public function __construct($session_started = false)
{
parent::__construct($session_started);
//$this->setViewTemplate('_user_register.tpl');
$this->addToView('first_name', SessionCache::get('first_name'));
$this->setPageTitle('User Registeration');
}
/**
* @return str Currently logged-in ThinkUp username (email address)
*/
public static function getLoggedInUser()
{
if (self::isLoggedIn()) {
return SessionCache::get('user');
} else {
return null;
}
}
private static function verifySignatureFirebase($jwt)
{
$jwtCertsJSON = SessionCache::get(self::$JWT_CERTS_CACHE_KEY);
if ($jwtCertsJSON === FALSE) {
$jwtCertsJSON = HttpUtil::processRequest('https://www.googleapis.com/oauth2/v1/certs');
SessionCache::set(self::$JWT_CERTS_CACHE_KEY, $jwtCertsJSON);
}
$jwtCerts = json_decode($jwtCertsJSON, TRUE);
return JWT::decode($jwt, $jwtCerts);
}
public function insertCompanyName($company_name)
{
$q = "INSERT INTO #prefix#company SET name=:company_name, ";
$q .= "added_by=:added_by, added_date=NOW();";
$vars = array(':company_name' => $company_name, ':added_by' => SessionCache::get('user_id'));
if ($this->profiler_enabled) {
Profiled::setDAOMethod(__METHOD__);
}
$ps = $this->execute($q, $vars);
return $this->getUpdateCount($ps);
}
private function getAccountIdByName($accountName)
{
$accountIdCacheKey = array('id' => 'ACCOUND_ID_FOR_' . strtolower($accountName), 'exp' => 3600);
// 1 hour
$accountId = SessionCache::get($accountIdCacheKey);
if ($accountId == NULL) {
$accountId = $this->getAccountIdByNameFromDB($accountName);
SessionCache::set($accountIdCacheKey, $accountId);
}
return $accountId;
}
public function disableLocation($location_id)
{
$modified_by = SessionCache::get('user_id');
$q = " UPDATE #prefix#city SET status=:status , modified_by = :modified_by, modified_date = NOW() WHERE id=:city_id";
$vars = array(':city_id' => $city_id, ':modified_by' => $modified_by, ':status' => 0);
if ($this->profiler_enabled) {
Profiler::setDAOMethod(__METHOD__);
}
$ps = $this->execute($q, $vars);
return $this->getUpdateCount($ps);
}
public function authControl()
{
if (!$this->is_missing_param) {
$request_token = $_GET['oauth_token'];
$request_token_secret = SessionCache::get('oauth_request_token_secret');
// get oauth values
$plugin_option_dao = DAOFactory::GetDAO('PluginOptionDAO');
$options = $plugin_option_dao->getOptionsHash('twitter', true);
//get cached
$to = new TwitterOAuth($options['oauth_consumer_key']->option_value, $options['oauth_consumer_secret']->option_value, $request_token, $request_token_secret);
$tok = $to->getAccessToken();
if (isset($tok['oauth_token']) && isset($tok['oauth_token_secret'])) {
$api = new TwitterAPIAccessorOAuth($tok['oauth_token'], $tok['oauth_token_secret'], $options['oauth_consumer_key']->option_value, $options['oauth_consumer_secret']->option_value, $options['num_twitter_errors']->option_value, $options['max_api_calls_per_crawl']->option_value, false);
$authed_twitter_user = $api->verifyCredentials();
// echo "User ID: ". $authed_twitter_user['user_id'];
// echo "User name: ". $authed_twitter_user['user_name'];
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
if ((int) $authed_twitter_user['user_id'] > 0) {
$instance_dao = DAOFactory::getDAO('TwitterInstanceDAO');
$instance = $instance_dao->getByUsername($authed_twitter_user['user_name'], 'twitter');
$owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO');
if (isset($instance)) {
$owner_instance = $owner_instance_dao->get($owner->id, $instance->id);
if ($owner_instance != null) {
$owner_instance_dao->updateTokens($owner->id, $instance->id, $tok['oauth_token'], $tok['oauth_token_secret']);
$this->addSuccessMessage($authed_twitter_user['user_name'] . " on Twitter is already set up in ThinkUp! To add a different Twitter account, " . "log out of Twitter.com in your browser and authorize ThinkUp again.");
} else {
if ($owner_instance_dao->insert($owner->id, $instance->id, $tok['oauth_token'], $tok['oauth_token_secret'])) {
$this->addSuccessMessage("Success! " . $authed_twitter_user['user_name'] . " on Twitter has been added to ThinkUp!");
} else {
$this->addErrorMessage("Error: Could not create an owner instance.");
}
}
} else {
$instance_dao->insert($authed_twitter_user['user_id'], $authed_twitter_user['user_name']);
$instance = $instance_dao->getByUsername($authed_twitter_user['user_name']);
if ($owner_instance_dao->insert($owner->id, $instance->id, $tok['oauth_token'], $tok['oauth_token_secret'])) {
$this->addSuccessMessage("Success! " . $authed_twitter_user['user_name'] . " on Twitter has been added to ThinkUp!");
} else {
$this->addErrorMessage("Error: Could not create an owner instance.");
}
}
}
} else {
$msg = "Error: Twitter authorization did not complete successfully. Check if your account already " . " exists. If not, please try again.";
$this->addErrorMessage($msg);
}
$this->view_mgr->clear_all_cache();
}
return $this->generateView();
}
public function userLogoutUpdate($reason = 1)
{
$user_id = SessionCache::get('user_id');
$cookie = SessionCache::get('cookie');
$q = "UPDATE #prefix#user_logon_info SET logout=NOW(), working_time = (logout-login)/60, logout_reason=:logout_reason ";
$q .= "WHERE user_id=:user_id AND cookie=:cookie";
$vars = array(':user_id' => $user_id, ':cookie' => $cookie, ':logout_reason' => $reason);
$ps = $this->execute($q, $vars);
$loginTime = explode(":", SessionCache::get('login_time'));
$logoutTime = explode(":", date('H:i'));
$totalTime = 60 * $logoutTime[0] + $logoutTime[1] - (60 * $loginTime[0] + $loginTime[1]);
$this->updateWorkingHour($user_id, $totalTime);
SessionCache::unsetKey('login_time');
