public function execute(AuthenticationCredentials $authCreds) { $authService = AuthenticationService::instance(); // Make sure the creds are valid if (!$authCreds->isValid()) { Application::instance()->getLogger()->error(sprintf('Error validating auth credentials %s', var_export($authCreds, true))); throw new Exception('Invalid auth credentials'); } // Account merge if (Session::set('accountMerge') === '1') { // Must be logged in to do a merge if (!Session::hasRole(UserRole::USER)) { throw new Exception('Authentication required for account merge'); } $authService->handleAuthAndMerge($authCreds); return 'redirect: /profile/authentication'; } // Follow url *notice the set, returning and clearing the var $follow = Session::set('follow'); // If the user profile doesnt exist, go to the register page if (!$authService->getUserAuthProfileExists($authCreds)) { Session::set('authSession', $authCreds); $url = '/register?code=' . urlencode($authCreds->getAuthCode()); if (!empty($follow)) { $url .= '&follow=' . urlencode($follow); } return 'redirect: ' . $url; } // User exists, handle the auth $authService->handleAuthCredentials($authCreds); if (!empty($follow) && substr($follow, 0, 1) == '/') { return 'redirect: ' . $follow; } return 'redirect: /profile'; }
/** * @Route ("/embed/chat") * * @param array $params * @param ViewModel $model * @return string */ public function embedChat(array $params, ViewModel $model) { $user = null; if (Session::hasRole(UserRole::USER)) { $creds = Session::getCredentials(); $user = array(); $user['username'] = $creds->getUsername(); $user['features'] = $creds->getFeatures(); } $model->options = $this->getChatOptionParams($params); $model->user = $user; // Login follow url if (isset($params['follow']) && !empty($params['follow']) && substr($params['follow'], 0, 1) == '/') { $model->follow = $params['follow']; } return 'embed/chat'; }
/** * @Route ("/") * @Route ("/home") * * @param ViewModel $model * @return string */ public function home(ViewModel $model) { if (Session::hasRole(UserRole::USER)) { $userid = $userId = Session::getCredentials()->getUserId(); $privateMessageService = PrivateMessageService::instance(); $model->unreadMessageCount = $privateMessageService->getUnreadMessageCount($userid); } $app = Application::instance(); $cacheDriver = $app->getCacheDriver(); $model->articles = $cacheDriver->fetch('recentblog'); $model->summoners = $cacheDriver->fetch('summoners'); $model->tweets = $cacheDriver->fetch('twitter'); $model->music = $cacheDriver->fetch('recenttracks'); $model->playlist = $cacheDriver->fetch('youtubeplaylist'); $model->broadcasts = $cacheDriver->fetch('pastbroadcasts'); $model->streamInfo = $cacheDriver->fetch('streaminfo'); return 'home'; }
/** * @Route ("/subscription/confirm") * * @param array $params * @param ViewModel $model * @return string * @throws Exception * @throws \Destiny\Common\Utils\FilterParamsException */ public function subscriptionConfirm(array $params, ViewModel $model) { FilterParams::required($params, 'subscription'); $subscriptionsService = SubscriptionsService::instance(); // If there is no user, save the selection, and go to the login screen if (!Session::hasRole(UserRole::USER)) { $url = '/subscription/confirm?subscription=' . $params['subscription']; if (isset($params['gift']) && !empty($params['gift'])) { $url .= '&gift=' . $params['gift']; } return 'redirect: /login?follow=' . urlencode($url); } $userId = Session::getCredentials()->getUserId(); $subscriptionType = $subscriptionsService->getSubscriptionType($params['subscription']); if (empty($subscriptionType)) { throw new Exception('Invalid subscription specified'); } // If this is a gift, there is no need to check the current subscription if (isset($params['gift']) && !empty($params['gift'])) { $model->gift = $params['gift']; $model->warning = new Exception('If the giftee has a subscription by the time this payment is completed the subscription will be marked as failed, but your payment will still go through.'); } else { // Existing subscription $currentSubscription = $subscriptionsService->getUserActiveSubscription($userId); if (!empty($currentSubscription)) { $model->currentSubscription = $currentSubscription; $model->currentSubscriptionType = $subscriptionsService->getSubscriptionType($currentSubscription['subscriptionType']); // Warn about identical subscription overwrite if ($model->currentSubscriptionType['id'] == $subscriptionType['id']) { $model->warning = new Exception('you are about to overwrite your existing subscription with a duplicate one.'); } } } $model->subscriptionType = $subscriptionType; $model->title = 'Subscription Confirm'; return 'order/orderconfirm'; }
