public function authControl()
{
$this->disableCaching();
$this->addHeaderJavaScript('assets/js/jqBootstrapValidation.js');
$this->addHeaderJavaScript('assets/js/validate-fields.js');
$this->addHeaderJavaScript('assets/js/jstz-1.0.4.min.js');
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$invite_dao = DAOFactory::getDAO('InviteDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
$this->addToView('owner', $owner);
$this->addToView('notification_options', $this->notification_frequencies);
$this->addToView('tz_list', Installer::getTimeZoneList());
$this->view_mgr->addHelp('api', 'userguide/api/posts/index');
$this->view_mgr->addHelp('application_settings', 'userguide/settings/application');
$this->view_mgr->addHelp('users', 'userguide/settings/allaccounts');
$this->view_mgr->addHelp('backup', 'install/backup');
$this->view_mgr->addHelp('account', 'userguide/settings/account');
//process password change
if (isset($_POST['changepass']) && $_POST['changepass'] == 'Change password' && isset($_POST['oldpass']) && isset($_POST['pass1']) && isset($_POST['pass2'])) {
// Check their old password is correct
if (!$owner_dao->isOwnerAuthorized($this->getLoggedInUser(), $_POST['oldpass'])) {
$this->addErrorMessage("Password is incorrect.", 'password');
} elseif ($_POST['pass1'] != $_POST['pass2']) {
$this->addErrorMessage("New passwords did not match. Your password has not been changed.", 'password');
} elseif (!preg_match("/(?=.{8,})(?=.*[a-zA-Z])(?=.*[0-9])/", $_POST['pass1'])) {
$this->addErrorMessage("Your new password must be at least 8 characters and contain both numbers " . "and letters. Your password has not been changed.", 'password');
} else {
// verify CSRF token
$this->validateCSRFToken();
// Try to update the password
if ($owner_dao->updatePassword($this->getLoggedInUser(), $_POST['pass1']) < 1) {
$this->addErrorMessage("Your password has NOT been updated.", 'password');
} else {
$this->addSuccessMessage("Your password has been updated.", 'password');
}
}
}
//reset api_key
if (isset($_POST['reset_api_key']) && $_POST['reset_api_key'] == 'Reset API Key') {
$this->validateCSRFToken();
$api_key = $owner_dao->resetAPIKey($owner->id);
if (!$api_key) {
throw new Exception("Unbale to update user's api_key, something bad must have happened");
}
$this->addSuccessMessage("Your API Key has been reset! Please update your ThinkUp RSS feed subscription.", 'api_key');
$owner->api_key = $api_key;
}
// process invite
if (isset($_POST['invite']) && $_POST['invite'] == 'Create Invitation') {
// verify CSRF token
$this->validateCSRFToken();
$invite_code = substr(md5(uniqid(rand(), true)), 0, 10);
$invite_added = $invite_dao->addInviteCode($invite_code);
if ($invite_added == 1) {
//invite generated and inserted
$invite_link = Utils::getApplicationURL() . 'session/register.php?code=' . $invite_code;
$this->addSuccessMessage("Invitation created!<br />Copy this link and send it to someone you want to " . 'invite to register on your ThinkUp installation.<br /><a href="' . $invite_link . '" id="clippy_12345">' . $invite_link . '</a>
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
width="100"
height="14"
class="clippy"
id="clippy" >
<param name="movie" value="' . Utils::getApplicationURL() . 'assets/flash/clippy.swf"/>
<param name="allowScriptAccess" value="always" />
<param name="quality" value="high" />
<param name="scale" value="noscale" />
<param NAME="FlashVars" value="id=clippy_12345&copied=copied!&copyto=copy to clipboard">