SessionCache::unsetKey('cookie');
}
public function control()
{
if ($this->isLoggedIn()) {
$config = Config::getInstance();
$this->setViewTemplate($this->tpl_name);
$first_name = SessionCache::get('first_name');
//$first_name = 'Session';
$this->addToView('first_name', $first_name);
//flush();
return $this->generateView();
} else {
$controller = new LoginController(true);
return $controller->go();
}
}
public function testControl()
{
$builders = $this->buildData();
$config = Config::getInstance();
$escaped_site_root_path = str_replace('/', '\\/', $config->getValue('site_root_path'));
$controller = new TestAuthAPIController(true);
// No username, no API secret provided
// This isn't an API call, so present HTML error output
$results = $controller->go();
$this->assertPattern('/session\\/login.php\\?redirect\\=/', $controller->redirect_destination);
// No API secret provided
// This isn't an API call, so present HTML error output
$_GET['un'] = '*****@*****.**';
$results = $controller->go();
$this->assertPattern('/session\\/login.php\\?redirect\\=/', $controller->redirect_destination);
// Wrong API secret provided
$_GET['as'] = 'fail_me';
$results = $controller->go();
$this->assertPattern("/UnauthorizedUserException/", $results);
$this->assertPattern("/Unauthorized API call/", $results);
$controller = new TestAuthAPIController(true);
// Wrong username provided
$_GET['as'] = 'c9089f3c9adaf0186f6ffb1ee8d6501c';
$_GET['un'] = 'fail_me';
$results = $controller->go();
$this->assertPattern("/UnauthorizedUserException/", $results);
$this->assertPattern("/Unauthorized API call/", $results);
// Working request
$_GET['un'] = '*****@*****.**';
$_GET['as'] = 'c9089f3c9adaf0186f6ffb1ee8d6501c';
$results = $controller->go();
$this->assertPattern('/{"result":"success"}/', $results);
$config = Config::getInstance();
$this->assertEqual(SessionCache::get('user'), '*****@*****.**');
// Now that _SESSION['user'] is set, we shouldn't need to provide un/as to use this controller
// Also, the result will be returned as HTML, not JSON
unset($_GET['as']);
$results = $controller->go();
$this->assertPattern('/<html><body>Success<\\/body><\\/html>/', $results);
// And just to make sure, if we 'logout', we should be denied access now
Session::logout();
$results = $controller->go();
$this->assertPattern('/ControllerAuthException/', $results);
$this->assertPattern('/You must/', $results);
$this->assertPattern('/log in/', $results);
}
public function addNotify($what, $type = 0)
{
$notify_dao = DAOFactory::getDAO('NotifyDAO');
$notify = array();
$notify['notify_type'] = $type;
$notify['user_id'] = SessionCache::get('user_id');
$notify['title'] = "<a href=#>Prabhat</a> added You a" . $what;
$notify['body'] = makeNotifyBody($what);
// will contain user Image + Title + Date/Time.
if ($notify_dao->insertNotification($notify)) {
$notify_id = $notify_dao->getInsertId();
unset($notify['notify_type']);
unset($notify['event_class']);
//$notify['user_id'] = $this->getLoggedInUser();
$notify['user_id'] = $who;
$notify_dao->insertMakeNotification($notify);
}
}
public function modifyCountry($country_id, $update_arr)
{
$modified_by = SessionCache::get('user_id');
$q = " UPDATE #prefix#country SET modified_by=:modified_by,modified_date=NOW ";
$vars = array();
foreach ($update_arr as $key => $value) {
$q .= ", " . $key . "=:" . $value;
$field = ":" . $key;
$vars[$field] = $value;
}
$vars[':modified_by'] = $modified_by;
$vars[':country_id'] = $country_id;
$q .= " WHERE id =:country_id";
if ($this->profiler_enabled) {
Profiler::setDAOMethod(__METHOD__);
}
$ps = $this->execute($q, $vars);
return $this->getUpdateCount($ps);
}
public function authControl()
{
if (!$this->is_missing_param) {
$username = $_GET['u'];
$network = $_GET['n'];
$user_dao = DAOFactory::getDAO('UserDAO');
$page = isset($_GET['page']) && is_numeric($_GET['page']) ? $_GET['page'] : 1;
if ($user_dao->isUserInDBByName($username, $network)) {
$this->setPageTitle('User Details: ' . $username);
$user = $user_dao->getUserByName($username, $network);
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$this->addToView('instances', $instance_dao->getByOwner($owner));
$this->addToView('profile', $user);
$post_dao = DAOFactory::getDAO('PostDAO');
$user_posts = $post_dao->getAllPosts($user->user_id, $user->network, 20, $page);
$this->addToView('user_statuses', $user_posts);
if (sizeof($user_posts) == 20) {
$this->addToView('next_page', $page + 1);
}
$this->addToView('last_page', $page - 1);
$this->addToView('sources', $post_dao->getStatusSources($user->user_id, $user->network));
if (SessionCache::isKeySet('selected_instance_username') && SessionCache::isKeySet('selected_instance_network')) {
$i = $instance_dao->getByUsername(SessionCache::get('selected_instance_username'), SessionCache::get('selected_instance_network'));
if (isset($i)) {
$this->addToView('instance', $i);
$exchanges = $post_dao->getExchangesBetweenUsers($i->network_user_id, $i->network, $user->user_id);
$this->addToView('exchanges', $exchanges);
$this->addToView('total_exchanges', count($exchanges));
$follow_dao = DAOFactory::getDAO('FollowDAO');
$mutual_friends = $follow_dao->getMutualFriends($user->user_id, $i->network_user_id, $i->network);
$this->addToView('mutual_friends', $mutual_friends);
$this->addToView('total_mutual_friends', count($mutual_friends));
}
}
} else {
$this->addErrorMessage($username . ' is not in the system.');
}
}
return $this->generateView();
}
public static function addCompany($company_data, $client_setup = false)
{
if (isset($branch_data)) {
//Checking the required params.
