public function __construct($session_started = false)
{
parent::__construct($session_started);
//$this->setViewTemplate('_user_register.tpl');
$this->addToView('first_name', SessionCache::get('first_name'));
$this->setPageTitle('User Registeration');
}
/**
* Identical to the parent constructor, except that
* we start a PHP session to store the user ID and
* access token if during the course of execution
* we discover them.
*
* @param Array $config the application configuration.
* @see BaseFacebook::__construct in facebook.php
*/
public function __construct($config)
{
if (!session_id()) {
SessionCache::init();
}
parent::__construct($config);
}
static function clear()
{
SessionCache::clear();
SiteCache::clear();
PageCache::clear();
return;
}
private static function verifySignatureFirebase($jwt)
{
$jwtCertsJSON = SessionCache::get(self::$JWT_CERTS_CACHE_KEY);
if ($jwtCertsJSON === FALSE) {
$jwtCertsJSON = HttpUtil::processRequest('https://www.googleapis.com/oauth2/v1/certs');
SessionCache::set(self::$JWT_CERTS_CACHE_KEY, $jwtCertsJSON);
}
$jwtCerts = json_decode($jwtCertsJSON, TRUE);
return JWT::decode($jwt, $jwtCerts);
}
public function insertCompanyName($company_name)
{
$q = "INSERT INTO #prefix#company SET name=:company_name, ";
$q .= "added_by=:added_by, added_date=NOW();";
$vars = array(':company_name' => $company_name, ':added_by' => SessionCache::get('user_id'));
if ($this->profiler_enabled) {
Profiled::setDAOMethod(__METHOD__);
}
$ps = $this->execute($q, $vars);
return $this->getUpdateCount($ps);
}
private function getAccountIdByName($accountName)
{
$accountIdCacheKey = array('id' => 'ACCOUND_ID_FOR_' . strtolower($accountName), 'exp' => 3600);
// 1 hour
$accountId = SessionCache::get($accountIdCacheKey);
if ($accountId == NULL) {
$accountId = $this->getAccountIdByNameFromDB($accountName);
SessionCache::set($accountIdCacheKey, $accountId);
}
return $accountId;
}
public function disableLocation($location_id)
{
$modified_by = SessionCache::get('user_id');
$q = " UPDATE #prefix#city SET status=:status , modified_by = :modified_by, modified_date = NOW() WHERE id=:city_id";
$vars = array(':city_id' => $city_id, ':modified_by' => $modified_by, ':status' => 0);
if ($this->profiler_enabled) {
Profiler::setDAOMethod(__METHOD__);
}
$ps = $this->execute($q, $vars);
return $this->getUpdateCount($ps);
}
public function authControl()
{
if (!$this->is_missing_param) {
$request_token = $_GET['oauth_token'];
$request_token_secret = SessionCache::get('oauth_request_token_secret');
// get oauth values
$plugin_option_dao = DAOFactory::GetDAO('PluginOptionDAO');
$options = $plugin_option_dao->getOptionsHash('twitter', true);
//get cached
$to = new TwitterOAuth($options['oauth_consumer_key']->option_value, $options['oauth_consumer_secret']->option_value, $request_token, $request_token_secret);
$tok = $to->getAccessToken();
if (isset($tok['oauth_token']) && isset($tok['oauth_token_secret'])) {
$api = new TwitterAPIAccessorOAuth($tok['oauth_token'], $tok['oauth_token_secret'], $options['oauth_consumer_key']->option_value, $options['oauth_consumer_secret']->option_value, $options['num_twitter_errors']->option_value, $options['max_api_calls_per_crawl']->option_value, false);
$authed_twitter_user = $api->verifyCredentials();
// echo "User ID: ". $authed_twitter_user['user_id'];
// echo "User name: ". $authed_twitter_user['user_name'];
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
if ((int) $authed_twitter_user['user_id'] > 0) {
$instance_dao = DAOFactory::getDAO('TwitterInstanceDAO');
$instance = $instance_dao->getByUsername($authed_twitter_user['user_name'], 'twitter');
$owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO');
if (isset($instance)) {
$owner_instance = $owner_instance_dao->get($owner->id, $instance->id);
if ($owner_instance != null) {
$owner_instance_dao->updateTokens($owner->id, $instance->id, $tok['oauth_token'], $tok['oauth_token_secret']);
$this->addSuccessMessage($authed_twitter_user['user_name'] . " on Twitter is already set up in ThinkUp! To add a different Twitter account, " . "log out of Twitter.com in your browser and authorize ThinkUp again.");
} else {
if ($owner_instance_dao->insert($owner->id, $instance->id, $tok['oauth_token'], $tok['oauth_token_secret'])) {
$this->addSuccessMessage("Success! " . $authed_twitter_user['user_name'] . " on Twitter has been added to ThinkUp!");
} else {
$this->addErrorMessage("Error: Could not create an owner instance.");
}
}
} else {
$instance_dao->insert($authed_twitter_user['user_id'], $authed_twitter_user['user_name']);
