/** * Process selected currencies and redirect to the next wizard page if successful. */ require_login(); $user = get_user(user_id()); require_user($user); $errors = array(); $messages = array(); require __DIR__ . "/../graphs/managed.php"; // get all of our limits $accounts = user_limits_summary(user_id()); $preferred_crypto = require_post("preferred_crypto", false); $preferred_fiat = require_post("preferred_fiat", false); $preference = require_post("preference"); $managed = require_post("managed", array()); $categories = get_managed_graph_categories(); // checks if ($preference == "managed" && !$managed) { $errors[] = t("You need to select at least one category of graph portfolio preferences."); } if (!in_array($preferred_crypto, get_all_cryptocurrencies())) { $errors[] = t("Invalid preferred cryptocurrency."); } if (!is_fiat_currency($preferred_fiat)) { $errors[] = t("Invalid preferred fiat currency."); } if (!in_array($preference, array('auto', 'managed', 'none'))) { $errors[] = t("Invalid graph management preference."); } if ($preference != "none" && !$preferred_fiat) {
redirect(url_for(require_post("callback"))); } } } // process 'enable' if (require_post('enable', false) && require_post('id', false)) { if (!can_user_add($user, $account_data['exchange'])) { $errors[] = t("Cannot enable :title: too many existing accounts.", array(':title' => $account_data['title'])) . ($user['is_premium'] ? "" : " " . t("To add more accounts, upgrade to a :premium_account.", array(':premium_account' => link_to(url_for('premium'), t('premium account'))))); } else { if ($account_data['disabled']) { $errors[] = t("Cannot enable that account; that account type is disabled."); } else { // reset all failure fields $q = db()->prepare("UPDATE " . $account_data['table'] . " SET is_disabled=0,is_disabled_manually=0,first_failure=NULL,failures=0 WHERE id=? AND user_id=?"); $q->execute(array(require_post("id"), user_id())); $messages[] = t("Enabled :title.", array(':title' => htmlspecialchars($account_data['title']))); set_temporary_messages($messages); redirect(url_for(require_post("callback"))); } } } // process enable_creator, disable_creator, reset_creator $account_data['label'] = "account"; require __DIR__ . "/_wizard_accounts_creator_post.php"; // either there was an error or we haven't done anything; go back to callback set_temporary_errors($errors); set_temporary_messages($messages); $_SESSION['wizard_data'] = $_POST; // store so we can restore it on the callback page redirect(url_for(require_post("callback"), array("title" => require_post("title", false), "exchange" => require_post("type", false))));
while ($a = $q->fetch()) { $addresses[$a['address']] = $a; } // lets read this file in as CSV // we don't store this CSV file on the server if (isset($_FILES['csv'])) { $fp = fopen($_FILES['csv']['tmp_name'], "r"); while ($fp && ($row = fgetcsv($fp, 1000, ",")) !== false) { process_csv_upload_row($row); } } else { // TODO using explode() here is not great; should use CSV functions instead (maybe fopen on a string?) $input = explode("\n", require_post("addresses")); foreach ($input as $row) { if (require_post("title", false)) { $row = require_post("title") . "," . $row; } process_csv_upload_row(explode(",", $row)); } } // update messages if ($invalid_addresses) { $errors[] = t(":addresses were invalid and were not added.", array(':addresses' => plural("address", "addresses", $invalid_addresses))); } if ($limited_addresses) { $errors[] = t("Could not add :addresses: too many existing addresses.", array(':addresses' => plural("address", "addresses", $limited_addresses))) . ($user['is_premium'] ? "" : " " . t("To add more addresses, upgrade to a :premium_account.", array(':premium_account' => link_to(url_for('premium'), t('premium account'))))); } $messages[] = t("Added :new and updated :existing.", array(':new' => plural("new address", "new addresses", $new_addresses), ':existing' => plural("existing address", "existing addresses", $existing_addresses))); // redirect to GET set_temporary_messages($messages); set_temporary_errors($errors);
<?php /** * Allows users to add additional OAuth2 locations for their account. * Issue #266 */ require_login(); // POST overrides GET $oauth2 = require_post("oauth2", require_get("oauth2", false)); $messages = array(); $errors = array(); try { if ($oauth2) { $user = \Users\User::getInstance(db()); $args = array("oauth2" => $oauth2); $url = absolute_url(url_for('oauth2_add', $args)); $provider = Users\OAuth2Providers::createProvider($oauth2, $url); try { \Users\UserOAuth2::addIdentity(db(), $user, $provider); $messages[] = t("Added OAuth2 identity ':identity' to your account.", array(':identity' => htmlspecialchars($provider->getKey()))); // redirect $destination = url_for('user#user_openid'); set_temporary_messages($messages); set_temporary_errors($errors); redirect($destination); } catch (\Users\UserSignupException $e) { $errors[] = $e->getMessage(); } } } catch (Exception $e) { if (!$e instanceof EscapedException) {