foreach (self::$REQUIRED_PARAMS as $param) {
if (!isset($branch_data[$param]) || $branch_data[$param] == '') {
self::$is_missing_param = true;
break;
}
}
if (!$this->is_missing_param) {
$branch_data['added_by'] = SessionCache::get('user_id');
$company_dao = DAOFactory::getDAO('CompanyDAO');
$ret = $company_dao->insertCompanyBranch($branch_data);
return $ret;
} else {
//$this->sendJsonResponse(0,$msg);
}
}
}
public function testControl()
{
$builders = $this->buildData();
$config = Config::getInstance();
$escaped_site_root_path = str_replace('/', '\\/', $config->getValue('site_root_path'));
$controller = new TestAuthAPIController(true);
// No username, no API secret provided
// This isn't an API call, so present HTML error output
$results = $controller->go();
$this->assertPattern('/You must <a href="' . $escaped_site_root_path . 'session\\/login.php">log in<\\/a> to do this./', $results);
// No API secret provided
// This isn't an API call, so present HTML error output
$_GET['un'] = '*****@*****.**';
$results = $controller->go();
$this->assertPattern('/You must <a href="' . $escaped_site_root_path . 'session\\/login.php">log in<\\/a> to do this./', $results);
// Wrong API secret provided
$_GET['as'] = 'fail_me';
$results = $controller->go();
$this->assertPattern("/UnauthorizedUserException: Unauthorized API call/", $results);
// Wrong username provided
$_GET['as'] = Session::getAPISecretFromPassword('XXX');
$_GET['un'] = 'fail_me';
$results = $controller->go();
$this->assertPattern("/UnauthorizedUserException: Unauthorized API call/", $results);
// Working request
$_GET['un'] = '*****@*****.**';
$_GET['as'] = Session::getAPISecretFromPassword('XXX');
$results = $controller->go();
$this->assertPattern('/{"result":"success"}/', $results);
$config = Config::getInstance();
$this->assertEqual(SessionCache::get('user'), '*****@*****.**');
// Now that _SESSION['user'] is set, we shouldn't need to provide un/as to use this controller
// Also, the result will be returned as HTML, not JSON
unset($_GET['as']);
$results = $controller->go();
$this->assertPattern('/<html/', $results);
// And just to make sure, if we 'logout', we should be denied access now
Session::logout();
$results = $controller->go();
$this->assertPattern('/You must <a href="' . $escaped_site_root_path . 'session\\/login.php">log in<\\/a> to do this./', $results);
}
public function check()
{
switch ($this->type) {
case 1:
$resp = recaptcha_check_answer($this->prikey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$this->msg = $resp->error;
return false;
} else {
return true;
}
break;
default:
if (strcmp(md5($_POST['user_code']), SessionCache::get('ckey'))) {
$this->msg = "Wrong text, try again";
return false;
} else {
return true;
}
break;
}
}
public function testPutGetIsset()
{
$config = Config::getInstance();
//nothing is set
$this->assertNull(SessionCache::get('my_key'));
$this->assertFalse(SessionCache::isKeySet('my_key'));
//set a key
SessionCache::put('my_key', 'my_value');
$this->assertTrue(isset($_SESSION[$config->getValue('source_root_path')]));
$this->assertEqual($_SESSION[$config->getValue('source_root_path')]['my_key'], 'my_value');
$this->assertEqual(SessionCache::get('my_key'), 'my_value');
//overwrite existing key
SessionCache::put('my_key', 'my_value2');
$this->assertTrue($_SESSION[$config->getValue('source_root_path')]['my_key'] != 'my_value');
$this->assertEqual($_SESSION[$config->getValue('source_root_path')]['my_key'], 'my_value2');
//set another key
SessionCache::put('my_key2', 'my_other_value');
$this->assertEqual($_SESSION[$config->getValue('source_root_path')]['my_key2'], 'my_other_value');
//unset first key
SessionCache::unsetKey('my_key');
$this->assertNull(SessionCache::get('my_key'));
$this->assertFalse(SessionCache::isKeySet('my_key'));
}
/**
* Check the $_POST'ed CAPTCHA inputs match the contents of the CAPTCHA.
* @return bool
*/
public function doesTextMatchImage()
{
//if in test mode, assume check is good if user_code is set to 123456
if (Utils::isTest()) {
if (isset($_POST['user_code']) && $_POST['user_code'] == '123456') {
return true;
} else {
return false;
}
}
switch ($this->type) {
case self::RECAPTCHA_CAPTCHA:
$config = Config::getInstance();
$priv_key = $config->getValue('recaptcha_private_key');
$resp = recaptcha_check_answer($priv_key, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
return false;
} else {
return true;
}
break;
default:
if (strcmp(md5($_POST['user_code']), SessionCache::get('ckey'))) {
return false;
} else {
return true;
}
break;
}
}
/**
* Process actions based on $_GET parameters. Authorize FB user or add FB page.