$instance = $instance_dao->getByUsername($authed_twitter_user['user_name']);
if ($owner_instance_dao->insert($owner->id, $instance->id, $tok['oauth_token'], $tok['oauth_token_secret'])) {
$this->addSuccessMessage("Success! " . $authed_twitter_user['user_name'] . " on Twitter has been added to ThinkUp!");
} else {
$this->addErrorMessage("Error: Could not create an owner instance.");
}
}
}
} else {
$msg = "Error: Twitter authorization did not complete successfully. Check if your account already " . " exists. If not, please try again.";
$this->addErrorMessage($msg);
}
$this->view_mgr->clear_all_cache();
}
return $this->generateView();
}
public function userLogoutUpdate($reason = 1)
{
$user_id = SessionCache::get('user_id');
$cookie = SessionCache::get('cookie');
$q = "UPDATE #prefix#user_logon_info SET logout=NOW(), working_time = (logout-login)/60, logout_reason=:logout_reason ";
$q .= "WHERE user_id=:user_id AND cookie=:cookie";
$vars = array(':user_id' => $user_id, ':cookie' => $cookie, ':logout_reason' => $reason);
$ps = $this->execute($q, $vars);
$loginTime = explode(":", SessionCache::get('login_time'));
$logoutTime = explode(":", date('H:i'));
$totalTime = 60 * $logoutTime[0] + $logoutTime[1] - (60 * $loginTime[0] + $loginTime[1]);
$this->updateWorkingHour($user_id, $totalTime);
SessionCache::unsetKey('login_time');
SessionCache::unsetKey('cookie');
}
public function control()
{
if ($this->isLoggedIn()) {
$config = Config::getInstance();
$this->setViewTemplate($this->tpl_name);
$first_name = SessionCache::get('first_name');
//$first_name = 'Session';
$this->addToView('first_name', $first_name);
//flush();
return $this->generateView();
} else {
$controller = new LoginController(true);
return $controller->go();
}
}
public function testControl()
{
$builders = $this->buildData();
$config = Config::getInstance();
$escaped_site_root_path = str_replace('/', '\\/', $config->getValue('site_root_path'));
$controller = new TestAuthAPIController(true);
// No username, no API secret provided
// This isn't an API call, so present HTML error output
$results = $controller->go();
$this->assertPattern('/session\\/login.php\\?redirect\\=/', $controller->redirect_destination);
// No API secret provided
// This isn't an API call, so present HTML error output
$_GET['un'] = '*****@*****.**';
$results = $controller->go();
$this->assertPattern('/session\\/login.php\\?redirect\\=/', $controller->redirect_destination);
// Wrong API secret provided
$_GET['as'] = 'fail_me';
$results = $controller->go();
$this->assertPattern("/UnauthorizedUserException/", $results);
$this->assertPattern("/Unauthorized API call/", $results);
$controller = new TestAuthAPIController(true);
// Wrong username provided
$_GET['as'] = 'c9089f3c9adaf0186f6ffb1ee8d6501c';
$_GET['un'] = 'fail_me';
$results = $controller->go();
$this->assertPattern("/UnauthorizedUserException/", $results);
$this->assertPattern("/Unauthorized API call/", $results);
// Working request
$_GET['un'] = '*****@*****.**';
$_GET['as'] = 'c9089f3c9adaf0186f6ffb1ee8d6501c';
$results = $controller->go();
$this->assertPattern('/{"result":"success"}/', $results);
$config = Config::getInstance();
$this->assertEqual(SessionCache::get('user'), '*****@*****.**');
// Now that _SESSION['user'] is set, we shouldn't need to provide un/as to use this controller
// Also, the result will be returned as HTML, not JSON
unset($_GET['as']);
$results = $controller->go();
$this->assertPattern('/<html><body>Success<\\/body><\\/html>/', $results);
// And just to make sure, if we 'logout', we should be denied access now
Session::logout();
$results = $controller->go();
$this->assertPattern('/ControllerAuthException/', $results);
$this->assertPattern('/You must/', $results);
$this->assertPattern('/log in/', $results);
}
public function addNotify($what, $type = 0)
{
$notify_dao = DAOFactory::getDAO('NotifyDAO');
$notify = array();
$notify['notify_type'] = $type;
$notify['user_id'] = SessionCache::get('user_id');
$notify['title'] = "<a href=#>Prabhat</a> added You a" . $what;
$notify['body'] = makeNotifyBody($what);
// will contain user Image + Title + Date/Time.
if ($notify_dao->insertNotification($notify)) {
$notify_id = $notify_dao->getInsertId();
unset($notify['notify_type']);
unset($notify['event_class']);
//$notify['user_id'] = $this->getLoggedInUser();
$notify['user_id'] = $who;
$notify_dao->insertMakeNotification($notify);
}
}
/**
* Override the parent's go method because there is no view manager here--we're outputting the image directly.
