public static function process($action = 'list', $id = null, $filters = array())
{
$groups = Model\Icon::groups();
$errors = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// instancia
$icon = new Model\Icon(array('id' => $_POST['id'], 'name' => $_POST['name'], 'description' => $_POST['description'], 'order' => $_POST['order'], 'group' => empty($_POST['group']) ? null : $_POST['group']));
if ($icon->save($errors)) {
switch ($_POST['action']) {
case 'add':
Message::Info(Text::get('admin-icons-info-add'));
break;
case 'edit':
Message::Info(Text::get('admin-icons-info-edit'));
// Evento Feed
$log = new Feed();
$log->populate('modificacion de tipo de retorno/recompensa (admin)', '/admin/icons', \vsprintf("El admin %s ha %s el tipo de retorno/recompensa %s", array(Feed::item('user', $_SESSION['user']->name, $_SESSION['user']->id), Feed::item('relevant', 'Modificado'), Feed::item('project', $icon->name))));
$log->doAdmin('admin');
unset($log);
break;
}
} else {
Message::Error(implode('<br />', $errors));
return new View('view/admin/index.html.php', array('folder' => 'icons', 'file' => 'edit', 'action' => $_POST['action'], 'icon' => $icon, 'groups' => $groups));
}
}
switch ($action) {
case 'edit':
$icon = Model\Icon::get($id);
return new View('view/admin/index.html.php', array('folder' => 'icons', 'file' => 'edit', 'action' => 'edit', 'icon' => $icon, 'groups' => $groups));
break;
}
$icons = Model\Icon::getAll($filters['group']);
return new View('view/admin/index.html.php', array('folder' => 'icons', 'file' => 'list', 'icons' => $icons, 'groups' => $groups, 'filters' => $filters));
}
public static function process($action = 'list', $id = null, $filters = array())
{
$errors = array();
// valores de filtro
$groups = Template::groups();
switch ($action) {
case 'edit':
// si estamos editando una plantilla
$template = Template::get($id);
// si llega post, vamos a guardar los cambios
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$template->title = $_POST['title'];
$template->text = $_POST['text'];
if ($template->save($errors)) {
//Message::Info(Text::_('La plantilla se ha actualizado correctamente'));
throw new Redirection("/admin/templates");
} else {
Message::Error(Text::get('admin-templates-error-record-fail') . implode('<br />', $errors));
}
}
// sino, mostramos para editar
return new View('view/admin/index.html.php', array('folder' => 'templates', 'file' => 'edit', 'template' => $template));
break;
case 'list':
// si estamos en la lista de páginas
$templates = Template::getAll($filters);
return new View('view/admin/index.html.php', array('folder' => 'templates', 'file' => 'list', 'templates' => $templates, 'groups' => $groups, 'filters' => $filters));
break;
}
}
public static function process($action = 'list', $id = null)
{
$errors = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $action == 'edit') {
// instancia
$data = array('id' => $_POST['id'], 'name' => $_POST['name'], 'amount' => $_POST['amount']);
if (WorthLib::save($data, $errors)) {
$action = 'list';
Message::Info(Text::get('admin-worth-info-modified'));
// Evento Feed
$log = new Feed();
$log->populate(Text::get('admin-worth-info-modified'), '/admin/worth', \vsprintf("El admin %s ha %s el nivel de meritocrácia %s", array(Feed::item('user', $_SESSION['user']->name, $_SESSION['user']->id), Feed::item('relevant', 'Modificado'), Feed::item('project', $icon->name))));
$log->doAdmin('admin');
unset($log);
} else {
Message::Error(Text::get('admin-worth-error-save-fail') . implode('<br />', $errors));
return new View('view/admin/index.html.php', array('folder' => 'worth', 'file' => 'edit', 'action' => 'edit', 'worth' => (object) $data));
}
}
switch ($action) {
case 'edit':
$worth = WorthLib::getAdmin($id);
return new View('view/admin/index.html.php', array('folder' => 'worth', 'file' => 'edit', 'action' => 'edit', 'worth' => $worth));
break;
}
$worthcracy = WorthLib::getAll();
return new View('view/admin/index.html.php', array('folder' => 'worth', 'file' => 'list', 'worthcracy' => $worthcracy));
}
public static function process($action = 'list', $id = null, $filters = array(), $type = 'main')
{
//@NODESYS
$node = \GOTEO_NODE;
$type = 'main';
$errors = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// instancia
$item = new Model\Home(array('item' => $_POST['item'], 'type' => $_POST['type'], 'node' => $node, 'order' => $_POST['order'], 'move' => 'down'));
if ($item->save($errors)) {
} else {
Message::Error(implode('<br />', $errors));
}
}
switch ($action) {
case 'remove':
Model\Home::delete($id, $node, $type);
throw new Redirection('/admin/home');
break;
case 'up':
Model\Home::up($id, $node, $type);
throw new Redirection('/admin/home');
break;
case 'down':
Model\Home::down($id, $node, $type);
throw new Redirection('/admin/home');
break;
case 'add':
$next = Model\Home::next($node, 'main');
$availables = Model\Home::available($node);
if (empty($availables)) {
Message::Info(Text::get('admin-home-info-frontpage_feature'));
throw new Redirection('/admin/home');
break;
}