* @param arr $options Facebook plugin options
* @param Facebook $facebook Facebook object
*/
protected function processPageActions($options, Facebook $facebook)
{
//authorize user
if (isset($_GET["code"]) && isset($_GET["state"])) {
//validate state to avoid CSRF attacks
if ($_GET["state"] == SessionCache::get('facebook_auth_csrf')) {
//Prepare API request
//First, prep redirect URI
$redirect_uri = urlencode(Utils::getApplicationURL() . 'account/?p=facebook');
//Build API request URL
$api_req = 'https://graph.facebook.com/oauth/access_token?client_id=' . $options['facebook_app_id']->option_value . '&client_secret=' . $options['facebook_api_secret']->option_value . '&redirect_uri=' . $redirect_uri . '&state=' . SessionCache::get('facebook_auth_csrf') . '&code=' . $_GET["code"];
$access_token_response = FacebookGraphAPIAccessor::rawApiRequest($api_req, false);
parse_str($access_token_response);
if (isset($access_token)) {
/**
* Swap in short-term token for long-lived token as per
* https://developers.facebook.com/docs/facebook-login/access-tokens/#extending
*/
$api_req = 'https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=' . $options['facebook_app_id']->option_value . '&client_secret=' . $options['facebook_api_secret']->option_value . '&fb_exchange_token=' . $access_token;
$access_token_response = FacebookGraphAPIAccessor::rawApiRequest($api_req, false);
parse_str($access_token_response);
$facebook->setAccessToken($access_token);
$fb_user_profile = $facebook->api('/me');
$fb_username = $fb_user_profile['name'];
$fb_user_id = $fb_user_profile['id'];
if (empty($fb_username)) {
$error = 'Sorry, ThinkUp does not support business accounts.';
$this->addErrorMessage($error, 'authorization');
} else {
$this->addSuccessMessage($this->saveAccessToken($fb_user_id, $access_token, $fb_username), 'authorization');
}
} else {
$error_msg = "Problem authorizing your Facebook account! Please correct your plugin settings.";
$error_object = json_decode($access_token_response);
if (isset($error_object) && isset($error_object->error->type) && isset($error_object->error->message)) {
$error_msg = $error_msg . "<br>Facebook says: \"" . $error_object->error->type . ": " . $error_object->error->message . "\"";
} else {
$error_msg = $error_msg . "<br>Facebook's response: \"" . $access_token_response . "\"";
}
$this->addErrorMessage($error_msg, 'authorization', true);
}
} else {
$this->addErrorMessage("Could not authenticate Facebook account due to invalid CSRF token.", 'authorization');
}
}
//insert pages
if (isset($_GET["action"]) && $_GET["action"] == "add page" && isset($_GET["facebook_page_id"]) && isset($_GET["viewer_id"]) && isset($_GET["owner_id"]) && isset($_GET["instance_id"])) {
//get access token
$oid = DAOFactory::getDAO('OwnerInstanceDAO');
$tokens = $oid->getOAuthTokens($_GET["instance_id"]);
$access_token = $tokens['oauth_access_token'];
$page_data = FacebookGraphAPIAccessor::apiRequest('/' . $_GET["facebook_page_id"], $access_token, "id,name,picture");
self::insertPage($page_data->id, $_GET["viewer_id"], $_GET["instance_id"], $page_data->name, $page_data->picture->data->url);
}
}
public function testSession()
{
$optiondao = new OptionMySQLDAO();
$config = Config::getInstance();
$app_path = $config->getValue('source_root_path');
// set session data
$optiondao->setSessionData('bla', array('name' => 'value'));
$key = 'options_data:bla';
$this->assertIdentical(array('name' => 'value'), SessionCache::get($key));
// clear session data
$optiondao->clearSessionData('bla');
$this->assertFalse(SessionCache::isKeySet($key));
// get session data
$this->assertFalse($optiondao->getSessionData('bla'));
// no data
// with data
SessionCache::put($key, array('name' => 'value'));
$this->assertIdentical(array('name' => 'value'), $optiondao->getSessionData('bla'));
// test updates
$data1 = array('namespace' => 'test', 'option_name' => 'testname', 'option_value' => 'test_value');
$builder1 = FixtureBuilder::build(self::TEST_TABLE, $data1);
$options = $optiondao->getOptions('test');
$this->assertNotNull($options);
# update by name
$optiondao->updateOptionByName('test', 'testname', 'test_value123');
$options = $optiondao->getOptions('test');
$this->assertEqual($options['testname']->option_value, 'test_value123');
# update by id
$optiondao->updateOption($options['testname']->option_id, 'test_value1234');
$options = $optiondao->getOptions('test');
$this->assertEqual($options['testname']->option_value, 'test_value1234');
# delete by name
$optiondao->deleteOptionByName('test', 'testname');
$options = $optiondao->getOptions('test');
$this->assertNull($options);
# delete by id
$builder1 = null;
$builder1 = FixtureBuilder::build(self::TEST_TABLE, $data1);
$optiondao->deleteOption($builder1->columns['last_insert_id']);
$options = $optiondao->getOptions('test');
$this->assertNull($options);
}
public function testSaveConfigViewData()
{
$this->simulateLogin('*****@*****.**', true, true);
$_POST['save'] = true;
$_POST['csrf_token'] = parent::CSRF_TOKEN;
// no values
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 0);
$this->assertEqual($json_obj->deleted, 0);
// bad arg for is_registration_open
$_POST['is_opted_out_usage_stats'] = 'falsify';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'failed');
$this->assertNotNull($json_obj->required->is_opted_out_usage_stats);
$_POST['is_opted_out_usage_stats'] = 'false';
// bad arg for is_registration_open
$_POST['is_registration_open'] = 'falsey';
//$_POST['recaptcha_enable'] = 'false';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'failed');
$this->assertNotNull($json_obj->required->is_registration_open);
// bad arg for recaptcha
$_POST['is_registration_open'] = 'false';
$_POST['recaptcha_enable'] = 'false';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'failed');
$this->assertNotNull($json_obj->required->recaptcha_enable);
// bad deps for recaptcha
$_POST['recaptcha_enable'] = 'true';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'failed');
$this->assertNotNull($json_obj->required);
$this->assertNotNull($json_obj->required->recaptcha_public_key);
$this->assertNotNull($json_obj->required->recaptcha_private_key);
// valid save for recaptcha
$_POST['recaptcha_enable'] = 'true';
$_POST['recaptcha_public_key'] = '1234';
// test magic quotes if enabled...