<param name="bgcolor" value="#D5F0FC">
<param name="wmode" value="opaque">
<embed src="' . Utils::getApplicationURL() . 'assets/flash/clippy.swf"
width="100"
height="14"
name="clippy"
quality="high"
allowScriptAccess="always"
type="application/x-shockwave-flash"
pluginspage="http://www.macromedia.com/go/getflashplayer"
FlashVars="id=clippy_12345&copied=copied!&copyto=copy to clipboard"
bgcolor="#dff0d8"
wmode="opaque"/></object>
<br /> Good for one new registration. Expires in 7 days.', 'invite', true);
} else {
$this->addErrorMessage("There was an error creating a new invite. Please try again.", 'invite');
}
}
//process service user deletion
if (isset($_POST['action']) && $_POST['action'] == 'Delete' && isset($_POST['instance_id']) && is_numeric($_POST['instance_id']) && !isset($_POST['hashtag_id']) && !isset($_POST['new_hashtag_name'])) {
$owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO');
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$instancehashtag_dao = DAOFactory::getDAO('InstanceHashtagDAO');
$hashtagpost_dao = DAOFactory::getDAO('HashtagPostDAO');
$hashtag_dao = DAOFactory::getDAO('HashtagDAO');
$instance = $instance_dao->get($_POST['instance_id']);
$message = '';
if (isset($instance)) {
// verify CSRF token
$this->validateCSRFToken();
if ($this->isAdmin()) {
//Retrieve this instance's saved searches
$instances_hashtags = $instancehashtag_dao->getByInstance($instance->id);
$deleted_searches = 0;
foreach ($instances_hashtags as $instance_hashtag) {
$hashtag_id = $instance_hashtag->hashtag_id;
$deleted_searches += $instancehashtag_dao->delete($instance_hashtag->instance_id, $hashtag_id);
//Continue deletions if no other owner has saved this search
if (!$instancehashtag_dao->isHashtagSaved($hashtag_id)) {
$deleted_searchposts = $hashtagpost_dao->deleteHashtagsPostsByHashtagID($hashtag_id);
$deleted_hashtag = $hashtag_dao->deleteHashtagByID($hashtag_id);
}
}
//delete all owner_instances
$owner_instance_dao->deleteByInstance($instance->id);
//delete instance
$instance_dao->delete($instance->network_username, $instance->network);
$this->addSuccessMessage('Account ' . ($deleted_searches > 0 ? 'and its saved searches ' : '') . 'deleted.', 'account');
} else {
if ($owner_instance_dao->doesOwnerHaveAccessToInstance($owner, $instance)) {
//delete owner instance
$total_deletions = $owner_instance_dao->delete($owner->id, $instance->id);
if ($total_deletions > 0) {
//delete instance if no other owners have it
$remaining_owner_instances = $owner_instance_dao->getByInstance($instance->id);
$deleted_searches = 0;
if (sizeof($remaining_owner_instances) == 0) {
//Retrieve this instance's saved searches
$instances_hashtags = $instancehashtag_dao->getByInstance($instance->id);
foreach ($instances_hashtags as $instance_hashtag) {
$hashtag_id = $instance_hashtag->hashtag_id;
$deleted_searches += $instancehashtag_dao->delete($instance_hashtag->instance_id, $hashtag_id);
//Continue deletions if no other owner has saved this search
if (!$instancehashtag_dao->isHashtagSaved($hashtag_id)) {
$deleted_searchposts = $hashtagpost_dao->deleteHashtagsPostsByHashtagID($hashtag_id);
$deleted_hashtag = $hashtag_dao->deleteHashtagByID($hashtag_id);
}
}
$instance_dao->delete($instance->network_username, $instance->network);
}
$this->addSuccessMessage('Account ' . ($deleted_searches > 0 ? 'and its saved searches ' : '') . 'deleted.', 'account');
}
} else {
$this->addErrorMessage('Insufficient privileges.', 'account');
}
}
} else {