return new View('view/admin/index.html.php', array('folder' => 'home', 'file' => 'add', 'action' => 'add', 'home' => (object) array('node' => $node, 'order' => $next, 'type' => 'main'), 'availables' => $availables));
break;
case 'addside':
$next = Model\Home::next($node, 'side');
$availables = Model\Home::availableSide($node);
if (empty($availables)) {
Message::Info(Text::get('admin-home-info-frontpage_feature_get'));
throw new Redirection('/admin/home');
break;
}
return new View('view/admin/index.html.php', array('folder' => 'home', 'file' => 'add', 'action' => 'add', 'home' => (object) array('node' => $node, 'order' => $next, 'type' => 'side'), 'availables' => $availables));
break;
}
$viewData = array('folder' => 'home', 'file' => 'list');
$viewData['items'] = Model\Home::getAll($node);
/* Para añadir nuevos desde la lista */
$viewData['availables'] = Model\Home::available($node);
$viewData['new'] = (object) array('node' => $node, 'order' => Model\Home::next($node, 'main'), 'type' => 'main');
// laterales
$viewData['side_items'] = Model\Home::getAllSide($node);
$viewData['side_availables'] = Model\Home::availableSide($node);
$viewData['side_new'] = (object) array('node' => $node, 'order' => Model\Home::next($node, 'side'), 'type' => 'side');
return new View('view/admin/index.html.php', $viewData);
}
/**
* Kicks the selected user out of the system instantly by resetting the user's session.
* This means, the user will be "logged out".
*
* @param $userId
* @return bool
*/
private static function resetUserSession($userId)
{
$database = DatabaseFactory::getFactory()->getConnection();
$query = $database->prepare("UPDATE users SET session_id = :session_id WHERE user_id = :user_id LIMIT 1");
$query->execute(array(':session_id' => null, ':user_id' => $userId));
if ($query->rowCount() == 1) {
Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_USER_SUCCESSFULLY_KICKED'));
return true;
}
}
/**
* @function setRequestDetails
* @public
* @static
* @returns NONE
* @desc
* @param {string} foo Use the 'foo' param for bar.
* @example NONE
*/
public static function setRequestDetails($recordID, $tableNo, $subj, $subSubj, $tutName)
{
$database = DatabaseFactory::getFactory()->getConnection();
// to do = update according to the settings needed given func's params/args.
$query = $database->prepare("UPDATE users SET user_deleted = :user_deleted WHERE user_id = :user_id LIMIT 1");
$query->execute(array(':user_deleted' => $delete, ':user_id' => $userId));
// to do = determine if needed below if-statement
if ($query->rowCount() == 1) {
Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_SUSPENSION_DELETION_STATUS'));
return true;
}
}
public static function process($action = 'list', $id = null, $filters = array())
{
// agrupaciones de mas a menos abertas
$groups = Model\License::groups();
// tipos de retorno para asociar
$icons = Model\Icon::getAll('social');
$errors = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// objeto
$license = new Model\License(array('id' => $_POST['id'], 'name' => $_POST['name'], 'description' => $_POST['description'], 'url' => $_POST['url'], 'group' => $_POST['group'], 'order' => $_POST['order'], 'icons' => $_POST['icons']));
if ($license->save($errors)) {
switch ($_POST['action']) {
case 'add':
Message::Info(Text::get('admin-licenses-info-add'));
break;
case 'edit':
Message::Info(Text::get('admin-licenses-info-edit'));
// Evento Feed
$log = new Feed();
$log->populate('modificacion de licencia (admin)', '/admin/licenses', \vsprintf("El admin %s ha %s la licencia %s", array(Feed::item('user', $_SESSION['user']->name, $_SESSION['user']->id), Feed::item('relevant', 'Modificado'), Feed::item('project', $license->name))));
$log->doAdmin('admin');
unset($log);
break;
}
} else {
Message::Error(implode('<br />', $errors));
return new View('view/admin/index.html.php', array('folder' => 'licenses', 'file' => 'edit', 'action' => $_POST['action'], 'license' => $license, 'icons' => $icons, 'groups' => $groups));
}
}
switch ($action) {
case 'up':
Model\License::up($id);
break;
case 'down':
Model\License::down($id);
break;
case 'add':
$next = Model\License::next();
return new View('view/admin/index.html.php', array('folder' => 'licenses', 'file' => 'edit', 'action' => 'add', 'license' => (object) array('order' => $next, 'icons' => array()), 'icons' => $icons, 'groups' => $groups));
break;
case 'edit':
$license = Model\License::get($id);
return new View('view/admin/index.html.php', array('folder' => 'licenses', 'file' => 'edit', 'action' => 'edit', 'license' => $license, 'icons' => $icons, 'groups' => $groups));
break;
case 'remove':
// Model\License::delete($id);
break;
}
$licenses = Model\License::getAll($filters['icon'], $filters['group']);
return new View('view/admin/index.html.php', array('folder' => 'licenses', 'file' => 'list', 'licenses' => $licenses, 'filters' => $filters, 'groups' => $groups, 'icons' => $icons));
}
/**
* Upgrades / downgrades the user's account. Currently it's just the field user_account_type in the database that
* can be 1 or 2 (maybe "basic" or "premium"). Put some more complex stuff in here, maybe a pay-process or whatever
* you like.