if (get_magic_quotes_gpc()) {
$_POST['recaptcha_public_key'] = "1\\'23\\\"4";
}
$_POST['recaptcha_private_key'] = '1234abc';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 5);
// bad arg, not numeric
$_POST['default_instance'] = 'notanumber';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'failed');
$this->assertNotNull($json_obj->required);
$this->assertNotNull($json_obj->required->default_instance);
// bad arg, not completely numeric
$_POST['default_instance'] = '10notanumber';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'failed');
$this->assertNotNull($json_obj->required);
$this->assertNotNull($json_obj->required->default_instance);
// good single digit arg for default_instance
$_POST['default_instance'] = '1';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 6);
// good double digit arg for default_instance
$_POST['default_instance'] = '57';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 6);
// good triple digit arg for default_instance
$_POST['default_instance'] = '105';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 6);
//assert Session info re: selected instance has been cleared
$session_instance_network = SessionCache::get('selected_instance_network');
$session_instance_username = SessionCache::get('selected_instance_username');
$this->assertNull($session_instance_network);
$this->assertNull($session_instance_username);
$sql = "select * from " . $this->table_prefix . 'options where namespace = \'' . OptionDAO::APP_OPTIONS . '\' order by option_id';
$stmt = PluginOptionMySQLDAO::$PDO->query($sql);
$data = array();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
array_push($data, $row);
}
$stmt->closeCursor();
array_shift($data);
//shift off database version record
$this->assertEqual(count($data), 6);
$this->assertEqual($data[0]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[0]['option_name'], 'is_registration_open');
$this->assertEqual($data[0]['option_value'], 'false');
$this->assertEqual($data[1]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[1]['option_name'], 'recaptcha_enable');
$this->assertEqual($data[1]['option_value'], 'true');
$this->assertEqual($data[2]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[2]['option_name'], 'recaptcha_public_key');
$value = '1234';
if (get_magic_quotes_gpc()) {
$value = '1\'23"4';
}
$this->assertEqual($data[2]['option_value'], $value);
$this->assertEqual($data[3]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[3]['option_name'], 'recaptcha_private_key');
$this->assertEqual($data[3]['option_value'], '1234abc');
$this->assertEqual($data[4]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[4]['option_name'], 'is_opted_out_usage_stats');
$this->assertEqual($data[4]['option_value'], 'false');
$this->assertEqual($data[5]['option_name'], 'default_instance');
$this->assertEqual($data[5]['option_value'], '105');
// update records...
$_POST['is_registration_open'] = 'true';
$_POST['recaptcha_enable'] = 'true';
$_POST['recaptcha_public_key'] = '12345';
// test magic quotes if enabled...
if (get_magic_quotes_gpc()) {
$_POST['recaptcha_public_key'] = "1\\'23\\\"45";
}
$_POST['recaptcha_private_key'] = '12345abc';
$_POST['default_instance'] = '12345';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 6);
$this->assertEqual($json_obj->deleted, 0);
$sql = "select * from " . $this->table_prefix . 'options where namespace = \'' . OptionDAO::APP_OPTIONS . '\' order by option_id';
$stmt = PluginOptionMySQLDAO::$PDO->query($sql);
$data = array();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
array_push($data, $row);
}
$stmt->closeCursor();
array_shift($data);
//shift off database version record
$this->assertEqual(count($data), 6);
$this->assertEqual($data[0]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[0]['option_name'], 'is_registration_open');
$this->assertEqual($data[0]['option_value'], 'true');
$this->assertEqual($data[1]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[1]['option_name'], 'recaptcha_enable');
$this->assertEqual($data[1]['option_value'], 'true');
$this->assertEqual($data[2]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[2]['option_name'], 'recaptcha_public_key');
$value = '12345';
if (get_magic_quotes_gpc()) {
$value = '1\'23"45';
}
$this->assertEqual($data[2]['option_value'], $value);
$this->assertEqual($data[3]['namespace'], OptionDAO::APP_OPTIONS);
$this->assertEqual($data[3]['option_name'], 'recaptcha_private_key');
$this->assertEqual($data[3]['option_value'], '12345abc');
$this->assertEqual($data[4]['option_value'], 'false');
$this->assertEqual($data[5]['option_value'], '12345');
// delete records...