$this->addErrorMessage('Instance doesn\'t exist.', 'account');
}
}
//process hashtag deletion
if (isset($_POST['action']) && $_POST['action'] == 'Delete' && isset($_POST['hashtag_id']) && is_numeric($_POST['hashtag_id']) && isset($_POST['instance_id']) && is_numeric($_POST['instance_id'])) {
$instancehashtag_dao = DAOFactory::getDAO('InstanceHashtagDAO');
$hashtag_dao = DAOFactory::getDAO('HashtagDAO');
$hashtagpost_dao = DAOFactory::getDAO('HashtagPostDAO');
$hashtag_id = $_POST['hashtag_id'];
$instance_id = $_POST['instance_id'];
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$instance = $instance_dao->get($instance_id);
if (isset($instance)) {
$instances_hashtags_deleted = $instancehashtag_dao->delete($instance_id, $hashtag_id);
if (!$instancehashtag_dao->isHashtagSaved($hashtag_id)) {
$deleted_searchposts = $hashtagpost_dao->deleteHashtagsPostsByHashtagID($hashtag_id);
$deleted_hashtag = $hashtag_dao->deleteHashtagByID($hashtag_id);
}
$message = "Deleted saved search.";
$this->addSuccessMessage($message, 'account');
} else {
$this->addErrorMessage('Instance doesn\'t exist.', 'account');
}
}
//process service user hashtag addition
if (isset($_POST['action']) && $_POST['action'] == 'Save search' && isset($_POST['new_hashtag_name']) && $_POST['new_hashtag_name'] != '' && isset($_POST['instance_id']) && is_numeric($_POST['instance_id'])) {
$instancehashtag_dao = DAOFactory::getDAO('InstanceHashtagDAO');
$hashtag_dao = DAOFactory::getDAO('HashtagDAO');
$instance_id = $_POST['instance_id'];
$new_hashtag_name = $_POST['new_hashtag_name'];
//Check if $new_hashtag_name is an individual word (no spaces)
if (strpos($new_hashtag_name, " ") === false) {
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$instance = $instance_dao->get($instance_id);
if (isset($instance)) {
$hashtag = $hashtag_dao->getHashtag($new_hashtag_name, $instance->network);
if (!isset($hashtag)) {
$hashtag_id = $hashtag_dao->insertHashtag($new_hashtag_name, $instance->network);
$row_inserted = $instancehashtag_dao->insert($instance_id, $hashtag_id);
$message = "Saved search for " . $new_hashtag_name . ".";
$this->addSuccessMessage($message, 'account');
} else {
$row_inserted = $instancehashtag_dao->insert($instance_id, $hashtag->id);
$message = "Saved search for " . $new_hashtag_name . ".";
$this->addSuccessMessage($message, 'account');
}
} else {
$this->addErrorMessage('Instance doesn\'t exist.', 'account');
}
} else {
$this->addErrorMessage('You can only search for an individual keyword or hashtag, not a phrase. ' . 'Please try again.', 'account');
}
}
//process change to notification frequency
if (isset($_POST['updatefrequency'])) {
$this->validateCSRFToken();
$new_freq = isset($_POST['notificationfrequency']) ? $_POST['notificationfrequency'] : null;
$updates = 0;
if ($new_freq && isset($this->notification_frequencies[$new_freq])) {
$updates = $owner_dao->setEmailNotificationFrequency($this->getLoggedInUser(), $new_freq);
}
if ($updates > 0) {
// Update the user in the view to match
$owner->email_notification_frequency = $new_freq;
$this->addToView('owner', $owner);
$this->addSuccessMessage('Your email notification frequency has been updated.', 'notifications');
}
}
//process change to timezone
if (isset($_POST['updatetimezone'])) {
$this->validateCSRFToken();
$new_tz = isset($_POST['timezone']) ? $_POST['timezone'] : null;
$updates = 0;
if (isset($new_tz)) {
$possible_timezones = timezone_identifiers_list();
if (in_array($new_tz, $possible_timezones)) {
