public function register() { if (isset($_GET['returnto']) && Strings::startsWith($_GET['returnto'], '/')) { $returnto = $_GET['returnto']; } else { $returnto = (string) new URL(); } $query = db()->table('attribute')->get('writable', array('public', 'groups', 'related', 'me')); $query->addRestriction('required', true); $attributes = $query->fetchAll(); try { if (!$this->request->isPost()) { throw new HTTPMethodException(); } /* * We need to validate the data the user sends. This is a delicate process * and therefore requires quite a lot of attention */ $validatorUsername = validate()->addRule(new MinLengthValidationRule(4, 'Username must be more than 3 characters')); $validatorUsername->addRule(new RegexValidationRule('/^[a-zA-z][a-zA-z0-9\\-\\_]+$/', 'Username must only contain characters, numbers, underscores and hyphens')); $validatorEmail = validate()->addRule(new FilterValidationRule(FILTER_VALIDATE_EMAIL, 'Invalid email found')); $validatorPassword = validate()->addRule(new MinLengthValidationRule(8, 'Password must have 8 or more characters')); validate($validatorEmail->setValue(_def($_POST['email'], '')), $validatorUsername->setValue(_def($_POST['username'], '')), $validatorPassword->setValue(_def($_POST['password'], ''))); if (db()->table('username')->get('name', $_POST['username'])->addRestriction('expires', null, 'IS')->fetch()) { throw new ValidationException('Username is taken', 0, array('Username is taken')); } if (db()->table('user')->get('email', $_POST['email'])->fetch()) { throw new ValidationException('Email is taken', 0, array('Email is already in use')); } /** * Once we validated the data, let's move onto the next step, store the * data. */ $user = db()->table('user')->newRecord(); $user->email = $_POST['email']; $user->password = $_POST['password']; $user->verified = false; $user->created = time(); $user->store(); $username = db()->table('username')->newRecord(); $username->user = $user; $username->name = $_POST['username']; $username->store(); foreach ($attributes as $attribute) { $userattribute = db()->table('user\\attribute')->newRecord(); $userattribute->user = $user; $userattribute->attr = $attribute; $userattribute->value = $_POST[$attribute->_id]; $userattribute->store(); } $s = Session::getInstance(); $s->lock($user->_id); return $this->response->getHeaders()->redirect($returnto); } catch (HTTPMethodException $e) { /*Do nothing, we'll show the form*/ } catch (ValidationException $e) { $this->view->set('messages', $e->getResult()); } $this->view->set('attributes', $attributes); }
/** * * GET Parameters: * - appId - Id of the app trying to relay the message * - appSecret - App Secret to authenticate the App * - userId - Either a valid email or a user id * * @todo Introduce email permissions for certain applications * @param int $userid Deprecated, do not use * @throws PublicException * @throws Exception * @throws HTTPMethodException */ public function send($userid = null) { //TODO: Add search by username try { #Check if the request is post and subject and body are not empty if (!$this->request->isPost()) { throw new HTTPMethodException(); } /* * Retrieve the email / userId from the request. This should either be posted * or getted. */ $userid = isset($_GET['to']) ? $_GET['to'] : _def($_POST['to'], $userid); /* * We check whether we received any data at all via POST for the recipient. * We can obviously not relay any email to any user if we don't know where * to send it to. */ if (!$userid) { throw new PublicException('This enpoint requires a recipient'); } /* * Get the application authorizing the email. Although we do not log this * right now, it's gonna be invaluable to help determining whether an app * was compromised and is sending garbage. */ if (!$this->token) { $app = db()->table('authapp')->get('appID', $_GET['appId'])->addRestriction('appSecret', $_GET['appSecret'])->fetch(); } else { $app = $this->token->app; } if (!$app) { throw new Exception('Could not authenticate the application trying to send the email'); } /* * Determine what kind of id you were sent to determine where to send the * email to. */ if (filter_var($userid, FILTER_VALIDATE_EMAIL)) { $email = $userid; } elseif (is_numeric($userid)) { $user = db()->table('user')->get('_id', _def($_POST['to'], $userid))->fetch(); $email = $user->email; } $vsubject = validate()->addRule(new EmptyValidationRule('Subject cannot be empty')); $vcontent = validate()->addRule(new EmptyValidationRule('Message body cannot be empty')); validate($vsubject->setValue($_POST['subject']), $vcontent->setValue($_POST['body'])); #Create the message and put it into the message queue EmailModel::queue($email, $vsubject->getValue(), $vcontent->getValue())->store(); #Everything was okay - that's it. The email will be delivered later } catch (ValidationException $e) { $this->view->set('errors', $e->getResult()); } catch (HTTPMethodException $e) { //Do nothing, we'll serve it with get } }
public function attribute($attrid) { if (!$this->user) { throw new PublicException('Need to be logged in', 403); } /* * Check if the attribute exists and is writable. This should prevent users * from causing vandalism on the site. */ $attribute = db()->table('attribute')->get('_id', $attrid)->fetch(); if (!$attribute || $attribute->writable === 'nem') { throw new Exception('No property found', 404); } $attributeValue = db()->table('user\\attribute')->get('user', $this->user)->addRestriction('attr', $attribute)->fetch(); if ($this->request->isPost()) { /* * It may happen that this user never defined this attribute, in this * case, we're creating it. */ if ($attributeValue === null) { $attributeValue = db()->table('user\\attribute')->newRecord(); $attributeValue->user = $this->user; $attributeValue->attr = $attribute; } $v = validate(); if ($attribute->required) { $v->addRule(new EmptyValidationRule('Value cannot be empty')); } $value = _def($_POST['value'], ''); #Validate the new value validate($v->setValue($value)); $attributeValue->value = $value; $attributeValue->store(); return $this->response->getHeaders()->redirect(new URL()); } $this->view->set('attribute', $attribute); $this->view->set('value', $attributeValue ? $attributeValue->value : ''); }
<div class="spacer" style="height: 50px"></div> <form class="condensed standalone" method="POST"> <div class="description"> Enter your new username below to change it. Your old username will be kept as an alias for 3 months before it expires. </div> <input type="text" name="username" placeholder="Your new username" value="<?php echo __(_def($_POST['username'], '')); ?> "> <?php if (isset($messages) && is_array($messages)) { foreach ($messages as $message) { ?> <div class="error message"><?php echo $message; ?> </div> <?php } } ?> <input type="submit" value="Store"> </form>