public function _index($url)
{
$id = $url[0];
if (!empty($url[0])) {
$data = DB::fetch('post', array('unique_id' => $id));
if (empty($data)) {
echo 'Not Found';
die;
} else {
if (!empty($url[1])) {
switch ($url[1]) {
case 'comment':
$post = Input::post();
if (!empty($post)) {
if (Token::check($post['token'])) {
User::comment($url[0], $post['comment']);
echo 'Commented';
} else {
echo 'Security token missing';
}
} else {
Redirect::to('/post/' . $url[0]);
}
break;
default:
break;
}
} else {
self::init('PostModel', 'post', $url);
}
}
} else {
Redirect::to('/');
}
}
public function RequesracallAction()
{
if (Input::exists() && Token::check(Input::get('token'))) {
$this->_DB->insert('phones', array('id' => 0, 'name' => Input::get('name'), 'number' => Input::get('number')));
$this->registerAction();
}
?>
<form action="" method="post">
<div class="field">
<LABEL for="name">Name: </LABEL>
<input
type="text"
name="name"
id="name" />
</div>
<div class="field">
<label for="number">Number: </label>
<input
type="tel"
name="number"
id="number" />
</div>
<input type="hidden" name="token" value="<?php
echo Token::generate();
?>
" />
<input type="submit" value="Save"/>
</form>
<?php
}
public function login($id = null)
{
$user = $this->user;
$this->data['user']['name'] = $user->data()->user;
Config::set('html.title', 'Авторизация');
Config::set('html.description.val', 'На этой странице можно залогиниться');
//$user = new User();
$salt = uniqid();
if (!Session::exists(Config::get('session.token_name'))) {
Token::generate();
}
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
$validate = new VALIDATE();
$validation = $validate->check($_POST, array('user' => array('required' => true), 'password' => array('required' => true)));
if ($validate->passed()) {
$remember = Input::get('remember') === 'on' ? true : false;
$login = $user->login(Input::get('user'), Input::get('password'), null);
if ($login) {
Redirect::to('/');
} else {
echo '<p>Sorry, logging in failed</p>';
}
} else {
foreach ($validation->errors() as $error) {
//echo $error, '<br/>';
$this->data['validate_errors'][] = $error;
}
}
}
}
//$this->data['id']=$id;
//$this->data['name']=Input::get('name');
$this->view('user/login');
}
public function _index()
{
// Deny access if not logged in
new Protect('ajax');
$post = Input::post();
$token = Token::check($post['token']);
if (!empty($post['username']) && !empty($post['type']) && $token === TRUE) {
$request = User::request($post);
if ($request === TRUE) {
$data['success'][] = TRUE;
} else {
$data['errors'][] = $request;
}
} else {
if (!$token) {
$data['errors'][] = 'Security Token Missing';
} else {
$data['errors'][] = 'Username & Type Required';
}
}
if (!empty($data)) {
return $data;
} else {
return FALSE;
}
}
public function _index()
{
$post = Input::post();
if (!empty($post)) {
$validate = Validate::register($post);
$token = Token::check($post['token']);
if ($validate === TRUE && $token === TRUE) {
User::addUser($post);
echo 'Registered';
} else {
if (!$token) {
echo 'Security Token is missing';
}
echo '<pre>';
print_r($validate);
echo '</pre>';
}
} else {
if (Session::exists('user_id')) {
header('Location: /');
exit;
}
self::init('RegisterModel', 'register', $arg);
}
}
public function create()
{
new Protect();
$post = Input::post();
echo '<pre>';
if (!empty($post)) {
if (Token::check($post['token'])) {
Question::postQuestion($post);
echo 'Posted';
} else {
echo 'Security token missing.';
}
} else {
echo '
<form method="post" action="">
<input type="text" name="title" placeholder="Title">
<input type="hidden" name="token" value="' . Token::generate() . '">
<br>
<textarea placeholder="Description" type="text" name="content"></textarea>
<br>
<input type="submit">
</form>
';
}
}
public function _index()
{
$token = $token = Token::check(Input::post('token'));
if ($token) {