$updates = $owner_dao->setTimezone($this->getLoggedInUser(), $new_tz);
}
}
if ($updates > 0) {
// Update the user in the view to match
$owner->timezone = $new_tz;
$this->addToView('owner', $owner);
$this->addSuccessMessage('Your time zone has been saved.', 'timezone');
}
}
$this->view_mgr->clear_all_cache();
/* Begin plugin-specific configuration handling */
if (isset($_GET['p']) && !isset($_GET['u'])) {
// add config js to header
if ($this->isAdmin()) {
$this->addHeaderJavaScript('assets/js/plugin_options.js');
}
$active_plugin = $_GET['p'];
$webapp_plugin_registrar = PluginRegistrarWebapp::getInstance();
$pobj = $webapp_plugin_registrar->getPluginObject($active_plugin);
$p = new $pobj();
$this->addToView('body', $p->renderConfiguration($owner));
$this->addToView('force_plugin', true);
$profiler = Profiler::getInstance();
$profiler->clearLog();
} elseif (isset($_GET['p']) && isset($_GET['u']) && isset($_GET['n'])) {
if ($this->isAdmin()) {
$this->addHeaderJavaScript('assets/js/plugin_options.js');
}
$active_plugin = $_GET['p'];
$instance_username = $_GET['u'];
$instance_network = $_GET['n'];
$webapp_plugin_registrar = PluginRegistrarWebapp::getInstance();
$pobj = $webapp_plugin_registrar->getPluginObject($active_plugin);
$p = new $pobj();
$this->addToView('body', $p->renderInstanceConfiguration($owner, $instance_username, $instance_network));
$this->addToView('force_plugin', true);
$profiler = Profiler::getInstance();
$profiler->clearLog();
}
$plugin_dao = DAOFactory::getDAO('PluginDAO');
$config = Config::getInstance();
$installed_plugins = $plugin_dao->getInstalledPlugins();
$this->addToView('installed_plugins', $installed_plugins);
/* End plugin-specific configuration handling */
if ($owner->is_admin) {
if (!isset($instance_dao)) {
$instance_dao = DAOFactory::getDAO('InstanceDAO');
}
$owners = $owner_dao->getAllOwners();
foreach ($owners as $o) {
$instances = $instance_dao->getByOwner($o, true);
$o->setInstances($instances);
}
$this->addToView('owners', $owners);
$this->addToView('public_instances', $instance_dao->getPublicInstances());
}
$whichphp = @exec('which php');
$php_path = !empty($whichphp) ? $whichphp : 'php';
$email = $this->getLoggedInUser();
//rss_crawl_url
$rss_crawl_url = Utils::getApplicationURL() . sprintf('crawler/rss.php?un=%s&as=%s', urlencode($email), $owner->api_key);
$this->addToView('rss_crawl_url', $rss_crawl_url);
//cli_crawl_command
$cli_crawl_command = 'cd ' . THINKUP_WEBAPP_PATH . 'crawler/;export THINKUP_PASSWORD=yourpassword; ' . $php_path . ' crawl.php ' . $email;
$this->addToView('cli_crawl_command', $cli_crawl_command);
//help link
$this->view_mgr->addHelp('rss', 'userguide/datacapture');
return $this->generateView();
}
/**
* Step 3 - Populate database and finish
*/
private function step3()
{
$this->setViewTemplate('install.step3.tpl');
$config_file_exists = false;
$config_file = THINKUP_WEBAPP_PATH . 'config.inc.php';
// make sure we are here with posted data
if (empty($_POST)) {
$this->step1();
return;
}
// check if we have made config.inc.php
if (file_exists($config_file) && filesize($config_file) > 0) {
// this is could be from step 2 is not able writing
// to webapp dir
$config_file_exists = true;
require $config_file;
$db_config['db_type'] = $THINKUP_CFG['db_type'];
$db_config['db_name'] = $THINKUP_CFG['db_name'];
$db_config['db_user'] = $THINKUP_CFG['db_user'];
$db_config['db_password'] = $THINKUP_CFG['db_password'];
$db_config['db_host'] = $THINKUP_CFG['db_host'];
$db_config['db_socket'] = $THINKUP_CFG['db_socket'];