*/
public function go()
{
$config = Config::getInstance();
$random_num = rand(1000, 99999);
SessionCache::put('ckey', md5($random_num));
$img = rand(1, 4);
Utils::defineConstants();
$captcha_bg_image_path = THINKUP_WEBAPP_PATH . "assets/img/captcha/bg" . $img . ".PNG";
$img_handle = imageCreateFromPNG($captcha_bg_image_path);
if ($img_handle === false) {
echo 'CAPTCHA image could not be created from ' . $captcha_bg_image_path;
} else {
$this->setContentType('image/png');
$color = ImageColorAllocate($img_handle, 0, 0, 0);
ImageString($img_handle, 5, 20, 13, $random_num, $color);
ImagePng($img_handle);
ImageDestroy($img_handle);
}
}
public function modifyCountry($country_id, $update_arr)
{
$modified_by = SessionCache::get('user_id');
$q = " UPDATE #prefix#country SET modified_by=:modified_by,modified_date=NOW ";
$vars = array();
foreach ($update_arr as $key => $value) {
$q .= ", " . $key . "=:" . $value;
$field = ":" . $key;
$vars[$field] = $value;
}
$vars[':modified_by'] = $modified_by;
$vars[':country_id'] = $country_id;
$q .= " WHERE id =:country_id";
if ($this->profiler_enabled) {
Profiler::setDAOMethod(__METHOD__);
}
$ps = $this->execute($q, $vars);
return $this->getUpdateCount($ps);
}
public function authControl()
{
if (!$this->is_missing_param) {
$username = $_GET['u'];
$network = $_GET['n'];
$user_dao = DAOFactory::getDAO('UserDAO');
$page = isset($_GET['page']) && is_numeric($_GET['page']) ? $_GET['page'] : 1;
if ($user_dao->isUserInDBByName($username, $network)) {
$this->setPageTitle('User Details: ' . $username);
$user = $user_dao->getUserByName($username, $network);
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$this->addToView('instances', $instance_dao->getByOwner($owner));
$this->addToView('profile', $user);
$post_dao = DAOFactory::getDAO('PostDAO');
$user_posts = $post_dao->getAllPosts($user->user_id, $user->network, 20, $page);
$this->addToView('user_statuses', $user_posts);
if (sizeof($user_posts) == 20) {
$this->addToView('next_page', $page + 1);
}
$this->addToView('last_page', $page - 1);
$this->addToView('sources', $post_dao->getStatusSources($user->user_id, $user->network));
if (SessionCache::isKeySet('selected_instance_username') && SessionCache::isKeySet('selected_instance_network')) {
$i = $instance_dao->getByUsername(SessionCache::get('selected_instance_username'), SessionCache::get('selected_instance_network'));
if (isset($i)) {
$this->addToView('instance', $i);
$exchanges = $post_dao->getExchangesBetweenUsers($i->network_user_id, $i->network, $user->user_id);
$this->addToView('exchanges', $exchanges);
$this->addToView('total_exchanges', count($exchanges));
$follow_dao = DAOFactory::getDAO('FollowDAO');
$mutual_friends = $follow_dao->getMutualFriends($user->user_id, $i->network_user_id, $i->network);
$this->addToView('mutual_friends', $mutual_friends);
$this->addToView('total_mutual_friends', count($mutual_friends));
}
}
} else {
$this->addErrorMessage($username . ' is not in the system.');
}
}
return $this->generateView();
}
public static function addCompany($company_data, $client_setup = false)
{
if (isset($branch_data)) {
//Checking the required params.
foreach (self::$REQUIRED_PARAMS as $param) {
if (!isset($branch_data[$param]) || $branch_data[$param] == '') {
self::$is_missing_param = true;
break;
}
}
if (!$this->is_missing_param) {
$branch_data['added_by'] = SessionCache::get('user_id');
$company_dao = DAOFactory::getDAO('CompanyDAO');
$ret = $company_dao->insertCompanyBranch($branch_data);
return $ret;
} else {
//$this->sendJsonResponse(0,$msg);
}
}
}
public function testControl()
{
$builders = $this->buildData();
$config = Config::getInstance();
$escaped_site_root_path = str_replace('/', '\\/', $config->getValue('site_root_path'));
$controller = new TestAuthAPIController(true);
// No username, no API secret provided
// This isn't an API call, so present HTML error output
$results = $controller->go();
$this->assertPattern('/You must <a href="' . $escaped_site_root_path . 'session\\/login.php">log in<\\/a> to do this./', $results);
// No API secret provided
// This isn't an API call, so present HTML error output
$_GET['un'] = '*****@*****.**';
$results = $controller->go();
$this->assertPattern('/You must <a href="' . $escaped_site_root_path . 'session\\/login.php">log in<\\/a> to do this./', $results);
// Wrong API secret provided
$_GET['as'] = 'fail_me';
$results = $controller->go();
$this->assertPattern("/UnauthorizedUserException: Unauthorized API call/", $results);
// Wrong username provided
$_GET['as'] = Session::getAPISecretFromPassword('XXX');
$_GET['un'] = 'fail_me';
$results = $controller->go();
$this->assertPattern("/UnauthorizedUserException: Unauthorized API call/", $results);
// Working request
$_GET['un'] = '*****@*****.**';
$_GET['as'] = Session::getAPISecretFromPassword('XXX');
$results = $controller->go();
$this->assertPattern('/{"result":"success"}/', $results);
$config = Config::getInstance();
$this->assertEqual(SessionCache::get('user'), '*****@*****.**');
// Now that _SESSION['user'] is set, we shouldn't need to provide un/as to use this controller
// Also, the result will be returned as HTML, not JSON
unset($_GET['as']);
$results = $controller->go();
$this->assertPattern('/<html/', $results);
// And just to make sure, if we 'logout', we should be denied access now
Session::logout();
$results = $controller->go();
$this->assertPattern('/You must <a href="' . $escaped_site_root_path . 'session\\/login.php">log in<\\/a> to do this./', $results);