$_POST['is_registration_open'] = 'true';
$_POST['recaptcha_enable'] = '';
$_POST['recaptcha_public_key'] = '';
$_POST['recaptcha_private_key'] = '';
$_POST['default_instance'] = '';
$_POST['is_opted_out_usage_stats'] = '';
$controller = new AppConfigController(true);
$results = $controller->control();
$json_obj = json_decode($results);
$this->assertEqual($json_obj->status, 'success');
$this->assertEqual($json_obj->saved, 1);
$this->assertEqual($json_obj->deleted, 5);
$sql = "select * from " . $this->table_prefix . 'options where namespace = \'' . OptionDAO::APP_OPTIONS . '\' order by option_id';
$stmt = PluginOptionMySQLDAO::$PDO->query($sql);
$data = array();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
array_push($data, $row);
}
$stmt->closeCursor();
array_shift($data);
//shift off database version record
$this->assertEqual(count($data), 1);
}
/**
* Constructs ThinkUpController
*
* Adds email address of currently logged in ThinkUp user, '' if not logged in, to view
* {$logged_in_user}
* @return ThinkUpController
*/
public function __construct($session_started = false)
{
try {
$config = Config::getInstance();
$this->profiler_enabled = Profiler::isEnabled();
if ($this->profiler_enabled) {
$this->start_time = microtime(true);
}
if ($config->getValue('timezone')) {
date_default_timezone_set($config->getValue('timezone'));
}
if (!$session_started) {
SessionCache::init();
}
$this->view_mgr = new ViewManager();
if (SessionCache::isKeySet('selected_instance_network') && SessionCache::isKeySet('selected_instance_username')) {
$this->addToView('selected_instance_network', SessionCache::get('selected_instance_network'));
$this->addToView('selected_instance_username', SessionCache::get('selected_instance_username'));
}
if ($this->isLoggedIn()) {
$this->addToView('logged_in_user', $this->getLoggedInUser());
}
if ($this->isAdmin()) {
$this->addToView('user_is_admin', true);
}
$THINKUP_VERSION = $config->getValue('THINKUP_VERSION');
$this->addToView('thinkup_version', $THINKUP_VERSION);
} catch (Exception $e) {
Loader::definePathConstants();
//echo 'sending this to Smarty:'.THINKUP_WEBAPP_PATH.'data/';
$cfg_array = array('site_root_path' => Utils::getSiteRootPathFromFileSystem(), 'source_root_path' => THINKUP_ROOT_PATH, 'datadir_path' => THINKUP_WEBAPP_PATH . 'data/', 'debug' => false, 'app_title_prefix' => "", 'cache_pages' => false);
$this->view_mgr = new ViewManager($cfg_array);
}
}
/**
* Returns a CSRF token that should be used whith _GETs and _POSTs requests.
* @return str CSRF token
*/
public static function getCSRFToken()
{
if (self::isLoggedIn()) {
return SessionCache::get('csrf_token');
} else {
return null;
}
}
/**
* Constructs ThinkUpController
*
* Adds email address of currently logged in ThinkUp user, '' if not logged in, to view
* {$logged_in_user}
* @return ThinkUpController
*/
public function __construct($session_started = false)
{
try {
$config = Config::getInstance();
$this->profiler_enabled = Profiler::isEnabled();
if ($this->profiler_enabled) {
$this->start_time = microtime(true);
}
if ($config->getValue('timezone')) {
date_default_timezone_set($config->getValue('timezone'));
}
if (!$session_started) {
SessionCache::init();
}
$this->view_mgr = new ViewManager();
if (SessionCache::isKeySet('selected_instance_network') && SessionCache::isKeySet('selected_instance_username')) {
$this->addToView('selected_instance_network', SessionCache::get('selected_instance_network'));
$this->addToView('selected_instance_username', SessionCache::get('selected_instance_username'));
}
if ($this->isLoggedIn()) {
$this->addToView('logged_in_user', $this->getLoggedInUser());
}
if ($this->isAdmin()) {
$this->addToView('user_is_admin', true);
}
$THINKUP_VERSION = $config->getValue('THINKUP_VERSION');
$this->addToView('thinkup_version', $THINKUP_VERSION);
if (Utils::isThinkUpLLC()) {
$thinkupllc_endpoint = $config->getValue('thinkupllc_endpoint');
$this->addToView('thinkupllc_endpoint', $thinkupllc_endpoint);
}
if (SessionCache::isKeySet('selected_instance_network') && SessionCache::isKeySet('selected_instance_username')) {
$this->addToView('selected_instance_network', SessionCache::get('selected_instance_network'));
$this->addToView('selected_instance_username', SessionCache::get('selected_instance_username'));
}
} catch (Exception $e) {
Loader::definePathConstants();
//echo 'sending this to Smarty:'.THINKUP_WEBAPP_PATH.'data/';
$cfg_array = array('site_root_path' => Utils::getSiteRootPathFromFileSystem(), 'source_root_path' => THINKUP_ROOT_PATH, 'datadir_path' => THINKUP_WEBAPP_PATH . 'data/', 'debug' => false, 'app_title_prefix' => "", 'cache_pages' => false);
$this->view_mgr = new ViewManager($cfg_array);
$this->setErrorTemplateState();
$this->addToView('error_type', get_class($e));
$disable_xss = false;
// if we are an installer exception, don't filter XSS, we have markup, and we trust this content
if (get_class($e) == 'InstallerException') {
$disable_xss = true;
}
$this->addErrorMessage($e->getMessage(), null, $disable_xss);
}
}
public function authControl()
{
$msg = "";
if (!$this->is_missing_param) {
$request_token = $_GET['oauth_token'];
$request_token_secret = SessionCache::get('oauth_request_token_secret');
// get oauth values
$plugin_option_dao = DAOFactory::GetDAO('PluginOptionDAO');
$options = $plugin_option_dao->getOptionsHash('twitter', true);
//get cached
$to = new TwitterOAuth($options['oauth_consumer_key']->option_value, $options['oauth_consumer_secret']->option_value, $request_token, $request_token_secret);
