public static function createEmptyFile(WOOOF $wo, $fileName)
{
$fullFilename = $wo->getConfigurationFor('absoluteFilesRepositoryPath') . $wo->randomString(40);
while (file_exists($fullFilename)) {
$fullFilename = $wo->getConfigurationFor('absoluteFilesRepositoryPath') . $wo->randomString(40);
}
$result = touch($fullFilename);
if ($result === FALSE) {
$wo->logError(self::_ECP . "0001 createEmptyFile: External File was not created by the file system.");
return true;
}
$newId = $wo->db->getNewId('__externalFiles');
$result = $wo->db->query('insert into __externalFiles ' . '(id, entryDate, fileName, originalFileName) values ' . '(' . $newId . ', ' . $wo->getCurrentDateTime() . ', ' . $fullFilename . ', ' . $wo->cleanUserInput($fileName) . ')');
if ($result === FALSE) {
return FALSE;
}
}
/**
*
* @param WOOOF $wo
* @param VO_TblUser $obj
* @param bool $fetchBack
* @return false | id
*/
public static function save(WOOOF $wo, VO_TblUser &$obj)
{
$place = __CLASS__ . '::' . __FUNCTION__;
$wo->debug("{$place}: ");
$t1 = new WOOOF_dataBaseTable($wo->db, 'movierama_users');
if (!$t1->constructedOk) {
return false;
}
if (!$wo->hasContent($obj->userId)) {
$wo->logError(self::_ECP . "0010 No value provided for [userId]");
return false;
}
if ($wo->hasContent($obj->id)) {
// update
$res = $t1->updateRowFromArraySimple($obj->toArray());
if ($res === FALSE) {
return FALSE;
}
} else {
// insert
$verificationToken = WOOOF::randomString(255);
$obj->isDeleted = '0';
$obj->isActive = '1';
$obj->isVerified = '0';
$obj->verificationToken = $verificationToken;
$obj->createdDateTime = WOOOF::currentGMTDateTime();
$obj->updatedDateTime = $obj->createdDateTime;
$newId = $t1->insertRowFromArraySimple($obj->toArray());
if ($newId === FALSE) {
return false;
}
$obj->id = $newId;
$succ = self::handleVerificationToken($wo, $obj->id, $obj->username, $verificationToken);
if ($succ === FALSE) {
return FALSE;
}
}
return $obj->id;
}
}
$requestedAction = 'viewUncontroled';
$pageLocation = '3_webService';
$wo = new WOOOF();
if ($_POST['action'] == 'wsLogin') {
$loginResult = FALSE;
$rowForTest = $this->db->getRowByColumn('__users', 'loginName', $wo->cleanUserInput($_POST['username']));
if (isset($rowForTest['id'])) {
$hash = $wo->getPasswordHash($_POST['password'], $rowForTest['id']);
$result = $this->db->query('select * from __users where binary loginName=\'' . $wo->cleanUserInput($rowForTest['loginName']) . '\' and binary loginPass=\'' . $hash . '\'');
if (mysqli_num_rows($result)) {
$userRow = $this->db->fetchAssoc($result);
$userRow['loginPass'] = '******';
$goOn = FALSE;
do {
$sid = 'ws' . WOOOF::randomString(38);
$new_sid_result = $this->db->query("select * from __sessions where sessionId='" . $sid . "'");
if (!mysqli_num_rows($new_sid_result)) {
$goOn = TRUE;
}
} while (!$goOn);
$result = $this->db->query("insert into __sessions (userId,sessionId,loginDateTime,lastAction,loginIP,active) values ('{$uid}','{$sid}','" . $this->dateTime . "','" . $this->dateTime . "','" . $this->cleanUserInput($_SERVER["REMOTE_ADDR"]) . "','1')");
if ($result === FALSE) {
showErrorAndTerminate('2005', 'Failed to insert new session in the data base for user `' . $userData['loginName'] . '`. Potential security breach!');
}
$obj->wsSessionIdentifier = $sid;
$loginResult = TRUE;
}
}
if ($loginResult === FALSE) {
showErrorAndTerminate('2004', 'Wrong credentials supplied.Login failure');
window.location = window.confirmedURLToGo;
}
</script>
</head>
<body><div id="modal" style="display: none;">
<span class="titleModal" id="titleModal">Αν θες δίνε και Tίτλο Modal Window </span><br />
<div id="textModal">Κείμενο μηνύματος βνα ωσ χψβ αξηβσω ξαηβσ χξηαβσ χξηαβχ ηξα κξασ κξαβν σ</div><br />
<input class="modalButton" type="button" name="button" value="No" onClick="javascript:closePopup();">
<input class="modalButton" type="button" name="button" value="Yes" onClick="javascript:popUpConfirmed();">
</div><div>