}
public function check()
{
switch ($this->type) {
case 1:
$resp = recaptcha_check_answer($this->prikey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$this->msg = $resp->error;
return false;
} else {
return true;
}
break;
default:
if (strcmp(md5($_POST['user_code']), SessionCache::get('ckey'))) {
$this->msg = "Wrong text, try again";
return false;
} else {
return true;
}
break;
}
}
public function testPutGetIsset()
{
$config = Config::getInstance();
//nothing is set
$this->assertNull(SessionCache::get('my_key'));
$this->assertFalse(SessionCache::isKeySet('my_key'));
//set a key
SessionCache::put('my_key', 'my_value');
$this->assertTrue(isset($_SESSION[$config->getValue('source_root_path')]));
$this->assertEqual($_SESSION[$config->getValue('source_root_path')]['my_key'], 'my_value');
$this->assertEqual(SessionCache::get('my_key'), 'my_value');
//overwrite existing key
SessionCache::put('my_key', 'my_value2');
$this->assertTrue($_SESSION[$config->getValue('source_root_path')]['my_key'] != 'my_value');
$this->assertEqual($_SESSION[$config->getValue('source_root_path')]['my_key'], 'my_value2');
//set another key
SessionCache::put('my_key2', 'my_other_value');
$this->assertEqual($_SESSION[$config->getValue('source_root_path')]['my_key2'], 'my_other_value');
//unset first key
SessionCache::unsetKey('my_key');
$this->assertNull(SessionCache::get('my_key'));
$this->assertFalse(SessionCache::isKeySet('my_key'));
}
/**
* Set the instance variable based on request and logged-in status
* Add the list of avaiable instances to the view you can switch to in the dropdown based on logged-in status
*/
private function setInstance()
{
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$config = Config::getInstance();
if ($this->isLoggedIn()) {
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
if (isset($_GET["u"]) && isset($_GET['n'])) {
$instance = $instance_dao->getByUsernameOnNetwork(stripslashes($_GET["u"]), $_GET['n']);
if (isset($instance)) {
$owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO');
if ($owner_instance_dao->doesOwnerHaveAccessToInstance($owner, $instance)) {
$this->instance = $instance;
} else {
$this->instance = null;
$this->addErrorMessage("Insufficient privileges");
}
} else {
$this->addErrorMessage(stripslashes($_GET["u"]) . " on " . ucfirst($_GET['n']) . " is not in ThinkUp.");
}
} else {
$this->instance = $instance_dao->getFreshestByOwnerId($owner->id);
}
$this->addToView('instances', $instance_dao->getByOwner($owner));
} else {
if (isset($_GET["u"]) && isset($_GET['n'])) {
$instance = $instance_dao->getByUsernameOnNetwork(stripslashes($_GET["u"]), $_GET['n']);
if (isset($instance)) {
if ($instance->is_public) {
$this->instance = $instance;
} else {
$this->addErrorMessage("Insufficient privileges");
}
} else {
$this->addErrorMessage(stripslashes($_GET["u"]) . " on " . ucfirst($_GET['n']) . " is not in ThinkUp.");
}
}
$this->addToView('instances', $instance_dao->getPublicInstances());
}
if (!isset($this->instance)) {
// A specific instance wasn't passed in the URL (or isn't accessible), get a default one
$instance_id_to_display = $config->getValue('default_instance');
$instance_id_to_display = intval($instance_id_to_display);
if ($instance_id_to_display != 0) {
$this->instance = $instance_dao->get($instance_id_to_display);
}
if (!isset($this->instance) || !$this->instance->is_public) {
$this->instance = $instance_dao->getInstanceFreshestPublicOne();
}
}
if (isset($this->instance)) {
//user
$user_dao = DAOFactory::getDAO('UserDAO');
$user = $user_dao->getDetails($this->instance->network_user_id, $this->instance->network);
$this->addToView('user_details', $user);
if (Session::isLoggedIn() && !isset($user)) {
$this->addInfoMessage("Oops! There's no information about " . $this->instance->network_username . " on " . ucfirst($this->instance->network) . " to display.");
$this->addToView('show_update_now_button', true);
}
SessionCache::put('selected_instance_network', $this->instance->network);
SessionCache::put('selected_instance_username', $this->instance->network_username);
//check Realtime last update and overwrite instance->last_update
$stream_proc_dao = DAOFactory::getDAO('StreamProcDAO');
$process = $stream_proc_dao->getProcessInfoForInstance($this->instance->id);
if (isset($process)) {
//$this->instance->crawler_last_run = $process['last_report'];
$this->instance->crawler_last_run = 'realtime';
}
$this->addToView('instance', $this->instance);
} else {
SessionCache::put('selected_instance_network', null);
SessionCache::put('selected_instance_username', null);
}
$this->addToView('developer_log', $config->getValue('is_log_verbose'));
}
public function control()
{
if ($this->isLoggedIn()) {
$controller = new DashboardController(true);
return $controller->go();
} else {
// register form validation
$this->addHeaderCSS('assets/css/validate_password.css');
$this->addHeaderJavaScript('assets/js/jquery.validate.min.js');
$this->addHeaderJavaScript('assets/js/jquery.validate.password.js');
$this->addHeaderJavaScript('assets/js/validate_password.js');
$config = Config::getInstance();
$is_registration_open = $config->getValue('is_registration_open');
$this->disableCaching();
$invite_dao = DAOFactory::getDAO('InviteDAO');
if (isset($_GET['code'])) {
$invite_code = $_GET['code'];
} else {
$invite_code = null;
}
$this->addToView('invite_code', $invite_code);