// Destroy Session
session_destroy();
// Redirect to index
Redirect::to('/');
} else {
echo 'Security Token Missing';
}
}
public function run()
{
if (Input::exists('post')) {
//check if form loaded propely
if (Token::check(Input::get('token'))) {
echo $this->model->process();
} else {
return miscellaneous::Error();
}
} else {
return miscellaneous::Error();
}
}
public function accept()
{
$post = Input::post();
if (!empty($post['username'])) {
if (Token::check($post['token']) === TRUE) {
User::accept(Input::post());
} else {
echo 'Security Token Missing';
}
} else {
echo 'username required';
}
}
/**
* Registra um usuário com dados recebidos do formulário
*
*/
public function salvarUsuario($id = null)
{
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
$usuario = $this->setDados();
if ($this->getModel()->findByLogin($usuario)) {
$this->atualizar = true;
}
$msg = $this->getModel()->gravar($usuario, $this->atualizar);
Session::flash('msg', $msg['fc_criar_usuario'], 'success');
}
}
}
public function validateInput($Input = array())
{
$validater = new \Validation();
if (\Token::check($Input["token"])) {
$valid = $validater->Validate($Input, array('Username' => array('required' => true, 'min' => 3, 'max' => 35, 'exists' => array("Value" => 'Users', 'CustomError' => "{Value} is not a registered User")), 'Password' => array('required' => true, 'min' => 5, 'differs' => 'Username')));
if ($valid === true) {
//Attempt to Authenticate
$this->User = new \User();
try {
$this->Authenticated = $this->User->Authenticate(escape($Input["Username"]), escape($Input["Password"]), $Input["remember"]);
} catch (\Exception $e) {
$this->Errors = array($e->getMessage());
}
} else {
$this->Errors = $valid;
}
}
}
static function authAPICall($dbh, $output_on_error = true, $output_type = "json")
{
require_once "Token.php";
$token_data = Token::check($dbh, Token::getToken());
if (isset($token_data["organization_user_id"])) {
$user = $dbh->query("SELECT * FROM organization_user WHERE id = ?", array($token_data["organization_user_id"]));
if (count($user)) {
$user = $user[0];
$user["token_data"] = $token_data;
return $user;
}
}
if ($output_on_error) {
$status = "401 Unauthorized";
output($output_type, array("status" => $status, "success" => false, "error" => array("Invalid token")), $status);
exit;
}
}
public function create()
{
if (isset($_POST['token'])) {
if (Token::check($_POST['token'])) {
$title = $_POST['title'];
//dodawanie pauzy w mijsce spacji i astapywanie pauz tyldami
$title = Shift::add($title);
$article = $_POST['article'];
$DB = new DB();
$DB->insert("INSERT INTO article VALUES(NULL,'{$title}','{$article}',NOW(),0)");
$this->index(null);
} else {
$this->view('pages/Portfolio/create');
}
} else {
$this->view('pages/Portfolio/create');
}
}
public function register()
{
$Token = new Token();
if (!$Token->check($_POST['token'])) {
$_SESSION['alert'] = 'Error, please try again.';
} else {
$Verify = new Verify();
$username = trim(strip_tags($_POST['username']));
$password = trim(strip_tags($_POST['password']));
$repassword = trim(strip_tags($_POST['repassword']));
$email = trim(strip_tags($_POST['email']));
$email = explode('@', $email);
if (!isset($username) && !isset($password) && !isset($repassword) && !isset($email)) {
$_SESSION['alert'] = 'Not all fields have been completed.';
} elseif (!$Verify->length($username, 255)) {
$_SESSION['alert'] = 'The username is too long.';
} elseif (!$Verify->same($password, $repassword)) {
$_SESSION['alert'] = 'The passwords entered are not the same.';
} elseif (!$Verify->length($email[0], 255)) {
$_SESSION['alert'] = 'The email entered is too long.';
} elseif (!$Verify->length($email[1], 255)) {
$_SESSION['alert'] = 'The email entered is too long.';
} else {
$Db = new Db();
$query = $Db->query('user', array(array('username', '=', $username, '')));