*
* @param $type
*
* @return bool
*/
public static function changeUserRole($type)
{
if (!$type) {
return false;
}
// save new role to database
if (self::saveRoleToDatabase($type)) {
Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_TYPE_CHANGE_SUCCESSFUL'));
return true;
} else {
Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_TYPE_CHANGE_FAILED'));
return false;
}
}
public static function process($action = 'list', $id = null, $filters = array())
{
$sections = Model\Faq::sections();
if (!isset($sections[$filters['section']])) {
unset($filters['section']);
}
$errors = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// instancia
$faq = new Model\Faq(array('id' => $_POST['id'], 'node' => \GOTEO_NODE, 'section' => $_POST['section'], 'title' => $_POST['title'], 'description' => $_POST['description'], 'order' => $_POST['order'], 'move' => $_POST['move']));
if ($faq->save($errors)) {
switch ($_POST['action']) {
case 'add':
Message::Info(Text::get('faq-info-add-question'));
break;
case 'edit':
Message::Info(Text::get('faq-info-edit-question'));
break;
}
} else {
Message::Error(implode('<br />', $errors));
return new View('view/admin/index.html.php', array('folder' => 'faq', 'file' => 'edit', 'action' => $_POST['action'], 'faq' => $faq, 'filter' => $filter, 'sections' => $sections));
}
}
switch ($action) {
case 'up':
Model\Faq::up($id);
throw new Redirection('/admin/faq');
break;
case 'down':
Model\Faq::down($id);
throw new Redirection('/admin/faq');
break;
case 'add':
$next = Model\Faq::next($filters['section']);
return new View('view/admin/index.html.php', array('folder' => 'faq', 'file' => 'edit', 'action' => 'add', 'faq' => (object) array('section' => $filters['section'], 'order' => $next, 'cuantos' => $next), 'sections' => $sections));
break;
case 'edit':
$faq = Model\Faq::get($id);
$cuantos = Model\Faq::next($faq->section);
$faq->cuantos = $cuantos - 1;
return new View('view/admin/index.html.php', array('folder' => 'faq', 'file' => 'edit', 'action' => 'edit', 'faq' => $faq, 'sections' => $sections));
break;
case 'remove':
Model\Faq::delete($id);
break;
}
$faqs = Model\Faq::getAll($filters['section']);
return new View('view/admin/index.html.php', array('folder' => 'faq', 'file' => 'list', 'faqs' => $faqs, 'sections' => $sections, 'filters' => $filters));
}
/**
* Delete a specific note
* @param int $note_id id of the note
* @return bool feedback (was the note deleted properly ?)
*/
public static function deleteNote($note_id)
{
if (!$note_id) {
return false;
}
$note = NoteQuery::create()->findPK($note_id);
$note->delete();
if ($note) {
return true;
}
// default return
Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_DELETION_FAILED'));
return false;
}
/**
* @function getPublicProfileOfUser
* @public
* @static
* @returns {array} A single user profile.
* @desc Gets a user's profile data, according to the given $user_id.
* @param {integer} $user_id The user's id.
* @example NONE
*/
public static function getPublicProfileOfUser($user_id)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT user_id, user_name, user_email, user_active, user_deleted FROM users WHERE user_id = :user_id LIMIT 1";
$query = $database->prepare($sql);
$query->execute(array(':user_id' => $user_id));
$user = $query->fetch();
if ($query->rowCount() != 1) {
Session::add('feedback_negative', Text::get('FEEDBACK_USER_DOES_NOT_EXIST'));
}
// all elements of array passed to Filter::XSSFilter for XSS sanitation, have a look into
// application/core/Filter.php for more info on how to use. Removes (possibly bad) JavaScript etc from
// the user's values
array_walk_recursive($user, 'Filter::XSSFilter');
return $user;
}
/**
* @function setAccountDeletionStatus
* @public
* @static
* @returns NONE
* @desc
* @param {string} foo Use the 'foo' param for bar.