$is_invite_code_valid = $invite_dao->isInviteValid($invite_code);
if ($invite_code != null && $is_invite_code_valid) {
$this->addSuccessMessage("Welcome, VIP! You've been invited to register on " . $config->getValue('app_title_prefix') . "ThinkUp.");
}
$has_been_registered = false;
if (!$is_registration_open && !$is_invite_code_valid) {
$this->addToView('closed', true);
$disable_xss = true;
$this->addErrorMessage('<p>Sorry, registration is closed on this installation of ' . $config->getValue('app_title_prefix') . "ThinkUp.</p>" . '<p><a href="http://thinkupapp.com">Install ThinkUp on your own server.</a></p>', null, $disable_xss);
} else {
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$this->addToView('closed', false);
$captcha = new Captcha();
if (isset($_POST['Submit']) && $_POST['Submit'] == 'Register') {
foreach ($this->REQUIRED_PARAMS as $param) {
if (!isset($_POST[$param]) || $_POST[$param] == '') {
$this->addErrorMessage('Please fill out all required fields.');
$this->is_missing_param = true;
}
}
if (!$this->is_missing_param) {
$valid_input = true;
if (!Utils::validateEmail($_POST['email'])) {
$this->addErrorMessage("Incorrect email. Please enter valid email address.", 'email');
$valid_input = false;
}
if (strcmp($_POST['pass1'], $_POST['pass2']) || empty($_POST['pass1'])) {
$this->addErrorMessage("Passwords do not match.", 'password');
$valid_input = false;
} else {
if (!preg_match("/(?=.{8,})(?=.*[a-zA-Z])(?=.*[0-9])/", $_POST['pass1'])) {
$this->addErrorMessage("Password must be at least 8 characters and contain both numbers " . "and letters.", 'password');
$valid_input = false;
}
}
if (!$captcha->doesTextMatchImage()) {
$this->addErrorMessage("Entered text didn't match the image. Please try again.", 'captcha');
$valid_input = false;
}
if ($valid_input) {
if ($owner_dao->doesOwnerExist($_POST['email'])) {
$this->addErrorMessage("User account already exists.", 'email');
} else {
// Insert the details into the database
$activation_code = $owner_dao->create($_POST['email'], $_POST['pass2'], $_POST['full_name']);
if ($activation_code != false) {
$es = new ViewManager();
$es->caching = false;
$es->assign('application_url', Utils::getApplicationURL(false));
$es->assign('email', urlencode($_POST['email']));
$es->assign('activ_code', $activation_code);
$message = $es->fetch('_email.registration.tpl');
Mailer::mail($_POST['email'], "Activate Your Account on " . $config->getValue('app_title_prefix') . "ThinkUp", $message);
SessionCache::unsetKey('ckey');
$this->addSuccessMessage("Success! Check your email for an activation link.");
//delete invite code
if ($is_invite_code_valid) {
$invite_dao->deleteInviteCode($invite_code);
}
$has_been_registered = true;
} else {
$this->addErrorMessage("Unable to register a new user. Please try again.");
}
}
}
}
if (isset($_POST["full_name"])) {
$this->addToView('name', $_POST["full_name"]);
}
if (isset($_POST["email"])) {
$this->addToView('mail', $_POST["email"]);
}
$this->addToView('has_been_registered', $has_been_registered);
}
$challenge = $captcha->generate();
$this->addToView('captcha', $challenge);
}
$this->view_mgr->addHelp('register', 'userguide/accounts/index');
return $this->generateView();
}
}
/**
* Sets/deletes in the session to let us know we needed to run the Snowflake migration.
* @param bool $delete Delete the session if true
* @param mixed $value Session value, defaults to false
* @return mixed Boolean true if successful, else contents of session key
*/
public function setSnowflakeSession($value = false, $delete = false)
{
$key = 'runnig_snowflake_uprade';
if ($delete) {
if (SessionCache::isKeySet($key)) {
SessionCache::unsetKey($key);
return true;
}
} else {
if ($value) {
SessionCache::put($key, $value);
return true;
} else {
if (SessionCache::isKeySet($key)) {
return SessionCache::get($key);
} else {
return false;
}
}
}
return false;
}
public function adminControl()
{
$this->disableCaching();
$option_dao = DAOFactory::getDAO("OptionDAO");
if (isset($_POST['save'])) {
// verify CSRF token
$this->validateCSRFToken();
$required = array();
$config_values = array();
$parent_config_values = array();
$app_config = AppConfig::getConfigData();
$values = 0;
foreach ($app_config as $key => $value) {
$app_config[$key]['title'] = isset($app_config[$key]['title']) ? $app_config[$key]['title'] : $key;
if (isset($_POST[$key]) && $_POST[$key] != '' || $app_config[$key]['required'] && ((!isset($app_config[$key]['value']) || $app_config[$key]['value'] == '') && !isset($required[$key]))) {
$config_values[$key] = $app_config[$key];
if (isset($_POST[$key])) {
$config_values[$key]['value'] = $_POST[$key];
$values++;
}
$config_values[$key]['value'] = isset($_POST[$key]) ? $_POST[$key] : '';
if (isset($app_config[$key]['match']) && !preg_match($app_config[$key]['match'], $config_values[$key]['value'])) {
$required[$key] = $app_config[$key]['title'] . ' should ' . $app_config[$key]['match_message'];
}
if (isset($app_config[$key]['dependencies'])) {
foreach ($config_values[$key]['dependencies'] as $dep_key) {
$config_values[$dep_key]['value'] = isset($_POST[$dep_key]) ? $_POST[$dep_key] : '';
$value = $config_values[$dep_key]['value'];
if (isset($app_config[$dep_key]['match']) && !preg_match($app_config[$dep_key]['match'], $value)) {
$required[$dep_key] = $app_config[$dep_key]['title'] . ' is required if ' . $app_config[$key]['title'] . ' is set ' . $app_config[$dep_key]['match_message'];
}
}
}
}
// strip magic quotes if enabled...