$numrows = mysqli_num_rows($query);
if ($numrows > 0) {
$_SESSION['alert'] = 'Error, please try again.';
} else {
$salt = base64_encode(mcrypt_create_iv(128, MCRYPT_DEV_URANDOM));
$crypt = hash('sha512', $username . $salt . $password);
$datetime = date('Y-m-d H:i:s');
$rank = 0;
$insert = $Db->insert('user', array('', $username, $crypt, $email[0], $email[1], $salt, $datetime, $rank));
if (!$insert) {
$_SESSION['alert'] = 'User could not be registered.';
} else {
$_SESSION['alert'] = 'Successfully registered, you can now login with your credentials.';
header('Location: login.php');
}
}
}
}
}
public function index()
{
//add params
$user = new User();
if ($user->isLoggedIn()) {
Redirect::to('account');
//$this->view('user/index', ['flash' => '', 'name' => $user->data()->name]);
} else {
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
$validate = new Validation();
$validation = $validate->check($_POST, array('username' => array('required' => true), 'password' => array('required' => true)));
if ($validation->passed()) {
$user = new User();
$remember = Input::get('remember') === 'on' ? true : false;
$login = $user->login(Input::get('username'), Input::get('password'), $remember);
if ($login) {
//login success
Session::flash('account', 'You are now logged in');
Redirect::to('account');
} else {
//login failed
$error_string = 'Username or passowrd incorrect<br>';
$this->view('login/failed', ['loggedIn' => 2, 'page_heading' => 'Login', 'errors' => $error_string]);
}
} else {
$error_string = '';
//there were errors
//Create a file that prints errors
foreach ($validation->errors() as $error) {
$error_string .= $error . '<br>';
}
$this->view('login/failed', ['loggedIn' => 0, 'page_name' => 'Login', 'errors' => $error_string]);
}
} else {
//token did not match so go back to login page
$this->view('login/index', ['loggedIn' => 2, 'page_name' => 'Login']);
}
} else {
$this->view('login/index', ['loggedIn' => 2, 'page_name' => 'Login']);
}
}
}
public function run()
{
//check if the run request from submition form
if (Input::exists('post')) {
//check if form loaded propely
if (Token::check(Input::get('token'))) {
if ($this->model->process()) {
header("Location: " . SITE_URL);
} else {
Session::flush('error-login', 'Username or password is incorrrect!');
header("Location: " . SITE_URL . "/login");
}
} else {
return miscellaneous::Error();
}
} else {
return miscellaneous::Error();
}
}
public function loginProcess()
{
//check if the run request from submition form
if (Input::exists('post')) {
//check if form loaded propely
if (Token::check(Input::get('token'))) {
if ($this->model->login()) {
header("Location: " . SITE_URL . '/admin');
} else {
Session::flush('error-login', Messages::login_unsuccess());
header("Location: " . SITE_URL . "/admin/login");
}
} else {
return miscellaneous::Error();
}
} else {
return miscellaneous::Error();
}
}
public function create()
{
// TODO: Validate
$post = Input::post();
$token = Token::check($post['token']);
if (!empty($post['name']) && $token === TRUE) {
$data = NULL;
$data['group_id'] = md5(uniqid());
$data['group_name'] = $post['name'];
$data['desp'] = $post['desp'];
$data['status'] = 1;
$data['time'] = time();
DB::insert('group', $data);
DB::insert('group_user', array('user_id' => Session::get('user_id'), 'group_id' => $data['group_id'], 'type' => 'A', 'time' => time(), 'status' => '1'));
echo 'Group Created';
} else {
echo 'Empty or security token missing';
}
}
public function run()
{
//check if the run request from submition form
if (Input::exists('post')) {
//check if form loaded propely
if (Token::check(Input::get('token'))) {
//processing resistration and catch exception
if ($this->model->process()) {
Session::flush('resSuccess', Messages::res_success());
header("Location: " . SITE_URL . "/login");
} else {
echo Messages::res_unsuccess();