';
if (isset($_FILES['file'])) {
if ($_FILES['file']['type'] == 'image/jpeg' || $_FILES['file']['type'] == 'image/png' || $_FILES['file']['type'] == 'image/gif' || $_FILES['file']['type'] == 'application/octet' || $_FILES['file']['type'] == 'application/pdf' || $_FILES['file']['type'] == 'application/x-pdf') {
$prefix = $wo->randomString(20);
$fileInfo = pathinfo($_FILES['file']['name']);
if (($_FILES['file']['type'] == 'application/octet' || $_FILES['file']['type'] == 'application/pdf' || $_FILES['file']['type'] == 'application/x-pdf') && $fileInfo['extension'] != 'pdf' && $fileInfo['extension'] != 'PDF') {
echo $_FILES['file']['type'] . ' ' . $fileInfo['extension'] . ' BAD file type. File deleted.<br/><br/>';
unlink($_FILES['file']['tmp_name']);
exit;
}
$insertId = $wo->db->getNewId($tableName);
$maxR = $wo->db->query('select max(ord) from ' . $tableName);
$max = $wo->db->fetchRow($maxR);
$max = $max[0] + 10;
if (!isset($_POST['entry_date'])) {
$entryDate = WOOOF::getCurrentDateTime();
} else {
$entryDate = $wo->cleanUserInput($_POST['entry_date']);
}
/**
*
* @param string[] $columnsToFill
* @return false|string // new id
*/
public function handleInsertFromPost($columnsToFill)
{
$imagesRelativePath = WOOOF::$instance->getConfigurationFor('imagesRelativePath');
$siteBasePath = WOOOF::$instance->getConfigurationFor('siteBasePath');
global $__isAdminPage;
$insertId = $this->dataBase->getNewId($this->tableName);
if ($insertId === FALSE) {
return FALSE;
}
$defferedQueries = array();
$query = 'insert into ' . $this->tableName . ' set';
if (is_array($columnsToFill)) {
foreach ($columnsToFill as $column) {
if ($column != 'id') {
$metaData = $this->columns[$column]->getColumnMetaData();
$trimmedOrderingColumn = trim(str_replace(' desc', '', $this->getOrderingColumnForListings()));
if ($trimmedOrderingColumn == $column && (!isset($_POST[$column]) || trim($_POST[$column]) == '0' || trim($_POST[$column]) == '') && $metaData['type'] == WOOOF_dataBaseColumnTypes::int) {
$oR = $this->dataBase->query('select max(' . $trimmedOrderingColumn . ') as maxOrd from ' . $this->tableName);
if ($oR === FALSE) {
return FALSE;
}
$o = $this->dataBase->fetchAssoc($oR);
$_POST[$column] = $o['maxOrd'] + 10;
} else {
if (!isset($_POST[$column]) && !isset($_POST[$column . '1']) && !isset($_POST[$column . '4']) && !isset($_FILES[$column])) {
WOOOF::$instance->debug("Warning in handleInsertFromPost: Column to fill [{$column}] does not appear in POST or FILES.");
continue;
}
}
if ($metaData['presentationType'] == WOOOF_columnPresentationTypes::file) {
if (is_uploaded_file($_FILES[$column]['tmp_name'])) {
$externalFileId = $this->handleFileUpload($column);
if ($externalFileId === FALSE) {
die('File Upload Failure!');
// TODO: backfix that and remove the die!
return FALSE;
} else {
$query .= ' ' . $column . '=\'' . $externalFileId . '\',';
}
}
} else {
if ($metaData['presentationType'] == WOOOF_columnPresentationTypes::picture) {
if (isset($_FILES[$column])) {
if (trim($metaData['presentationParameters']) != '') {
$outputPath = $siteBasePath . $metaData['presentationParameters'];
} else {
$outputPath = $siteBasePath . $imagesRelativePath;
}
$fromFile = $outputPath . WOOOF::randomString(10) . '_' . $_FILES[$column]['name'];
//echo $fromFile .' <- is the new filename <br>';
$mvResult = move_uploaded_file($_FILES[$column]['tmp_name'], $fromFile);
if ($mvResult) {
if ($metaData['resizeWidth'] != '') {
$choppedFile = '';
$filePieces = explode('.', $_FILES[$column]['name']);
for ($b = 0; $b < count($filePieces) - 1; $b++) {
$choppedFile .= $filePieces[$b] . '.';
}
$choppedFile .= 'jpg';
$targetFilename = $this->tableId . '_' . $metaData['columnId'] . '_' . $insertId . '_' . $choppedFile;
WOOOF::resizePicture($fromFile, $outputPath . $targetFilename, $metaData['resizeWidth'], $metaData['resizeHeight']);
$query .= ' ' . $column . '=\'' . WOOOF::$instance->cleanUserInput($targetFilename) . '\', ';