if (get_magic_quotes_gpc() && isset($config_values[$key]['value'])) {
$config_values[$key]['value'] = stripslashes($config_values[$key]['value']);
}
}
if (count($required) > 0) {
$this->setJsonData(array('status' => 'failed', 'required' => $required));
} else {
// save our data
$saved = 0;
$deleted = 0;
foreach ($config_values as $key => $config_value) {
$config = $option_dao->getOptionByName(OptionDAO::APP_OPTIONS, $key);
if ($config_value['value'] != '') {
if ($config) {
$option_dao->updateOption($config->option_id, $config_value['value']);
} else {
$option_dao->insertOption(OptionDAO::APP_OPTIONS, $key, $config_value['value']);
}
$saved++;
}
}
foreach ($app_config as $key => $value) {
// delete the record if it exists and is empty in the post request
if (!isset($config_values[$key]['value']) || $config_values[$key]['value'] == '') {
$config = $option_dao->getOptionByName(OptionDAO::APP_OPTIONS, $key);
if ($config) {
$option_dao->deleteOption($config->option_id);
$deleted++;
}
}
}
$this->setJsonData(array('status' => 'success', 'saved' => $saved, 'deleted' => $deleted));
SessionCache::unsetKey('selected_instance_network');
SessionCache::unsetKey('selected_instance_username');
}
} else {
$config_values = $option_dao->getOptions(OptionDAO::APP_OPTIONS);
$app_config = AppConfig::getConfigData();
$filtered_config_values = array();
foreach ($app_config as $key => $value) {
if (isset($config_values[$key])) {
$filtered_config_values[$key] = $config_values[$key];
}
}
$this->setJsonData(array('values' => $filtered_config_values, 'app_config_settings' => $app_config));
}
return $this->generateView();
}
public function testVerifyDBness()
{
$config = Config::getInstance();
$config->setValue('use_db_sessions', true);
session_id(md5(time()));
SessionCache::init();
SessionCache::put('my_key', 'my_value2');
$dao = DAOFactory::getDAO('SessionDAO');
$data = $dao->read(session_id());
$this->assertEqual('', $data);
session_write_close();
$data = $dao->read(session_id());
$this->assertPattern('/my_key/', $data);
$this->assertPattern('/my_value2/', $data);
$this->assertNotEqual('', $data);
// Retrieve it manually just to make sure
$sql = "SELECT * FROM tu_sessions";
$stmt = SessionMySQLDAO::$PDO->query($sql);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$this->assertPattern('/my_key/', $row['data']);
$this->assertPattern('/my_value2/', $row['data']);
}
/**
* Check the $_POST'ed CAPTCHA inputs match the contents of the CAPTCHA.
* @return bool
*/
public function doesTextMatchImage()
{
//if in test mode, assume check is good if user_code is set to 123456
if (Utils::isTest()) {
if (isset($_POST['user_code']) && $_POST['user_code'] == '123456') {
return true;
} else {
return false;
}
}
switch ($this->type) {
case self::RECAPTCHA_CAPTCHA:
$config = Config::getInstance();
$priv_key = $config->getValue('recaptcha_private_key');
$resp = recaptcha_check_answer($priv_key, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
return false;
} else {
return true;
}
break;
default:
if (strcmp(md5($_POST['user_code']), SessionCache::get('ckey'))) {
return false;
} else {
return true;
}
break;
}
}
/**
* Set the instance variable based on request and logged-in status
* Add the list of avaiable instances to the view you can switch to in the dropdown based on logged-in status
*/
private function setInstance()
{
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$config = Config::getInstance();
$instance_id_to_display = $config->getValue('default_instance');
$instance_id_to_display = intval($instance_id_to_display);
if ($instance_id_to_display != 0) {
$this->instance = $instance_dao->get($instance_id_to_display);
}
if (!isset($this->instance) || !$this->instance->is_public) {
$this->instance = $instance_dao->getInstanceFreshestPublicOne();
}
if ($this->isLoggedIn()) {
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
if (isset($_GET["u"]) && isset($_GET['n'])) {
$instance = $instance_dao->getByUsernameOnNetwork($_GET["u"], $_GET['n']);
$owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO');
if ($owner_instance_dao->doesOwnerHaveAccess($owner, $instance)) {
$this->instance = $instance;
} else {
$this->instance = null;
$this->addErrorMessage("Insufficient privileges");
}
} else {
$this->instance = $instance_dao->getFreshestByOwnerId($owner->id);
}
$this->addToView('instances', $instance_dao->getByOwner($owner));
} else {
if (isset($_GET["u"]) && isset($_GET['n'])) {
$instance = $instance_dao->getByUsernameOnNetwork($_GET["u"], $_GET['n']);
if ($instance->is_public) {
$this->instance = $instance;
} else {
$this->addErrorMessage("Insufficient privileges");
}
}
$this->addToView('instances', $instance_dao->getPublicInstances());
}
if (isset($this->instance)) {
//user
$user_dao = DAOFactory::getDAO('UserDAO');
$user = $user_dao->getDetails($this->instance->network_user_id, $this->instance->network);
$this->addToView('user_details', $user);
SessionCache::put('selected_instance_network', $this->instance->network);
SessionCache::put('selected_instance_username', $this->instance->network_username);
$this->addToView('instance', $this->instance);
}
}
/**
* Process actions based on $_GET parameters. Authorize FB user or add FB page.
