public static function add($username, $password, $realname) { // escape input $username = Fari_Escape::html($username); $password = Fari_Escape::html($password); $realname = Fari_Escape::html(Fari_Decode::javascript($realname)); // verify that credentials are provided in a valid form if (!empty($username) && ctype_alnum($username) && strlen($username) <= 10) { if (!empty($password) && ctype_alnum($password) && strlen($password) <= 10) { if (!empty($realname) && strlen($realname) <= 100) { // all OK, db insert Fari_Db::insert('users', array('username' => $username, 'password' => sha1($password), 'realname' => $realname)); Fari_Message::success("Welcome {$realname}!"); return TRUE; } else { Fari_Message::fail("Please provide a valid real name."); } } else { Fari_Message::fail("Please provide a valid password."); } } else { Fari_Message::fail("Please provide a valid username."); } return FALSE; }
/** * Send a message from a room * * @uses Ajax */ public function actionSpeak($roomId) { $text = Fari_Escape::text(Fari_Decode::javascript($this->request->getRawPost('text'))); if (!empty($text)) { $time = mktime(); // a text message $message = new MessageSpeak($roomId, $time); $message->text($roomId, $time, $this->user->getShortName(), $this->user->getId(), $text); // the message might be saved under wrong room id, but activity updater will kick us... try { $this->room->updateUserActivity($roomId, $time, $this->user->getId()); } catch (UserNotFoundException $e) { $this->renderJson('bye'); } } }
/** * Get POSTed value(s), filtered. * @param string $key Key under which values are saved under, otherwise get all (optional) * @param string $filter Fari_Escape applied on getting the value (optional) * @return mixed Values in $_POST variable */ function getPost($key = NULL, $filter = 'text') { // can we apply the filter passed? try { if (!method_exists('Fari_Escape', $filter)) { // ... throw exception if filter function is invalid throw new Fari_Exception('Fari_Escape::' . $filter . ' is not a valid escaping function.'); } } catch (Fari_Exception $exception) { $exception->fire(); } // return the value(s), filtered if (isset($key)) { return $this->isAjax() ? Fari_Escape::$filter(Fari_Decode::javascript($this->post->{$key})) : Fari_Escape::$filter($this->post->{$key}); } else { // get the values $post = $this->post->values; // decode from AJAX? if ($this->isAjax()) { $post = Fari_Decode::javascript($post); } // filter them foreach ($post as $key => &$value) { $value = Fari_Escape::$filter($value); } return $post; } }