$db_config['db_port'] = $THINKUP_CFG['db_port'];
$db_config['table_prefix'] = $THINKUP_CFG['table_prefix'];
$db_config['timezone'] = $THINKUP_CFG['timezone'];
$email = trim($_POST['site_email']);
} else {
// make sure we're not from error or couldn't write config.inc.php
if (!isset($_POST['db_user']) && !isset($_POST['db_passwd']) && !isset($_POST['db_name']) && !isset($_POST['db_host'])) {
$this->addErrorMessage("Missing database credentials");
$this->step2();
return;
}
// trim each posted value
$db_config['db_type'] = trim(@$_POST['db_type']);
$db_config['db_name'] = trim($_POST['db_name']);
$db_config['db_user'] = trim($_POST['db_user']);
$db_config['db_password'] = trim($_POST['db_passwd']);
$db_config['db_host'] = trim($_POST['db_host']);
$db_config['db_socket'] = trim($_POST['db_socket']);
$db_config['db_port'] = trim($_POST['db_port']);
$db_config['table_prefix'] = trim($_POST['db_prefix']);
$db_config['timezone'] = trim($_POST['timezone']);
$email = trim($_POST['site_email']);
}
$db_config['db_type'] = 'mysql';
//default for now
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
$full_name = $_POST['full_name'];
$display_errors = false;
// check email
if (!Utils::validateEmail($email)) {
$this->addErrorMessage("Please enter a valid email address.", "email");
$display_errors = true;
}
if ($password != $confirm_password || $password == '' || !preg_match("/(?=.{8,})(?=.*[a-zA-Z])(?=.*[0-9])/", $password)) {
//check password
if ($password != $confirm_password) {
$this->addErrorMessage("Your passwords did not match.", "password");
} else {
if ($password == '') {
$this->addErrorMessage("Please choose a password.", "password");
} else {
if (!preg_match("/(?=.{8,})(?=.*[a-zA-Z])(?=.*[0-9])/", $password)) {
$this->addErrorMessage("Password must be at least 8 characters and contain both numbers and letters.", "password");
}
}
}
$display_errors = true;
}
if ($_POST['db_name'] == '') {
$this->addErrorMessage("Please enter a database name.", "database_name");
$display_errors = true;
}
if ($_POST['db_host'] == '') {
$this->addErrorMessage("Please enter a database host.", "database_host");
$display_errors = true;
}
if ($_POST['timezone'] == '') {
$this->addErrorMessage("Please select a time zone.", "timezone");
$display_errors = true;
}
if (($error = $this->installer->checkDb($db_config)) !== true) {
//check db
if (($p = strpos($error->getMessage(), "Unknown MySQL server host")) !== false || ($p = strpos($error->getMessage(), "Can't connect to MySQL server")) !== false || ($p = strpos($error->getMessage(), "Can't connect to local MySQL server through socket")) !== false || ($p = strpos($error->getMessage(), "Access denied for user")) !== false) {
$db_error = substr($error->getMessage(), $p);
} else {
$db_error = $error->getMessage();
}
$disable_xss = true;
$db_error = filter_var($db_error, FILTER_SANITIZE_SPECIAL_CHARS);
$this->addErrorMessage("ThinkUp couldn't connect to your database. The error message is:<br /> " . " <strong>{$db_error}</strong><br />Please correct your database information and try again.", "database", $disable_xss);
$display_errors = true;
}
if ($display_errors) {
$this->setViewTemplate('install.step2.tpl');
$this->addToView('db_name', $db_config['db_name']);
$this->addToView('db_user', $db_config['db_user']);
$this->addToView('db_passwd', $db_config['db_password']);
$this->addToView('db_host', $db_config['db_host']);
$this->addToView('db_prefix', $db_config['table_prefix']);
$this->addToView('db_socket', $db_config['db_socket']);