* @example NONE
*/
public static function setAccountDeletionStatus($softDelete, $userId)
{
$database = DatabaseFactory::getFactory()->getConnection();
// FYI "on" is what a checkbox delivers by default when submitted.
if ($softDelete == "on") {
$delete = 1;
} else {
$delete = 0;
}
$query = $database->prepare("UPDATE users SET user_deleted = :user_deleted WHERE user_id = :user_id LIMIT 1");
$query->execute(array(':user_deleted' => $delete, ':user_id' => $userId));
if ($query->rowCount() == 1) {
Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_SUSPENSION_DELETION_STATUS'));
return true;
}
}
/**
* @param $suspensionInDays
* @param $softDelete
* @param $userId
* @return bool
*/
public static function setAccountSuspensionAndDeletionStatus($suspensionInDays, $softDelete, $userId)
{
if ($suspensionInDays > 0) {
$suspensionTime = time() + $suspensionInDays * 60 * 60 * 24;
} else {
$suspensionTime = null;
}
// FYI "on" is what a checkbox delivers by default when submitted. Didn't know that for a long time :)
$delete = $softDelete == "on" ? 1 : 0;
$user = UserQuery::create()->findPk($userId);
$user->setUserSuspensionTimestamp($suspensionTime);
$user->setUserDeleted($delete);
$user->save();
if ($user) {
Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_SUSPENSION_DELETION_STATUS'));
return true;
}
return true;
}
public static function setAccountSuspensionAndDeletionStatus($suspensionInDays, $softDelete, $userId)
{
$database = DatabaseFactory::getFactory()->getConnection();
if ($suspensionInDays > 0) {
$suspensionTime = time() + $suspensionInDays * 60 * 60 * 24;
} else {
$suspensionTime = null;
}
// FYI "on" is what a checkbox delivers by default when submitted. Didn't know that for a long time :)
if ($softDelete == "on") {
$delete = 1;
} else {
$delete = 0;
}
$query = $database->prepare("UPDATE users SET user_suspension_timestamp = :user_suspension_timestamp, user_deleted = :user_deleted WHERE user_id = :user_id LIMIT 1");
$query->execute(array(':user_suspension_timestamp' => $suspensionTime, ':user_deleted' => $delete, ':user_id' => $userId));
if ($query->rowCount() == 1) {
Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_SUSPENSION_DELETION_STATUS'));
return true;
}
}
/**
* Validate the user against the DB, or increment the "failed-login-count" to prevent
* bruteforce password/user attacks
* @param string $userName
* @param string $userPassword
* @return mixed
*/
private static function validateUser(string $userName, string $userPassword)
{
if (Session::get('failed-login-count') >= 3 && Session::get('last-failed-login') > time() - 30) {
Session::push('feedback_negative', Text::get("LOGIN_FAILED_ATTEMPTS"));
return false;
}
$result = UserModel::getUserByName($userName);
if (!$result) {
self::incrementUserFailedLoginCount();
Session::push("feedback-negative", Text::get("USERNAME_OR_PASSWORD_WRONG"));
return false;
}
if ($result->user_failed_logins >= 3 && $result->user_last_failed_login > time() - 30) {
Session::push('feedback_negative', Text::get('PASSWORD_WRONG_ATTEMPTS'));
return false;
}
if (!password_verify($userPassword, $result->user_password_hash)) {
self::incrementUserFailedLoginCountInDb($result->user_name);
Session::push('feedback_negative', Text::get('USERNAME_OR_PASSWORD_WRONG'));
return false;
}
self::resetUserFailedLoginCount();
return $result;
}
/**
* Writes the new user's data to the database
*
* @param $user_name
* @param $user_password_hash
* @param $user_email
* @param $user_creation_timestamp
* @param $user_activation_hash
*
* @return bool
*/
public static function writeNewEmployeeToDatabase($user_id, $user_name, $user_password_hash, $user_email, $user_activation_hash, $name, $user_surname1, $user_surname2, $user_address, $user_city, $user_province, $user_NIF, $user_phone, $user_contract_date)
{
$database = DatabaseFactory::getFactory()->getConnection();
// write new users data into database
$sql = "UPDATE users\n SET user_name = :user_name, user_password_hash = :user_password_hash, user_email = :user_email,\n user_activation_hash = :user_activation_hash,\n user_provider_type = :user_provider_type, name = :name, user_surname1 = :user_surname1,\n user_surname2 = :user_surname2, user_address = :user_address, user_city = :user_city, user_province = :user_province,\n user_NIF = :user_NIF, user_phone = :user_phone, user_contract_date = :user_contract_date\n WHERE user_id = :user_id LIMIT 1";
$query = $database->prepare($sql);
$query->execute(array(':user_name' => $user_name, ':user_password_hash' => $user_password_hash, ':user_email' => $user_email, ':user_activation_hash' => $user_activation_hash, ':user_provider_type' => 'DEFAULT', ':name' => $name, ':user_surname1' => $user_surname1, ':user_surname2' => $user_surname2, ':user_address' => $user_address, ':user_city' => $user_city, ':user_province' => $user_province, ':user_NIF' => $user_NIF, ':user_phone' => $user_phone, ':user_contract_date' => $user_contract_date, ':user_id' => $user_id));
$count = $query->rowCount();
if ($count == 1) {
return true;
}
Session::add('feedback_negative', Text::get('FEEDBACK_EMPLOYEE_EDITING_FAILED'));
return false;
}
/**
* @function
* @public
* @static
* @returns NONE
* @desc
* @param {string} foo Use the 'foo' param for bar.