}
} else {
return miscellaneous::Error();
}
} else {
return miscellaneous::Error();
}
}
public function validateInput($Input = array())
{
$validater = new \Validation();
if (\Token::check($Input["token"])) {
$valid = $validater->Validate($_POST, array('Username' => array('required' => true, 'min' => 3, 'max' => 35, 'unique' => 'Users'), 'Password' => array('required' => true, 'min' => 5, 'differs' => 'Username'), 'Password2' => array('required' => true, 'matches' => 'Password')));
if ($valid === true) {
//Register the User
$salt = \Hash::salt();
$hashed = \Hash::make($Input["Password"], $salt);
$this->User = new \User();
try {
$newUser = $this->User->Create(array('Username' => escape($Input["Username"]), 'Password' => $hashed, 'Salt' => $salt));
$this->Registered = $newUser;
} catch (\Exception $e) {
$this->Errors = array($e->getMessage());
}
} else {
$this->Errors = $valid;
}
}
}
function changePassword()
{
$input = Input::parse();
if (Token::check($input['token'])) {
$validate = new Validate();
$validate->check($input, array('password_current' => ['required' => true, 'min' => 6], 'password' => ['required' => true, 'min' => 6], 'password_repeat' => ['required' => true, 'min' => 6, 'matches' => 'password']));
if ($validate->passed()) {
$user = new User();
if (Hash::make($input['password_current'], config::get('encryption/salt')) !== $user->data()->password) {
echo "incorrent password";
} else {
$user->update(array('password' => Hash::make($input['password'], config::get('ecryption/salt'))));
Session::flash('success', 'Successfully changed password');
Redirect::to('changepassword');
}
} else {
Session::flash('error', $validate->errors());
Redirect::to('changepassword');
}
}
}
public function create()
{
$Token = new Token();
if (!$Token->check($_POST['token'])) {
$_SESSION['alert'] = 'Error, please try again.';
} else {
$Verify = new Verify();
$username = trim(strip_tags($_POST['username']));
$email = trim(strip_tags($_POST['email']));
$password = trim(strip_tags($_POST['password']));
$rank = $_POST['rank'];
$email = explode('@', $email);
if (!isset($username) && !isset($email) && !isset($password) && !isset($rank)) {
$_SESSION['alert'] = 'Not all fields have been completed.';
} elseif (!$Verify->length($username, 255)) {
$_SESSION['alert'] = 'The username is too long.';
} elseif (!$Verify->length($email[0], 255)) {
$_SESSION['alert'] = 'The email entered is too long.';
} elseif (!$Verify->length($email[1], 255)) {
$_SESSION['alert'] = 'The email entered is too long.';
} else {
$Db = new Db();
$query = $Db->query('user', array(array('username', '=', $username, '')));
$numrows = mysqli_num_rows($query);
if ($numrows > 0) {
$_SESSION['alert'] = 'Error, please try again.';
} else {
$salt = base64_encode(mcrypt_create_iv(128, MCRYPT_DEV_URANDOM));
$crypt = hash('sha512', $username . $salt . $password);
$datetime = date('Y-m-d H:i:s');
$insert = $Db->insert('user', array('', $username, $crypt, $email[0], $email[1], $salt, $datetime, $rank));
if (!$insert) {
$_SESSION['alert'] = 'User could not be created.';
} else {
$_SESSION['alert'] = 'The user "' . $username . '" was created.';
}
}
}
}
}
/**
* authenticate api鉴权方法
*/
public function authenticate()
{
$data = $_SERVER['REQUEST_METHOD'] == 'GET' ? $_GET : $_POST;
$type = $_SERVER['REQUEST_METHOD'] == 'GET' ? 'read' : 'write';
$param = new WF_Parameter();
$token = $param->query('token', '');
$ts = $param->query('ts', 0);
$ua = $param->query('ua', '');
if (!WF_Config::get("auth.{$type}", false)) {
return true;
}
if (!$token || !$ts || !$ua) {
throw new LogicException('授权参数缺失', 403);
}
if (abs(time() - $ts) > 300) {
throw new LogicException('鉴权超时', 403);
}
$tokenizer = new Token();
if (!$tokenizer->check($token, $ua, $ts, $data)) {
throw new LogicException('未授权的访问', 403);
}
}
public function index()
{
$user1 = new User();