include Tpl::file('seg/google.tracker.php'); ?> </head> <body id="subscribe"> <?php include Tpl::file('seg/top.php'); ?> <?php include Tpl::file('seg/headerband.php'); ?> <section class="container"> <?php if (Session::hasRole(UserRole::USER)) { ?> <div id="giftSubscriptionSelect" class="alert alert-info" style="text-align: center;"> Would you like to gift someone a subscription? <button class="btn btn-primary" data-toggle="modal" data-target="#userSearchModal">Yes, gift a subscription <span class="glyphicon glyphicon-gift"></span></button> </div> <div id="giftSubscriptionConfirm" class="alert alert-info hidden" style="text-align: center;"> You are gifting your subscription to <strong id="subscriptionGiftUsername"></strong>! <button class="btn btn-primary" id="selectGiftSubscription" data-toggle="modal" data-target="#userSearchModal">Change <span class="glyphicon glyphicon-gift"></span></button> <button class="btn btn-default" id="cancelGiftSubscription">Abort!</button> </div> <?php } ?>
/** * Starts up the session, looks for remember me if there was no session * Also updates the session if the user is flagged for it. * * @throws Exception */ public function startSession() { // If the session has a cookie, start it if (Session::hasSessionCookie() && Session::start() && Session::hasRole(UserRole::USER)) { ChatIntegrationService::instance()->renewChatSessionExpiration(Session::getSessionId()); } // Check the Remember me cookie if the session is invalid if (!Session::hasRole(UserRole::USER)) { $user = $this->getRememberMe(); if (!empty($user)) { Session::start(); Session::updateCredentials($this->getUserCredentials($user, 'rememberme')); $this->setRememberMe($user); // flagUserForUpdate updates the credentials AGAIN, but since its low impact // Instead of doing the logic in two places $this->flagUserForUpdate($user['userId']); } } // Update the user if they have been flagged for an update if (Session::hasRole(UserRole::USER)) { $userId = Session::getCredentials()->getUserId(); if (!empty($userId) && $this->isUserFlaggedForUpdate($userId)) { $user = UserService::instance()->getUserById($userId); if (!empty($user)) { $this->clearUserUpdateFlag($userId); Session::updateCredentials($this->getUserCredentials($user, 'session')); // the refreshChatSession differs from this call, because only here we have access to the session id. ChatIntegrationService::instance()->setChatSession(Session::getCredentials(), Session::getSessionId()); } } } }
use Destiny\Common\Session; use Destiny\Common\User\UserRole; ?> <div class="modal fade message-composition" id="compose" tabindex="-1" role="dialog" aria-labelledby="composeLabel" aria-hidden="true"> <div class="modal-dialog modal-lg"> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button> <h4 class="modal-title" id="composeLabel">New message</h4> </div> <div id="compose-form"> <div class="modal-recipients"> <div class="modal-user-groups" class="clearfix"> <?php if (Session::hasRole(UserRole::ADMIN)) { ?> <div class="btn-group pull-right"> <button type="button" class="btn btn-xs btn-primary">Add group</button> <button type="button" class="btn btn-xs btn-primary dropdown-toggle" data-toggle="dropdown"> <span class="caret"></span> <span class="sr-only">Toggle Dropdown</span> </button> <ul class="groups dropdown-menu dropdown-menu-right" role="menu"> <li><a href="#">T4 Subscribers</a></li> <li><a href="#">T3 Subscribers</a></li> <li><a href="#">T2 Subscribers</a></li> <li><a href="#">T1 Subscribers</a></li> </ul> </div> <?php