* @example NONE
*/
public static function verifyNewUser($user_id, $user_activation_verification_code)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "UPDATE users SET user_active = 1, user_activation_hash = NULL\n WHERE user_id = :user_id AND user_activation_hash = :user_activation_hash LIMIT 1";
$query = $database->prepare($sql);
$query->execute(array(':user_id' => $user_id, ':user_activation_hash' => $user_activation_verification_code));
if ($query->rowCount() == 1) {
Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_ACTIVATION_SUCCESSFUL'));
return true;
}
Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_ACTIVATION_FAILED'));
return false;
}
/**
* Validate the password submission
*
* @param $user_name
* @param $user_password_reset_hash
* @param $user_password_new
* @param $user_password_repeat
*
* @return bool
*/
public static function validateNewPassword($user_name, $user_password_reset_hash, $user_password_new, $user_password_repeat)
{
if (empty($user_name)) {
Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_FIELD_EMPTY'));
return false;
} else {
if (empty($user_password_reset_hash)) {
Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_RESET_TOKEN_MISSING'));
return false;
} else {
if (empty($user_password_new) || empty($user_password_repeat)) {
Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_FIELD_EMPTY'));
return false;
} else {
if ($user_password_new !== $user_password_repeat) {
Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_REPEAT_WRONG'));
return false;
} else {
if (strlen($user_password_new) < 6) {
Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_TOO_SHORT'));
return false;
}
}
}
}
}
return true;
}
/**
* Edit the user's email
*
* @param $new_user_email
*
* @return bool success status
*/
public static function editUserEmail($new_user_email)
{
// email provided ?
if (empty($new_user_email)) {
Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_FIELD_EMPTY'));
return false;
}
// check if new email is same like the old one
if ($new_user_email == Session::get('user_email')) {
Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_SAME_AS_OLD_ONE'));
return false;
}
// user's email must be in valid email format, also checks the length
// @see http://stackoverflow.com/questions/21631366/php-filter-validate-email-max-length
// @see http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a-valid-email-address
if (!filter_var($new_user_email, FILTER_VALIDATE_EMAIL)) {
Session::add('feedback_negative', Text::get('FEEDBACK_EMAIL_DOES_NOT_FIT_PATTERN'));
return false;
}
// strip tags, just to be sure
$new_user_email = substr(strip_tags($new_user_email), 0, 254);
// check if user's email already exists
if (UserModel::doesEmailAlreadyExist($new_user_email)) {
Session::add('feedback_negative', Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN'));
return false;
}
// write to database, if successful ...
// ... then write new email to session, Gravatar too (as this relies to the user's email address)
if (UserModel::saveNewEmailAddress(Session::get('user_id'), $new_user_email)) {
Session::set('user_email', $new_user_email);
Session::set('user_gravatar_image_url', AvatarModel::getGravatarLinkByEmail($new_user_email));
Session::add('feedback_positive', Text::get('FEEDBACK_EMAIL_CHANGE_SUCCESSFUL'));
return true;
}
Session::add('feedback_negative', Text::get('FEEDBACK_UNKNOWN_ERROR'));
return false;
}
/**
* checks the email/verification code combination and set the user's activation status to true in the database
*
* @param int $user_id user id
* @param string $user_activation_verification_code verification token
*
* @return bool success status
*/
public static function verifyNewUser($user_id, $user_activation_verification_code)
{
$user = UserQuery::create()->findPk($user_id);
$user->setUserActive(1);
$user->setUserActivationHash('NULL');
if ($user) {
Session::add('feedback_positive', Text::get('FEEDBACK_ACCOUNT_ACTIVATION_SUCCESSFUL'));
return true;
}
Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_ACTIVATION_FAILED'));
return false;
}
/**
* Removes the photoMaterial image file from the filesystem
*
* @param integer $material_id
* @return bool
*/
public static function deletePhotoMaterialImageFile($material_id)
{
// Check if file exists
if (!file_exists(Config::get('PATH_MATERIALS') . $material_id . ".jpg")) {
Session::add("feedback_negative", Text::get("FEEDBACK_PHOTOMATERIAL_IMAGE_DELETE_NO_FILE"));
return false;
}
// Delete photoMaterial file
if (!unlink(Config::get('PATH_MATERIALS') . $material_id . ".jpg")) {
Session::add("feedback_negative", Text::get("FEEDBACK_PHOTOMATERIAL_IMAGE_DELETE_FAILED"));
return false;
}
return true;
}
/**
* performs the login via cookie (for DEFAULT user account, FACEBOOK-accounts are handled differently)
* TODO add throttling here ?