if ($metaData['thumbnailWidth'] != '') {
WOOOF::resizePicture($fromFile, $outputPath . 'thumb_' . $targetFilename, $metaData['thumbnailWidth'], $metaData['thumbnailHeight']);
if ($metaData['thumbnailColumn'] != '') {
$defferedQueries[] = 'update ' . $this->tableName . ' set ' . $metaData['thumbnailColumn'] . '=\'' . 'thumb_' . $targetFilename . '\' where id=\'' . $insertId . '\'';
}
}
if ($metaData['midSizeWidth'] != '') {
WOOOF::resizePicture($fromFile, $outputPath . 'mid_' . $targetFilename, $metaData['midSizeWidth'], $metaData['midSizeHeight']);
if ($metaData['thumbnailColumn'] != '') {
$defferedQueries[] = 'update ' . $this->tableName . ' set ' . $metaData['midSizeColumn'] . '=\'' . 'mid_' . $targetFilename . '\' where id=\'' . $insertId . '\'';
}
}
unlink($fromFile);
} else {
//echo basename(WOOOF::$instance->cleanUserInput($fromFile)) .'<br>';
$query .= ' ' . $column . '=\'' . basename(WOOOF::$instance->cleanUserInput($fromFile)) . '\',';
//exit;
}
} else {
$query .= ' ' . $column . '=' . $column . ', ';
}
}
} else {
if ($metaData['presentationType'] == WOOOF_columnPresentationTypes::htmlText) {
if (!$__isAdminPage) {
require_once 'HTMLPurifier.standalone.php';
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$query .= ' ' . $column . '=\'' . $this->dataBase->escape($purifier->purify($_POST[$column])) . '\',';
} else {
$query .= ' ' . $column . '=\'' . $this->dataBase->escape($_POST[$column]) . '\',';
}
} else {
if ($metaData['presentationType'] == WOOOF_columnPresentationTypes::date || $metaData['presentationType'] == WOOOF_columnPresentationTypes::time || $metaData['presentationType'] == WOOOF_columnPresentationTypes::dateAndTime && isset($_POST[$column . '1'])) {
if ($metaData['notNull'] == '1' && ($metaData['isReadOnly'] || (!isset($_POST[$column . '1']) || trim($_POST[$column . '1']) == '') && (!isset($_POST[$column . '4']) || $_POST[$column . '4'] == ''))) {
//WOOOF::$instance->debug("$column in isReadOnly or empty");
$tempDate = WOOOF::getCurrentDateTime();
} else {
$tempDate = WOOOF::buildDateTimeFromAdminPost($column, $metaData['presentationType']);
}
if ($this->columns[$column]->checkValue($tempDate) === FALSE) {
return FALSE;
}
$query .= ' ' . $column . '=\'' . WOOOF::$instance->cleanUserInput($tempDate) . '\',';
} else {
if (!$this->columns[$column]->checkValue($_POST[$column])) {
return FALSE;
}
if (!isset($_POST[$column])) {
$_POST[$column] = '';
}
$query .= ' ' . $column . '=\'' . WOOOF::$instance->cleanUserInput($_POST[$column]) . '\',';
}
}
}
}
}
}
}
$query .= ' id=\'' . $insertId . '\'';
$res = $this->dataBase->query($query);
if ($res === FALSE) {
return FALSE;
}
for ($dC = 0; $dC < count($defferedQueries); $dC++) {
$res = $this->dataBase->query($defferedQueries[$dC]);
if ($res === FALSE) {
return FALSE;
}
}
return $insertId;
}
/**
*
* @param WOOOF $wo
* @param array $in
* @return boolean
*/
public static function passwordReset(WOOOF $wo, $in)
{
$place = __CLASS__ . '::' . __FUNCTION__;
$wo->debug("{$place}: ResetPassword");
$userRec = $wo->db->getRowByColumn('__users', 'loginName', $in['email']);
if ($userRec === FALSE) {
return false;
}
if ($userRec === NULL) {
$wo->logError(self::_ECP . "2360 No such user found.");
return false;
}
//create new password here
$newPassword = WOOOF::randomString(10);
$newPassword[0] = 'A';
$newPassword[1] = '1';
//change password here
$passwordErrors = [];
$res = WOOOF_User::changePassword($wo, $in['email'], $newPassword, $passwordErrors);
if ($res === FALSE) {
return false;
}
//send the password to user via email
$emailAddress = $in['email'];
$subject = 'New MovieRama Password';
$message = 'Your new MovieRama Password is: ' . $newPassword;
$replyTo = '';
$cc = '';
$htmlMessage = 'Your new MovieRama Password is: ' . $newPassword;
$files = null;
$res = $wo->sendMail('', $emailAddress, $subject, $message, $replyTo, $cc, $htmlMessage, $files);
return $res;
}