$tok = $to->getAccessToken();
if (isset($tok['oauth_token']) && isset($tok['oauth_token_secret'])) {
$api = new TwitterAPIAccessorOAuth($tok['oauth_token'], $tok['oauth_token_secret'], $options['oauth_consumer_key']->option_value, $options['oauth_consumer_secret']->option_value, $options['num_twitter_errors']->option_value, $options['max_api_calls_per_crawl']->option_value, false);
$u = $api->verifyCredentials();
//echo "User ID: ". $u['user_id'];
//echo "User name: ". $u['user_name'];
$twitter_id = $u['user_id'];
$tu = $u['user_name'];
$od = DAOFactory::getDAO('OwnerDAO');
$owner = $od->getByEmail($this->getLoggedInUser());
if ($twitter_id > 0) {
$msg = "<h2 class=\"subhead\">Twitter authentication successful!</h2>";
$instance_dao = DAOFactory::getDAO('TwitterInstanceDAO');
$i = $instance_dao->getByUsername($tu);
$owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO');
if (isset($i)) {
$msg .= "Instance already exists.<br />";
$oi = $oid->get($owner->id, $i->id);
if ($oi != null) {
$msg .= "Owner already has this instance, no insert required.<br />";
if ($oid->updateTokens($owner->id, $i->id, $tok['oauth_token'], $tok['oauth_token_secret'])) {
$msg .= "OAuth Tokens updated.";
} else {
$msg .= "OAuth Tokens NOT updated.";
}
} else {
if ($owner_instance_dao->insert($owner->id, $i->id, $tok['oauth_token'], $tok['oauth_token_secret'])) {
$msg .= "Added owner instance.<br />";
} else {
$msg .= "PROBLEM Did not add owner instance.<br />";
}
}
} else {
$msg .= "Instance does not exist.<br />";
$instance_dao->insert($twitter_id, $tu);
$msg .= "Created instance.<br />";
$i = $instance_dao->getByUsername($tu);
if ($owner_instance_dao->insert($owner->id, $i->id, $tok['oauth_token'], $tok['oauth_token_secret'])) {
$msg .= "Created an owner instance.<br />";
} else {
$msg .= "Did NOT create an owner instance.<br />";
}
}
}
} else {
$msg = "PROBLEM! Twitter authorization did not complete successfully. Check if your account already " . " exists. If not, please try again.";
}
$this->view_mgr->clear_all_cache();
$config = Config::getInstance();
$msg .= '<br /><br /><a href="' . $config->getValue('site_root_path') . 'account/index.php?p=twitter" class="tt-button ui-state-default tt-button-icon-left ui-corner-all"><span
class="ui-icon ui-icon-circle-arrow-e"></span>Back to your account</a>';
$this->addInfoMessage($msg);
}
return $this->generateView();
}
/**
* Process actions based on $_GET parameters. Authorize FB user or add FB page.
* @param arr $options Facebook plugin options
* @param Facebook $facebook Facebook object
*/
protected function processPageActions($options, Facebook $facebook)
{
//authorize user
if (isset($_GET["code"]) && isset($_GET["state"])) {
//validate state to avoid CSRF attacks
if ($_GET["state"] == SessionCache::get('facebook_auth_csrf')) {
//Prepare API request
//First, prep redirect URI
$config = Config::getInstance();
$site_root_path = $config->getValue('site_root_path');
$redirect_uri = urlencode(sprintf('%s://%s%s%s', !empty($_SERVER['HTTPS']) ? 'https' : 'http', empty($_SERVER['SERVER_NAME']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'], $site_root_path, 'account/?p=facebook'));
//Build API request URL
$api_req = 'https://graph.facebook.com/oauth/access_token?client_id=' . $options['facebook_app_id']->option_value . '&client_secret=' . $options['facebook_api_secret']->option_value . '&redirect_uri=' . $redirect_uri . '&state=' . SessionCache::get('facebook_auth_csrf') . '&code=' . $_GET["code"];
$access_token_response = FacebookGraphAPIAccessor::rawApiRequest($api_req, false);
parse_str($access_token_response);
if (isset($access_token)) {
$facebook->setAccessToken($access_token);
$fb_user_profile = $facebook->api('/me');
$fb_username = $fb_user_profile['name'];
$fb_user_id = $fb_user_profile['id'];
$this->addSuccessMessage($this->saveAccessToken($fb_user_id, $access_token, $fb_username), 'authorization');
} else {
$error_msg = "Problem authorizing your Facebook account! Please correct your plugin settings.";
$error_object = json_decode($access_token_response);
if (isset($error_object) && isset($error_object->error->type) && isset($error_object->error->message)) {
$error_msg = $error_msg . "<br>Facebook says: \"" . $error_object->error->type . ": " . $error_object->error->message . "\"";
} else {
$error_msg = $error_msg . "<br>Facebook's response: \"" . $access_token_response . "\"";
}
$this->addErrorMessage($error_msg, 'authorization');
}
} else {
$this->addErrorMessage("Could not authenticate Facebook account due to invalid CSRF token.", 'authorization');
}
}
//insert pages
if (isset($_GET["action"]) && $_GET["action"] == "add page" && isset($_GET["facebook_page_id"]) && isset($_GET["viewer_id"]) && isset($_GET["owner_id"]) && isset($_GET["instance_id"])) {
//get access token
$oid = DAOFactory::getDAO('OwnerInstanceDAO');
$tokens = $oid->getOAuthTokens($_GET["instance_id"]);
$access_token = $tokens['oauth_access_token'];
$page_data = FacebookGraphAPIAccessor::apiRequest('/' . $_GET["facebook_page_id"], $access_token);
self::insertPage($page_data->id, $_GET["viewer_id"], $_GET["instance_id"], $page_data->name, $page_data->picture);
}
}
/**
* Gets option data from session using namespace as a key
* @param $namespace
* @retrun $array Hash of option data
*/
public function getSessionData($namespace)
{
$key = 'options_data:' . $namespace;
if (SessionCache::isKeySet($key)) {
return SessionCache::get($key);
} else {
return null;
}
}
/**
* Process actions based on $_GET parameters. Authorize FB user or add FB page.