*
* @param $cookie string The cookie "remember_me"
*
* @return bool success state
*/
public static function loginWithCookie($cookie)
{
if (!$cookie) {
Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID'));
return false;
}
// check cookie's contents, check if cookie contents belong together or token is empty
list($user_id, $token, $hash) = explode(':', $cookie);
if ($hash !== hash('sha256', $user_id . ':' . $token) or empty($token)) {
Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID'));
return false;
}
// get data of user that has this id and this token
$result = UserModel::getUserDataByUserIdAndToken($user_id, $token);
if ($result) {
// successfully logged in, so we write all necessary data into the session and set "user_logged_in" to true
self::setSuccessfulLoginIntoSession($result->user_id, $result->user_name, $result->user_email, $result->user_account_type);
// save timestamp of this login in the database line of that user
self::saveTimestampOfLoginOfUser($result->user_name);
Session::add('feedback_positive', Text::get('FEEDBACK_COOKIE_LOGIN_SUCCESSFUL'));
return true;
} else {
Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID'));
return false;
}
}
function build_autos($items, $data, $user)
{
foreach ($items as $index => &$item) {
if (isset($item['auto'])) {
if (isset($data['urls'][$item['auto']])) {
$item['path'] = $data['urls'][$item['auto']];
} else {
if ($item['auto'] === 'set') {
$item['path'] = '';
}
}
if ($item['auto'] === 'profile') {
switch ($item['id']) {
case 'twitter':
$item['path'] = 'https://twitter.com/' . $user->twitter;
break;
default:
$item['path'] = $user->{$item['id']};
if (empty($item['path'])) {
unset($items[$index]);
continue;
}
break;
}
if (!isset($item['label']) || empty($item['label'])) {
$item['label'] = ucwords($item['id']) . ($item['id'] === 'google' ? '+' : '');
}
} else {
if ($item['auto'] === 'rss') {
$item['path'] = '/feed/' . $item['id'] . ($item['id'] === 'essay' ? 's' : '') . '/recent.rss';
if (!isset($item['label'])) {
$item['label'] = $data['url_data'][$item['id']]['plural'] . ' RSS';
}
} else {
if (preg_match('/s$/', $item['auto']) || $item['auto'] === 'timeline') {
if ($item['auto'] === 'timeline' && isset($item['year'])) {
$item['path'] .= $item['year'] . '/';
if (isset($item['month']) && $item['month'] !== false && $item['month'] !== 'any') {
$m = str_pad($item['month'], 2, '0', STR_PAD_LEFT);
$item['path'] .= $m . '/';
}
}
if (strpos($item['auto'], '_') !== false) {
foreach (array('id', 'slug', 'month', 'year', 'day') as $id) {
if ($id === 'month') {
if (!isset($item['month']) || $item['month'] === 'any' || $item['month'] === false) {
$item['month'] = '';
} else {
$item['month'] = str_pad($item['month'], 2, '0', STR_PAD_LEFT);
}
}
if ($id === 'day' && !isset($item['day'])) {
$item['day'] = '';
}
if ($id === 'slug' && !isset($item['slug']) && isset($item['id'])) {
if (strpos($item['auto'], 'tag_') === 0) {
$item['slug'] = $item['id'];
} else {
$c = new Category();
if (is_numeric($item['id'])) {
$c->select('slug')->get_by_id($item['id']);
$item['slug'] = $c->slug;
} else {
$item['slug'] = $item['id'];
}
}
}
if (isset($item[$id])) {
$item['path'] = str_replace(":{$id}", $item[$id], $item['path']);
}
}
} else {
if (!isset($item['label'])) {
$item['label'] = $data['url_data'][$item['auto'] === 'categories' ? 'category' : rtrim($item['auto'], 's')]['plural'];
}
}
} else {
if ($item['auto'] === 'home') {
if (!isset($item['label'])) {
$item['label'] = $data['url_data']['home'];
}
$item['path'] = '/home/';
} else {
if ($item['auto'] === 'album' || $item['auto'] === 'set') {
$a = new Album();
$a->select('id,slug,created_on,title');
if (is_numeric($item['id'])) {
$a->where('id', $item['id']);
} else {
$a->where('slug', $item['id'])->or_where('internal_id', $item['id']);
}
$a->get();
if (!$a->exists()) {
unset($items[$index]);
continue;
}
$item['path'] = str_replace(':id', $a->id, $item['path']);
$item['path'] = str_replace(':slug', $a->slug, $item['path']);
$item['path'] = str_replace(':year', date('Y', $a->created_on), $item['path']);
$item['path'] = str_replace(':month', date('m', $a->created_on), $item['path']);
$item['path'] = str_replace(':day', date('d', $a->created_on), $item['path']);
if (!isset($item['label'])) {
$item['label'] = $a->title;
}
} else {
if ($item['auto'] === 'page' || $item['auto'] === 'essay') {
$t = new Text();
$t->select('id,slug,published_on,title');
if (is_numeric($item['id'])) {
$t->where('id', $item['id']);
} else {
$t->where('slug', $item['id']);
}
$t->get();