if ($user1->isLoggedIn()) {
//would you like to register a new user
} else {
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
$validate = new Validation();
$validate->check($_POST, array('username' => array('min' => 2, 'max' => 20, 'required' => true, 'unique' => true), 'name' => array('min' => 2, 'max' => 50, 'required' => true), 'sirname' => array('min' => 2, 'max' => 50, 'required' => true), 'email' => array('min' => 5, 'max' => 64, 'email' => true, 'required' => true, 'unique' => true), 'date_of_birth' => array('min' => 6, 'max' => 10, 'date' => true, 'required' => true), 'password' => array('min' => 6, 'required' => true), 'password_again' => array('min' => 6, 'matches' => 'password', 'required' => true)));
if ($validate->passed()) {
$user = new User();
$salt = Hash::salt(32);
$date_of_birth = new Date(Input::get('date_of_birth'));
try {
$user->create(array('username' => Input::get('username'), 'name' => Input::get('name'), 'sirname' => Input::get('sirname'), 'email' => Input::get('email'), 'dateofbirth' => $date_of_birth->format('Y-m-d H:i:s'), 'password' => Hash::make(Input::get('password'), $salt), 'salt' => $salt, 'joined' => date('Y-m-d H:i:s'), 'group' => 1));
Session::flash('success', 'You have been registered');
Redirect::to('home');
} catch (Exception $e) {
die($e->getMessage());
}
} else {
$error_string = '';
//there were errors
//Create a file that prints errors
foreach ($validate->errors() as $error) {
$error_string .= $error . '<br>';
}
$this->view('register/failed', ['loggedIn' => 0, 'page_name' => 'Login Failed', 'errors' => $error_string]);
}
}
} else {
//display form page
$this->view('register/register', ['register' => true, 'page_name' => 'Register', 'loggedIn' => 0]);
}
}
}
public function _index()
{
$post = Input::post();
if (empty($post)) {
header('Location: /');
exit;
}
$validation = Validate::login($post);
$token = Token::check($post['token']);
$errors = NULL;
if ($validation === TRUE && $token === TRUE) {
if (!User::login($post['username'], $post['password'])) {
$errors = 'Username or Password is Incorrect';
}
} else {
$errors = $validation;
if (!$token) {
$errors = 'Security Token Missing';
}
}
if (!empty($errors)) {
Session::errors($errors, '/');
}
}
function signup()
{
$input = Input::parse();
if (Token::check($input['token'])) {
$validate = new Validate();
$validate->check($input, array('username' => ['required' => true, 'min' => 5, 'max' => 20, 'unique' => 'users'], 'name' => ['required' => true, 'max' => 50], 'password' => ['required' => true, 'min' => 6]));
if ($validate->passed()) {
$user = new User();
$salt = config::get("encription/hash");
try {
$user->create(array('username' => $input['username'], 'password' => Hash::make($input['password']), 'name' => $input['name'], 'joined' => date('Y-m-d H:i:s'), 'group_id' => 1));
} catch (Exception $e) {
die($e->getMessage());
}
Session::flash('login', 'You registered successfully! Please login!');
Redirect::to('login');
} else {
Session::flash('error', $validate->errors());
Redirect::to('signup');
}
} else {
echo "Invalid token";
}
}
Redirect::to('/');
die;
}
/*
* Check if page is enabled
*/
$staff_applications = $queries->getWhere('core_modules', array('name', '=', 'Staff_Applications'));
if ($staff_applications[0]->enabled == 0) {
Redirect::to('/');
die;
}
/*
* Handle input
*/
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
// Get all answers into one string
unset($_POST['token']);
$content = array();
foreach ($_POST as $key => $item) {
$content[] = array($key, htmlspecialchars($item));
}
$content = json_encode($content);
$queries->create('staff_apps_replies', array('uid' => $user->data()->id, 'time' => date('U'), 'content' => $content));
$app_id = $queries->getLastId();
// Moderator alerts
$mod_groups = $queries->getWhere('groups', array('staff_apps', '=', 1));