* @param arr $options Facebook plugin options
* @param Facebook $facebook Facebook object
*/
protected function processPageActions($options, Facebook $facebook)
{
//authorize user
if (isset($_GET["code"]) && isset($_GET["state"])) {
//validate state to avoid CSRF attacks
if ($_GET["state"] == SessionCache::get('facebook_auth_csrf')) {
//Prepare API request
//First, prep redirect URI
$redirect_uri = urlencode(Utils::getApplicationURL() . 'account/?p=facebook');
//Build API request URL
$api_req = 'https://graph.facebook.com/oauth/access_token?client_id=' . $options['facebook_app_id']->option_value . '&client_secret=' . $options['facebook_api_secret']->option_value . '&redirect_uri=' . $redirect_uri . '&state=' . SessionCache::get('facebook_auth_csrf') . '&code=' . $_GET["code"];
$access_token_response = FacebookGraphAPIAccessor::rawApiRequest($api_req, false);
parse_str($access_token_response);
if (isset($access_token)) {
/**
* Swap in short-term token for long-lived token as per
* https://developers.facebook.com/docs/facebook-login/access-tokens/#extending
*/
$api_req = 'https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=' . $options['facebook_app_id']->option_value . '&client_secret=' . $options['facebook_api_secret']->option_value . '&fb_exchange_token=' . $access_token;
$access_token_response = FacebookGraphAPIAccessor::rawApiRequest($api_req, false);
parse_str($access_token_response);
$facebook->setAccessToken($access_token);
$fb_user_profile = $facebook->api('/me');
$fb_username = $fb_user_profile['name'];
$fb_user_id = $fb_user_profile['id'];
if (empty($fb_username)) {
$error = 'Sorry, ThinkUp does not support business accounts.';
$this->addErrorMessage($error, 'authorization');
} else {
$this->addSuccessMessage($this->saveAccessToken($fb_user_id, $access_token, $fb_username), 'authorization');
}
} else {
$error_msg = "Problem authorizing your Facebook account! Please correct your plugin settings.";
$error_object = json_decode($access_token_response);
if (isset($error_object) && isset($error_object->error->type) && isset($error_object->error->message)) {
$error_msg = $error_msg . "<br>Facebook says: \"" . $error_object->error->type . ": " . $error_object->error->message . "\"";
} else {
$error_msg = $error_msg . "<br>Facebook's response: \"" . $access_token_response . "\"";
}
$this->addErrorMessage($error_msg, 'authorization', true);
}
} else {
$this->addErrorMessage("Could not authenticate Facebook account due to invalid CSRF token.", 'authorization');
}
}
//insert pages
if (isset($_GET["action"]) && $_GET["action"] == "add page" && isset($_GET["facebook_page_id"]) && isset($_GET["viewer_id"]) && isset($_GET["owner_id"]) && isset($_GET["instance_id"])) {
//get access token
$oid = DAOFactory::getDAO('OwnerInstanceDAO');
$tokens = $oid->getOAuthTokens($_GET["instance_id"]);
$access_token = $tokens['oauth_access_token'];
$page_data = FacebookGraphAPIAccessor::apiRequest('/' . $_GET["facebook_page_id"], $access_token, "id,name,picture");
self::insertPage($page_data->id, $_GET["viewer_id"], $_GET["instance_id"], $page_data->name, $page_data->picture->data->url);
}
}
public function testSession()
{
$optiondao = new OptionMySQLDAO();
$config = Config::getInstance();
$app_path = $config->getValue('source_root_path');
// set session data
$optiondao->setSessionData('bla', array('name' => 'value'));
$key = 'options_data:bla';
$this->assertIdentical(array('name' => 'value'), SessionCache::get($key));
// clear session data
$optiondao->clearSessionData('bla');
$this->assertFalse(SessionCache::isKeySet($key));
// get session data
$this->assertFalse($optiondao->getSessionData('bla'));
// no data
// with data
SessionCache::put($key, array('name' => 'value'));
$this->assertIdentical(array('name' => 'value'), $optiondao->getSessionData('bla'));
// test updates
$data1 = array('namespace' => 'test', 'option_name' => 'testname', 'option_value' => 'test_value');
$builder1 = FixtureBuilder::build(self::TEST_TABLE, $data1);
$options = $optiondao->getOptions('test');
$this->assertNotNull($options);
# update by name
$optiondao->updateOptionByName('test', 'testname', 'test_value123');
$options = $optiondao->getOptions('test');
$this->assertEqual($options['testname']->option_value, 'test_value123');
# update by id
$optiondao->updateOption($options['testname']->option_id, 'test_value1234');
$options = $optiondao->getOptions('test');
$this->assertEqual($options['testname']->option_value, 'test_value1234');
# delete by name
$optiondao->deleteOptionByName('test', 'testname');
$options = $optiondao->getOptions('test');
$this->assertNull($options);
# delete by id
$builder1 = null;
$builder1 = FixtureBuilder::build(self::TEST_TABLE, $data1);
$optiondao->deleteOption($builder1->columns['last_insert_id']);
$options = $optiondao->getOptions('test');
$this->assertNull($options);
}
/**
* Wrapper for logging in a ThinkUp user in a test
* @param str $email
* @param bool $is_admin Default to false
* @param bool $use_csrf_token Whether or not to put down valid CSRF token, default to false
*/
protected function simulateLogin($email, $is_admin = false, $use_csrf_token = false)
{
SessionCache::put('user', $email);
if ($is_admin) {
SessionCache::put('user_is_admin', true);
}
if ($use_csrf_token) {
SessionCache::put('csrf_token', self::CSRF_TOKEN);
}
}
public function testSaveConfigViewData()
{
$this->simulateLogin('*****@*****.**', true, true);
$_POST['save'] = true;
$_POST['csrf_token'] = parent::CSRF_TOKEN;
// no values
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 0);
$this->assertEqual($json_obj->deleted, 0);
// bad arg for is_registration_open
$_POST['is_opted_out_usage_stats'] = 'falsify';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'failed');
$this->assertNotNull($json_obj->required->is_opted_out_usage_stats);
$_POST['is_opted_out_usage_stats'] = 'false';
// bad arg for is_registration_open
$_POST['is_registration_open'] = 'falsey';
//$_POST['recaptcha_enable'] = 'false';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'failed');
$this->assertNotNull($json_obj->required->is_registration_open);
// bad arg for recaptcha
$_POST['is_registration_open'] = 'false';
$_POST['recaptcha_enable'] = 'false';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'failed');
$this->assertNotNull($json_obj->required->recaptcha_enable);
// bad deps for recaptcha
$_POST['recaptcha_enable'] = 'true';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'failed');
$this->assertNotNull($json_obj->required);
$this->assertNotNull($json_obj->required->recaptcha_public_key);
$this->assertNotNull($json_obj->required->recaptcha_private_key);
// valid save for recaptcha
$_POST['recaptcha_enable'] = 'true';
$_POST['recaptcha_public_key'] = '1234';
// test magic quotes if enabled...
