 'Password mismatches.'));
}
} else {
//need to revmap this with a method
$this->reexecute(array('action' => 'browse'));
}
} else {
if (strcmp($action, 'change_password') == 0) {
if (isset($_POST['user_id']) && isset($_POST['password']) && isset($_POST['password2'])) {
$user_id = $_POST['user_id'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
if (strcmp($password, $password2) == 0) {
$salt = User::GenerateSalt();
$hashType = $this->settings->getString('hash_type', 'sha256');
DbUser::UpdateUserPassword($user_id, $hashType, $salt, $password);
$this->addAlert(Alert::CreateSuccess('Success', 'Password changed !'));
$this->reexecute(array('action' => 'edit_user', 'user_id' => $user_id));
} else {
$this->addAlert(Alert::CreateWarning('Warning', 'Password mismatches.'));
$this->reexecute(array('action' => 'edit_user', 'user_id' => $user_id));
}
} else {
$this->reexecute(array('action' => 'browse'));
}
} else {
if (strcmp($action, 'add_user_group') == 0) {
if (isset($_POST['user_id']) && isset($_POST['group_id'])) {
$u_id = $_POST['user_id'];
$g_id = $_POST['group_id'];
//for safety purpose
DbGroup::RemoveUser($g_id, $u_id);
DbGroup::AddUser($g_id, $u_id);
$this->addAlert(Alert::CreateSuccess('Success', 'User added to the group.'));
$this->reexecute(array('action' => 'edit_user', 'user_id' => $_POST['user_id']));
} else {
$this->reexecute(array('action' => 'browse'));
}
} else {
if (strcmp($action, 'delete_user') == 0) {
if (isset($_GET['user_id'])) {
$user_id = $_GET['user_id'];
DbUser::Delete($user_id);
//maybe log this into a file..
//todo
$this->addAlert(Alert::CreateSuccess('Success', 'User deleted.'));
}
$this->reexecute(array('action' => 'browse'));
}
}
}
}
}
}
}
}
}
}
/**
* @param $auction DbAuction
* @param $userIds array
* @return mixed
*/
function listUserIdsWithoutAuctionOwner($auction, $userIds)
{
$item = DbItem::find($auction->getField("itemId"));
$ownerId = DbUser::find($item->getField("userId"))->getId();
$key = array_search($ownerId, $userIds);
unset($userIds[$key]);
return $userIds;
}
public static function getFeedback($username)
{
// Retrieve user feedback statistics
$userId = DbUser::withConditions("WHERE username = '******'")->get(array("userId"))[0]["userId"];
$scores = [];
for ($index = 1; $index <= 5; $index++) {
$scores[] = self::getFeedbackScores($userId, $index);
}
// Retrieve feedbacks
$feedbackAsSeller = self::getFeedbacks($userId, self::ROLE_SELLER);
$feedbackAsBuyer = self::getFeedbacks($userId, self::ROLE_BUYER);
$advancedFeedback = new AdvancedFeedback($scores, $feedbackAsSeller, $feedbackAsBuyer);
return $advancedFeedback;
}
$dir = $_SERVER['DOCUMENT_ROOT'] . "/images/item_images";
$itemImages = scandir($dir);
unset($itemImages[0]);
unset($itemImages[1]);
foreach ($itemImages as &$itemImage) {
$itemImage = "/images/item_images/" . $itemImage;
}
$dir = $_SERVER['DOCUMENT_ROOT'] . "/images/profile_images";
$profileImages = scandir($dir);
unset($profileImages[0]);
unset($profileImages[1]);
foreach ($profileImages as &$profileImage) {
$profileImage = "/images/profile_images/" . $profileImage;
}
for ($i = 0; $i < $numUsers; $i++) {
$user = new DbUser(array("username" => $faker->userName . $faker->numberBetween(0, 100), "email" => $faker->email, "firstName" => $faker->firstName, "lastName" => $faker->lastName, "address" => $faker->address, "postcode" => $faker->postcode, "city" => $faker->city, "countryId" => $faker->randomElement(array(229, 14, 33)), "password" => password_hash("1111111111", PASSWORD_BCRYPT), "verified" => 1, "image" => $faker->randomElement($profileImages)));
$user->create();
$numItemsForUser = $faker->numberBetween(0, $maxItemsPerUser - 1);
for ($z = 0; $z < $numItemsForUser; $z++) {
$catName = $faker->randomElement(array_keys($catsAndItemNames));
$itemCatId = array_search($catName, array_keys($catsAndItemNames)) + 1;
/*if($faker->boolean(1)){
$itemName = $faker->randomElement($catsAndItemNames[$catName]);
}else{*/
$itemName = $faker->randomElement($itemData)["Name"];
//}
$item = new DbItem(array("userId" => $user->getId(), "itemName" => $itemName, "itemBrand" => $faker->randomElement($itemData)["Brand Name"], "categoryId" => $itemCatId, "conditionId" => $faker->numberBetween(1, 4), "itemDescription" => $faker->sentences(3, true), "image" => $faker->randomElement($itemImages)));
$item->create();
$numAuctionForItem = $faker->numberBetween(0, $maxAuctionsPerItem - 1);
for ($x = 0; $x < $numAuctionForItem; $x++) {