$this->addToView('db_port', $db_config['db_port']);
$this->addToView('db_type', $db_config['db_type']);
$this->addToView('current_tz', $_POST['timezone']);
$this->addToView('tz_list', Installer::getTimeZoneList());
$this->addToView('site_email', $email);
$this->addToView('full_name', $full_name);
return;
}
$admin_user = array('email' => $email, 'password' => $password, 'confirm_password' => $confirm_password);
// trying to create config file
if (!$config_file_exists && !$this->installer->createConfigFile($db_config, $admin_user)) {
$config_file_contents_arr = $this->installer->generateConfigFile($db_config, $admin_user);
$config_file_contents_str = '';
foreach ($config_file_contents_arr as $line) {
$config_file_contents_str .= htmlentities($line);
}
$whoami = @exec('whoami');
$disable_xss = true;
if (!empty($whoami)) {
$whoami = filter_var($whoami, FILTER_SANITIZE_SPECIAL_CHARS);
$this->addErrorMessage("ThinkUp couldn't write the <code>config.inc.php</code> file.<br /><br />" . "Use root (or sudo) to create the file manually, and allow PHP to write to it, by executing the " . "following commands:<br /><code>sudo touch " . escapeshellcmd(THINKUP_WEBAPP_PATH . "config.inc.php") . "</code><br /><code>sudo chown {$whoami} " . escapeshellcmd(THINKUP_WEBAPP_PATH . "config.inc.php") . "</code><br /><br />If you don't have root access, create the <code>" . THINKUP_WEBAPP_PATH . "config.inc.php</code> file, show the contents of your config file below," . " and copy and paste the text into the <code>config.inc.php</code> file.", null, $disable_xss);
} else {
$this->addErrorMessage("ThinkUp couldn't write the <code>config.inc.php</code> file.<br /><br />" . "You will need to create the <code>" . THINKUP_WEBAPP_PATH . "config.inc.php</code> file manually, and paste the following text into it.", null, $disable_xss);
}
$this->addToView('config_file_contents', $config_file_contents_str);
$this->addToView('_POST', $_POST);
$this->setViewTemplate('install.config.tpl');
return;
}
unset($admin_user['confirm_password']);
// check tables
$this->installer->checkTable($db_config);
// if empty, we're ready to populate the database with ThinkUp tables
$this->installer->populateTables($db_config);
//Set the application server name in app settings for access by command-line scripts
Installer::storeServerName();
$owner_dao = DAOFactory::getDAO('OwnerDAO', $db_config);
if (!$owner_dao->doesAdminExist() && !$owner_dao->doesOwnerExist($email)) {
// create admin if not exists
$activation_code = $owner_dao->createAdmin($email, $password, $full_name);
// view for email
$cfg_array = array('site_root_path' => Utils::getSiteRootPathFromFileSystem(), 'source_root_path' => THINKUP_ROOT_PATH, 'debug' => false, 'app_title_prefix' => "", 'cache_pages' => false);
$email_view = new ViewManager($cfg_array);
$email_view->caching = false;
$email_view->assign('application_url', Utils::getApplicationURL());
$email_view->assign('email', urlencode($email));
$email_view->assign('activ_code', $activation_code);
$message = $email_view->fetch('_email.registration.tpl');
Mailer::mail($email, "Activate Your New ThinkUp Account", $message);
} else {
$email = 'Use your old email admin';
$password = '******';
}
unset($THINKUP_CFG);
$this->addToView('errors', $this->installer->getErrorMessages());
$this->addToView('username', $email);
$this->addToView('password', $password);
$this->addToView('login_url', Utils::getSiteRootPathFromFileSystem() . 'session/login.php');
}