if (!$t->exists()) {
unset($items[$index]);
continue;
}
$item['path'] = str_replace(':id', $t->id, $item['path']);
$item['path'] = str_replace(':slug', $t->slug, $item['path']);
$item['path'] = str_replace(':year', date('Y', $t->published_on), $item['path']);
$item['path'] = str_replace(':month', date('m', $t->published_on), $item['path']);
$item['path'] = str_replace(':day', date('d', $t->published_on), $item['path']);
if (!isset($item['label'])) {
$item['label'] = $t->title;
}
} else {
if ($item['auto'] === 'content') {
$c = new Content();
$c->select('id,slug,captured_on,title');
if (isset($item['album_id'])) {
$item['path'] = preg_replace('/:(id|slug)/', ':album_$1', $data['urls']['album']) . substr(str_replace(':year/:month/', '', $data['urls']['content']), 1);
$a = new Album();
$a->select('id,slug,created_on,title');
if (is_numeric($item['album_id'])) {
$a->where('id', $item['album_id']);
} else {
$a->where('slug', $item['album_id'])->or_where('internal_id', $item['album_id']);
}
$a->get();
if (!$a->exists()) {
unset($items[$index]);
continue;
}
$item['path'] = str_replace(':album_id', $a->id, $item['path']);
$item['path'] = str_replace(':album_slug', $a->slug, $item['path']);
$date = $a->created_on;
} else {
$date = $c->captured_on;
}
if (is_numeric($item['id'])) {
$c->where('id', $item['id']);
} else {
$c->where('slug', $item['id'])->or_where('internal_id', $item['id']);
}
$c->get();
if (!$c->exists()) {
unset($items[$index]);
continue;
}
$item['path'] = str_replace(':id', $c->id, $item['path']);
$item['path'] = str_replace(':slug', $c->slug, $item['path']);
$item['path'] = str_replace(':year', date('Y', $date), $item['path']);
$item['path'] = str_replace(':month', date('m', $date), $item['path']);
$item['path'] = str_replace(':day', date('d', $date), $item['path']);
if (!isset($item['label'])) {
$item['label'] = $c->title;
}
if (isset($item['lightbox']) && $item['lightbox']) {
$item['path'] .= 'lightbox/';
}
} else {
if ($item['auto'] === 'tag') {
$item['path'] = str_replace(':slug', $item['id'], $item['path']);
}
}
}
}
}
}
}
}
if ($item['auto'] !== 'profile') {
$item['path'] = str_replace(array(':year', ':month'), '', $item['path']);
$item['path'] = preg_replace('/[\\(\\)\\?\\:]/', '', $item['path']);
$item['path'] = preg_replace('~[/]+~', '/', $item['path']);
}
}
}
return $items;
}
/**
* Validates current and new passwords
*
* @param string $user_name
* @param string $user_password_current
* @param string $user_password_new
* @param string $user_password_repeat
*
* @return bool
*/
public static function validatePasswordChange($user_name, $user_password_current, $user_password_new, $user_password_repeat)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT user_password_hash, user_failed_logins FROM users WHERE user_name = :user_name LIMIT 1;";
$query = $database->prepare($sql);
$query->execute(array(':user_name' => $user_name));
$user = $query->fetch();
if ($query->rowCount() == 1) {
$user_password_hash = $user->user_password_hash;
} else {
Session::add('feedback_negative', Text::get('FEEDBACK_USER_DOES_NOT_EXIST'));
return false;
}
if (!password_verify($user_password_current, $user_password_hash)) {
Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_CURRENT_INCORRECT'));
return false;
} else {
if (empty($user_password_new) || empty($user_password_repeat)) {
Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_FIELD_EMPTY'));
return false;
} else {
if ($user_password_new !== $user_password_repeat) {
Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_REPEAT_WRONG'));
return false;
} else {
if (strlen($user_password_new) < 6) {
Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_TOO_SHORT'));
return false;
} else {
if ($user_password_current == $user_password_new) {
Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_NEW_SAME_AS_CURRENT'));
return false;
}
}
}
}
}
return true;
}
/**
* Removes the avatar image file from the filesystem
*
* @param $userId
* @return bool
*/
public static function deleteAvatarImageFile($userId)
{
// Check if file exists
if (!file_exists(Config::get('PATH_AVATARS') . $userId . ".jpg")) {
Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_NO_FILE"));
return false;
}
// Delete avatar file
if (!unlink(Config::get('PATH_AVATARS') . $userId . ".jpg")) {
Session::add("feedback_negative", Text::get("FEEDBACK_AVATAR_IMAGE_DELETE_FAILED"));
return false;
}
return true;
}
/**
* performs the login via cookie (for DEFAULT user account, FACEBOOK-accounts are handled differently)
* TODO add throttling here ?