foreach ($mod_groups as $mod_group) {
$mod_users = $queries->getWhere('users', array('group_id', '=', $mod_group->id));
foreach ($mod_users as $individual) {
$queries->create('alerts', array('user_id' => $individual->id, 'type' => $user_language['staff_application'], 'url' => '/mod/applications/?app=' . $app_id, 'content' => str_replace('{x}', htmlspecialchars($user->data()->username), $mod_language['new_app_submitted_alert']), 'created' => date('U')));
echo '<center><p>Insufficient privileges</p></center>';
include FOOTER;
exit;
}
// Ensure user being removed belongs to group:
if (!$group_manager->is_user_active_member($user_to_remove, $group)) {
echo '<center><p>' . $user_to_remove->name() . ' is not a member of ' . $group->name() . '</p></center>';
include FOOTER;
exit;
}
// Display the confirmation form:
$remove_conf_msg = "Are you sure you want to remove <span class=\"dark-grey\">{$user_to_remove->name()}</span> from <span class=\"dark-grey\">{$group->name()}</span>?";
include FORMS . 'remove_user_from_group_form.inc.php';
} elseif (isset($_POST['submitted'])) {
// Check valid token exists:
if (isset($_POST['token']) && Token::check($_POST['token'])) {
// Create user to be removed:
$user_to_remove = new User($_POST['user']);
// Create group to be modified:
$group = new Group($_POST['group']);
// If user confirmed deletion of member:
if ($_POST['delete'] === 'yes') {
$status = $group_manager->remove_user_from_group($user_to_remove, $group);
if ($status['status'] === true) {
echo '<center><p>' . $status['msg'] . '</p></center>';
} else {
echo '<center><p>' . $status['msg'] . '</p></center>';
}
} else {
$url = $group->exists() ? 'edit_group.php?grp=' . $group->profile_link() : 'manage_groups.php';
echo $url;
// Name of DB table holding all groups:
define('GROUPS_TABLE', 'groups');
// Name of DB table holding all user to group relations:
define('USERS_TO_GROUPS_INTERMEDIARY', 'users_artist_music');
// Constants for users group status
define('NO_PERMISSIONS', 1);
define('ADMIN', 2);
define('OWNER', 3);
require '../../classes/DB.php';
require '../../classes/Base_Account.php';
require '../../classes/User.php';
require '../../classes/Post_Manager.php';
require '../../classes/Session.php';
require '../../classes/Token.php';
if (isset($_POST['task']) && $_POST['task'] == 'post-submit') {
if (Token::check($_POST['token'])) {
// data to be encoded as JSON and passed back to client:
$data = [];
// need to generate new session token as we've just consumed the previous one:
$new_token = Token::generate();
// get instance of the post_manager:
$pm = Post_Manager::getInstance();
// user submitting the post:
$user = new User($_POST['user']);
// target of the post:
// @TODO: switch target_type to instantiate the target as the appropriate type
$target = new User($_POST['target']);
// The target type (user, music, dance, comedy):
// @TODO: this will be used to properly instantiate the target object
$target_type = $_POST['target_type'];
// The actual post with line breaks preserved:
}
} else {
// Not valid login
Session::destroy();
$validate->addError('Wrong Username or Password');
}
}
} else {
$validate->addError('Wrong Captcha');
}
}
}
if (Input::get('otpsubmit') != '') {
$otp_validate = new Validate();
$otp_validation = $otp_validate->check($_POST, array('OTP' => array('required' => true, 'min' => 8, 'max' => 8)));
if ($otp_validate->passed() && Token::check(Input::get('token'))) {
$otp = new OTP();
if ($otp->verifyOTP(Input::get('OTP'))) {
//$otp->verifyOTP(Input::get('OTP'))
Session::deleteloginAttempt('OTP');
Session::put('loggedIn', 1);
$log = new Log();
$log->loginLog('success');
if (Input::get('nootp') == 1) {
$cookiename = 'sisnootp' . Session::get('mobile');
Cookie::put($cookiename, true, 15);
unset($cookiename);
}
Redirect::to('home.php');
} else {
$log = new Log();