if (get_magic_quotes_gpc()) {
$_POST['recaptcha_public_key'] = "1\\'23\\\"4";
}
$_POST['recaptcha_private_key'] = '1234abc';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 5);
// bad arg, not numeric
$_POST['default_instance'] = 'notanumber';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'failed');
$this->assertNotNull($json_obj->required);
$this->assertNotNull($json_obj->required->default_instance);
// bad arg, not completely numeric
$_POST['default_instance'] = '10notanumber';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'failed');
$this->assertNotNull($json_obj->required);
$this->assertNotNull($json_obj->required->default_instance);
// good single digit arg for default_instance
$_POST['default_instance'] = '1';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 6);
// good double digit arg for default_instance
$_POST['default_instance'] = '57';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 6);
// good triple digit arg for default_instance
$_POST['default_instance'] = '105';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 6);
//assert Session info re: selected instance has been cleared
$session_instance_network = SessionCache::get('selected_instance_network');
$session_instance_username = SessionCache::get('selected_instance_username');
$this->assertNull($session_instance_network);
$this->assertNull($session_instance_username);
$sql = "select * from " . $this->table_prefix . 'options where namespace = \'' . OptionDAO::APP_OPTIONS . '\' order by option_id';
$stmt = PluginOptionMySQLDAO::$PDO->query($sql);
$data = array();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
array_push($data, $row);
}
$stmt->closeCursor();
array_shift($data);
//shift off database version record
$this->assertEqual(count($data), 6);
$this->assertEqual($data[0]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[0]['option_name'], 'is_registration_open');
$this->assertEqual($data[0]['option_value'], 'false');
$this->assertEqual($data[1]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[1]['option_name'], 'recaptcha_enable');
$this->assertEqual($data[1]['option_value'], 'true');
$this->assertEqual($data[2]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[2]['option_name'], 'recaptcha_public_key');
$value = '1234';
if (get_magic_quotes_gpc()) {
$value = '1\'23"4';
}
$this->assertEqual($data[2]['option_value'], $value);
$this->assertEqual($data[3]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[3]['option_name'], 'recaptcha_private_key');
$this->assertEqual($data[3]['option_value'], '1234abc');
$this->assertEqual($data[4]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[4]['option_name'], 'is_opted_out_usage_stats');
$this->assertEqual($data[4]['option_value'], 'false');
$this->assertEqual($data[5]['option_name'], 'default_instance');
$this->assertEqual($data[5]['option_value'], '105');
// update records...
$_POST['is_registration_open'] = 'true';
$_POST['recaptcha_enable'] = 'true';
$_POST['recaptcha_public_key'] = '12345';
// test magic quotes if enabled...
if (get_magic_quotes_gpc()) {
$_POST['recaptcha_public_key'] = "1\\'23\\\"45";
}
$_POST['recaptcha_private_key'] = '12345abc';
$_POST['default_instance'] = '12345';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 6);
$this->assertEqual($json_obj->deleted, 0);
$sql = "select * from " . $this->table_prefix . 'options where namespace = \'' . OptionDAO::APP_OPTIONS . '\' order by option_id';
$stmt = PluginOptionMySQLDAO::$PDO->query($sql);
$data = array();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
array_push($data, $row);
}
$stmt->closeCursor();
array_shift($data);
//shift off database version record
$this->assertEqual(count($data), 6);
$this->assertEqual($data[0]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[0]['option_name'], 'is_registration_open');
$this->assertEqual($data[0]['option_value'], 'true');
$this->assertEqual($data[1]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[1]['option_name'], 'recaptcha_enable');
$this->assertEqual($data[1]['option_value'], 'true');
$this->assertEqual($data[2]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[2]['option_name'], 'recaptcha_public_key');
$value = '12345';
if (get_magic_quotes_gpc()) {
$value = '1\'23"45';
}
$this->assertEqual($data[2]['option_value'], $value);
$this->assertEqual($data[3]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[3]['option_name'], 'recaptcha_private_key');
$this->assertEqual($data[3]['option_value'], '12345abc');
$this->assertEqual($data[4]['option_value'], 'false');
$this->assertEqual($data[5]['option_value'], '12345');
// delete records...
$_POST['is_registration_open'] = 'true';
$_POST['recaptcha_enable'] = '';
$_POST['recaptcha_public_key'] = '';
$_POST['recaptcha_private_key'] = '';
$_POST['default_instance'] = '';
$_POST['is_opted_out_usage_stats'] = '';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 1);
$this->assertEqual($json_obj->deleted, 5);
$sql = "select * from " . $this->table_prefix . 'options where namespace = \'' . OptionDAO::APP_OPTIONS . '\' order by option_id';
$stmt = PluginOptionMySQLDAO::$PDO->query($sql);
$data = array();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
array_push($data, $row);
}
$stmt->closeCursor();
array_shift($data);
//shift off database version record
$this->assertEqual(count($data), 1);
}