* @param arr $options Facebook plugin options
*/
protected function processPageActions($options)
{
//authorize user
if (isset($_GET["code"]) && isset($_GET["state"])) {
//validate state to avoid CSRF attacks
if ($_GET["state"] == SessionCache::get('facebook_auth_csrf')) {
//Prepare API request
//First, prep redirect URI
$redirect_uri = Utils::getApplicationURL() . 'account/?p=facebook';
//Build API request URL
$api_req = 'oauth/access_token';
$api_req_params = array('client_id' => $options['facebook_app_id']->option_value, 'client_secret' => $options['facebook_api_secret']->option_value, 'redirect_uri' => $redirect_uri, 'state' => SessionCache::get('facebook_auth_csrf'), 'code' => $_GET["code"]);
$access_token_response = FacebookGraphAPIAccessor::apiRequest($api_req, null, $api_req_params, null);
//DEBUG
// Logger::getInstance()->logInfo("Access token response: "
// .Utils::varDumpToString($access_token_response), __METHOD__.','.__LINE__);
if (isset($access_token_response->error)) {
$this->addErrorMessage("There was a problem. Facebook says: " . $access_token_response->error->message . " Please try again.", 'user_add');
$logger->logInfo("Added error message ", __METHOD__ . ',' . __LINE__);
return;
}
$access_token = $access_token_response->access_token;
if (isset($access_token)) {
/**
* Swap in short-term token for long-lived token as per
* https://developers.facebook.com/docs/facebook-login/access-tokens/#extending
*/
$api_req = 'oauth/access_token';
$api_req_params = array('grant_type' => 'fb_exchange_token', 'client_id' => $options['facebook_app_id']->option_value, 'client_secret' => $options['facebook_api_secret']->option_value, 'fb_exchange_token' => $access_token);
$access_token_response = FacebookGraphAPIAccessor::apiRequest($api_req, null, $api_req_params);
// DEBUG
// Logger::getInstance()->logInfo("Exchanged access token response: "
// .Utils::varDumpToString($access_token_response), __METHOD__.','.__LINE__);
$access_token = $access_token_response->access_token;
$fb_user_profile = FacebookGraphAPIAccessor::apiRequest('me', $access_token, 'name,id');
//DEBUG
// Logger::getInstance()->logInfo("FB user profile: ".Utils::varDumpToString($fb_user_profile),
// __METHOD__.','.__LINE__);
if (isset($fb_user_profile->error)) {
$error_msg = "Problem authorizing your Facebook account!";
$error_object = $access_token_response;
if (isset($error_object) && isset($error_object->error->type) && isset($error_object->error->message)) {
$error_msg = $error_msg . "<br>Facebook says: \"" . $error_object->error->type . ": " . $error_object->error->message . "\"";
} else {
$error_msg = $error_msg . "<br>Facebook's response: \"" . $access_token_response . "\"";
}
$this->addErrorMessage($error_msg, 'user_add', true);
} else {
$fb_username = isset($fb_user_profile->name) ? $fb_user_profile->name : '';
$fb_user_id = isset($fb_user_profile->id) ? $fb_user_profile->id : '';
if (empty($fb_username)) {
$error = 'Sorry, ThinkUp does not support business accounts.';
$this->addErrorMessage($error, 'user_add');
} else {
$this->saveAccessToken($fb_user_id, $access_token, $fb_username);
}
}
} else {
$error_msg = "Problem authorizing your Facebook account! Please correct your plugin settings.";
$error_object = $access_token_response;
if (isset($error_object) && isset($error_object->error->type) && isset($error_object->error->message)) {
$error_msg = $error_msg . "<br>Facebook says: \"" . $error_object->error->type . ": " . $error_object->error->message . "\"";
} else {
$error_msg = $error_msg . "<br>Facebook's response: \"" . $access_token_response . "\"";
}
$this->addErrorMessage($error_msg, 'user_add', true);
}
} else {
$this->addErrorMessage("Could not authenticate Facebook account due to invalid CSRF token.", 'user_add');
}
}
}
/**
* Sets/deletes in the session to let us know we needed to run the Snowflake migration.
* @param bool $delete Delete the session if true
* @param mixed $value Session value, defaults to false
* @return mixed Boolean true if successful, else contents of session key
*/
public function setSnowflakeSession($value = false, $delete = false)
{
$key = 'runnig_snowflake_uprade';
if ($delete) {
if (SessionCache::isKeySet($key)) {
SessionCache::unsetKey($key);
return true;
}
} else {
if ($value) {
SessionCache::put($key, $value);
return true;
} else {
if (SessionCache::isKeySet($key)) {
return SessionCache::get($key);
} else {
return false;
}
}
}
return false;
}
/**
* Constructs ThinkUpController
*
* Adds email address of currently logged in ThinkUp user, '' if not logged in, to view
* {$logged_in_user}
* @return ThinkUpController
*/
public function __construct($session_started = false)
{
if (!$session_started) {
session_start();
}
try {
$config = Config::getInstance();
$this->profiler_enabled = Profiler::isEnabled();
if ($this->profiler_enabled) {
$this->start_time = microtime(true);
}
$this->view_mgr = new SmartyThinkUp();
if ($this->isLoggedIn()) {
$this->addToView('logged_in_user', $this->getLoggedInUser());
}
if ($this->isAdmin()) {
$this->addToView('user_is_admin', true);
}
$THINKUP_VERSION = $config->getValue('THINKUP_VERSION');
$this->addToView('thinkup_version', $THINKUP_VERSION);
if (SessionCache::isKeySet('selected_instance_network') && SessionCache::isKeySet('selected_instance_username')) {
$this->addToView('selected_instance_network', SessionCache::get('selected_instance_network'));
$this->addToView('selected_instance_username', SessionCache::get('selected_instance_username'));
$this->addToView('logo_link', '?u=' . urlencode(SessionCache::get('selected_instance_username')) . '&n=' . urlencode(SessionCache::get('selected_instance_network')));
}
} catch (Exception $e) {
Utils::defineConstants();
$cfg_array = array('site_root_path' => THINKUP_BASE_URL, 'source_root_path' => THINKUP_ROOT_PATH, 'debug' => false, 'app_title' => "ThinkUp", 'cache_pages' => false);
$this->view_mgr = new SmartyThinkUp($cfg_array);
}
}