/** * @Route ("/profile/messages/send") * @Secure ({"USER"}) * @HttpMethod ({"POST"}) * * Expects the following GET|POST variables: * message=string * recipients[]=username|group * * @param array $params * @return Response */ public function sendMessage(array $params) { $privateMessageService = PrivateMessageService::instance(); $chatIntegrationService = ChatIntegrationService::instance(); $userService = UserService::instance(); $response = array('success' => false, 'message' => ''); try { FilterParams::required($params, 'message'); FilterParams::isarray($params, 'recipients'); $sessionCredentials = Session::getCredentials(); $userId = $sessionCredentials->getUserId(); $username = strtolower($sessionCredentials->getUsername()); $user = $userService->getUserById($userId); $recipients = array_unique(array_map('strtolower', $params['recipients'])); if (empty($recipients)) { throw new Exception('Invalid recipients list'); } if (count($recipients) === 1 && $recipients[0] == $username) { throw new Exception('Cannot send messages to yourself.'); } // Remove the user if its in the list $recipients = array_diff($recipients, array($username)); $ban = $userService->getUserActiveBan($userId); if (!empty($ban)) { throw new Exception("You cannot send messages while you are banned."); } $oldEnough = $userService->isUserOldEnough($userId); if (!$oldEnough) { throw new Exception("Your account is not old enough to send messages."); } // Because batch sending makes it difficult to run checks on each recipient // we only use the batch sending for admins e.g. sending to tiers etc. if (Session::hasRole(UserRole::ADMIN)) { $messages = $privateMessageService->batchAddMessage($userId, $params['message'], $params['recipients']); $chatIntegrationService->publishPrivateMessages($messages); } else { $recipients = $userService->getUserIdsByUsernames($params['recipients']); if (empty($recipients)) { throw new Exception('Invalid recipient value(s)'); } if (count($recipients) > 20) { throw new Exception('You may only send to maximum 20 users.'); } $credentials = new SessionCredentials($user); foreach ($recipients as $recipientId) { $canSend = $privateMessageService->canSend($credentials, $recipientId); if (!$canSend) { throw new Exception("You have sent too many messages, throttled."); } $targetuser = $userService->getUserById($recipientId); $message = array('userid' => $userId, 'targetuserid' => $recipientId, 'message' => $params['message'], 'isread' => 0); $message['id'] = $privateMessageService->addMessage($message); $chatIntegrationService->publishPrivateMessage(array('messageid' => $message['id'], 'message' => $message['message'], 'username' => $sessionCredentials->getUsername(), 'userid' => $userId, 'targetusername' => $targetuser['username'], 'targetuserid' => $targetuser['userId'])); } } $response['message'] = 'Message sent'; $response['success'] = true; } catch (\Exception $e) { $response['success'] = false; $response['message'] = $e->getMessage(); } $response = new Response(Http::STATUS_OK, json_encode($response)); $response->addHeader(Http::HEADER_CONTENTTYPE, MimeType::JSON); return $response; }
<li class="divider-vertical visible-xs"></li> <?php } ?> <li><a title="Blog @ destiny.gg" href="//blog.destiny.gg">Blog</a></li> <li><a title="twitter.com" href="//twitter.com/Steven_Bonnell/">Twitter</a></li> <li><a title="youtube.com" href="//www.youtube.com/user/Destiny">Youtube</a></li> <li><a title="reddit.com" href="//www.reddit.com/r/Destiny/">Reddit</a></li> <li><a title="facebook.com" href="//www.facebook.com/Steven.Bonnell.II">Facebook</a></li> <?php if (!Session::hasRole(UserRole::SUBSCRIBER)) { ?> <li class="subscribe"><a href="/subscribe" rel="subscribe" title="Get your own destiny.gg subscription"><span>Subscribe Now!</span></a></li> <?php } ?> <?php if (Session::hasRole(UserRole::SUBSCRIBER)) { ?> <li class="subscribed"><a href="/subscribe" rel="subscribe" title="You have an active subscription!"><span>Subscribe</span></a></li> <?php } ?> </ul> </div> </div> </div><?php
/** * @param \Exception $e * @param ViewModel $model * @return string */ private function handleAuthError(\Exception $e, ViewModel $model) { if (Session::hasRole(UserRole::USER)) { Session::set('modelError', $e->getMessage()); return 'redirect: /profile/authentication'; } else { $model->title = 'Login error'; $model->error = $e; return 'login'; } }