*
* @param $cookie string The cookie "remember_me"
*
* @return bool success state
*/
public static function loginWithCookie($cookie)
{
// do we have a cookie ?
if (!$cookie) {
Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID'));
return false;
}
// check cookie's contents, check if cookie contents belong together or token is empty
list($user_id, $token, $hash) = explode(':', $cookie);
if ($hash !== hash('sha256', $user_id . ':' . $token) or empty($token)) {
Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID'));
return false;
}
// get data of user that has this id and this token
$result = UserModel::getUserDataByUserIdAndToken($user_id, $token);
// if user with that id and exactly that cookie token exists in database
if ($result) {
// successfully logged in, so we write all necessary data into the session and set "user_logged_in" to true
self::setSuccessfulLoginIntoSession($result->getUserId(), $result->getUserEmail(), $result->getUserAccountType());
// save timestamp of this login in the database line of that user
self::saveTimestampOfLoginOfUser($result->getUserEmail());
// NOTE: we don't set another remember_me-cookie here as the current cookie should always
// be invalid after a certain amount of time, so the user has to login with username/password
// again from time to time. This is good and safe ! ;)
Session::add('feedback_positive', Text::get('FEEDBACK_COOKIE_LOGIN_SUCCESSFUL'));
return true;
} else {
Session::add('feedback_negative', Text::get('FEEDBACK_COOKIE_INVALID'));
return false;
}
}
static function button_back_to_teacher_view_title($lang_id)
{
$text = new Text("Text appearing while hovering on the back_to_teacher_view button (title)", array(new Translation(Kielet::$ENGLANTI, "Back to the teacher view."), new Translation(Kielet::$SUOMI, "Takaisin opettajan perusnäkymään.")));
return $text->get($lang_id);
}
public function save(&$errors = array())
{
if (!$this->validate($errors)) {
return false;
}
// Primero la imagenImagen
if (is_array($this->image) && !empty($this->image['name'])) {
$image = new Image($this->image);
if ($image->save($errors)) {
$this->image = $image->id;
} else {
\Goteo\Library\Message::Error(Text::get('image-upload-fail') . implode(', ', $errors));
$this->image = '';
}
}
$fields = array('id', 'name', 'url', 'image', 'order');
$set = '';
$values = array();
foreach ($fields as $field) {
if ($set != '') {
$set .= ", ";
}
$set .= "`{$field}` = :{$field} ";
$values[":{$field}"] = $this->{$field};
}
try {
$sql = "REPLACE INTO sponsor SET " . $set;
self::query($sql, $values);
if (empty($this->id)) {
$this->id = self::insertId();
}
Check::reorder($this->id, 'up', 'sponsor');
return true;
} catch (\PDOException $e) {
$errors[] = Text::_("No se ha guardado correctamente. ") . $e->getMessage();
return false;
}
}
/**
* When key does not exist in text data file, should return null
*/
public function testGetWithNonExistingKey()
{
$this->assertEquals(null, Text::get('XXX'));
}
private static function validateConference($confTitle, $venueName)
{
if (empty($confTitle) || empty($venueName)) {
Session::push('feedback_negative', Text::get('CONFERENCE_FIELD_EMPTY'));
return false;
}
// no conference by this title should exist
if (ConferenceModel::getConferenceByTitle($confTitle)) {
Session::push('feedback_negative', Text::get('CONFERENCE_ALREADY_EXISTS'));
return false;
}
if (!VenueModel::venueExists($venueName)) {
if (!VenueModel::createVenueInDb($venueName)) {
Session::push('feedback_negative', Text::get('UNKNOWN_ERROR'));
return false;
}
}
return true;
}