<?php /** * Process selected currencies and redirect to the next wizard page if successful. */ require_login(); $user = get_user(user_id()); require_user($user); $errors = array(); $messages = array(); // get all of our limits $accounts = user_limits_summary(user_id()); $currencies = require_post("currencies", array()); $exchanges = require_post("exchanges", array()); $cryptos = get_all_cryptocurrencies(); $fiats = get_all_fiat_currencies(); $commodities = get_all_commodity_currencies(); // go through all fiat currencies and, if no exchange is selected, select a default one foreach ($fiats as $c) { if (in_array($c, $currencies)) { $found = false; foreach ($exchanges as $e) { $prefix = "summary_" . $c . "_"; if (substr($e, 0, strlen($prefix)) == $prefix) { // found one $found = true; } } if (!$found) { $exchanges[] = "summary_" . $c . "_" . get_default_currency_exchange($c); }
$q->execute(array()); $coins = array(); $last_calculated = false; while ($coin = $q->fetch()) { $coins[$coin['id']] = $coin; $last_calculated = max($last_calculated, $coin['last_updated']); } $my_coins = array(); if (user_logged_in()) { // perform post logic if (require_post("update_votes", false)) { // delete all existing votes for this user $q = db()->prepare("DELETE FROM vote_coins_votes WHERE user_id=?"); $q->execute(array(user_id())); // create new votes $my_coins = require_post("coins", array()); foreach ($my_coins as $id) { if (isset($coins[$id])) { $q = db()->prepare("INSERT INTO vote_coins_votes SET user_id=?,coin_id=?,created_at=NOW()"); $q->execute(array(user_id(), $id)); } else { $errors[] = t("Unknown coin :id.", array(':id' => $id)); } } $messages[] = t("Updated your votes."); } else { // get my voted coins $q = db()->prepare("SELECT * FROM vote_coins_votes WHERE user_id=?"); $q->execute(array(user_id())); $my_coins = array(); while ($coin = $q->fetch()) {
// make sure that we don't add technicals that are premium only $graph_technical_types = graph_technical_types(); if (!isset($graph_technical_types[$technical])) { $errors[] = "Could not add technical type '" . htmlspecialchars($technical) . "' - no such technical type."; } else { if ($graph_technical_types[$technical]['premium'] && !$user['is_premium']) { $errors[] = "Could not add technical type '" . htmlspecialchars($graph_technical_types[$technical]['title']) . "' - requires a <a href=\"" . htmlspecialchars(url_for('premium')) . "\">premium account</a>."; } else { // it's OK // delete any existing technicals (even if we're inserting, since this logic is used for edit too) // (we limit a graph to only have a single technical at the moment) $q = db()->prepare("DELETE FROM graph_technicals WHERE graph_id=?"); $q->execute(array($graph_id)); // insert a new technical $q = db()->prepare("INSERT INTO graph_technicals SET graph_id=:graph_id, technical_type=:type, technical_period=:period"); $q->execute(array('graph_id' => $graph_id, 'type' => $technical, 'period' => min(get_site_config('technical_period_max'), max(1, (int) require_post("period", 0))))); $technical_added = htmlspecialchars($graph_technical_types[$technical]['title']); } } } else { // otherwise, delete old technicals $q = db()->prepare("DELETE FROM graph_technicals WHERE graph_id=?"); $q->execute(array($graph_id)); } // redirect $args = array(':heading' => $graph_types[$graph_type]['heading'], ':technical' => $technical_added); if ($is_edit) { if ($technical_added) { $messages[] = t("Edited :heading graph, with :technical.", $args); } else { $messages[] = t("Edited :heading graph.", $args);
* Admin vote coins page. */ require_admin(); require __DIR__ . "/../layout/templates.php"; require __DIR__ . "/../layout/graphs.php"; $messages = array(); $errors = array(); // process POST if (require_post("code", false) && require_post("title", false)) { $q = db()->prepare("INSERT INTO vote_coins SET code=?, title=?"); $q->execute(array(require_post("code"), require_post("title"))); $messages[] = "Added coin " . require_post("code") . "."; } if (require_post("id", false)) { $q = db()->prepare("SELECT * FROM vote_coins WHERE id=?"); $q->execute(array(require_post("id"))); $vote = $q->fetch(); if (!$vote) { $errors[] = "Could not find any such vote_coins"; } else { $sent = 0; $q = db()->prepare("SELECT * FROM vote_coins_votes JOIN users ON vote_coins_votes.user_id=users.id WHERE coin_id=?"); $q->execute(array($vote['id'])); while ($user = $q->fetch()) { if ($user['email']) { send_user_email($user, "voted_coin", array("name" => $user['name'] ? $user['name'] : $user['email'], "code" => strtolower($vote['code']), "abbr" => get_currency_abbr(strtolower($vote['code'])), "title" => get_currency_name(strtolower($vote['code'])), "original_title" => $vote['title'], "total_users" => plural("other user", $vote['total_users']), "url" => absolute_url(url_for("vote_coins")), "wizard" => absolute_url(url_for("wizard_currencies")))); $sent++; } } $messages[] = "Sent notifications to " . plural("user", $sent) . "."; // remove vote_coins and vote_coins_votes entries
* A user may revisit this page at any time to reconfigure their notifications. */ require_login(); $messages = array(); // get all of our accounts global $accounts; $accounts = user_limits_summary(user_id()); // enable/disable notifications if (require_post("disable", false)) { $q = db()->prepare("UPDATE notifications SET is_disabled=1 WHERE id=? AND user_id=?"); $q->execute(array(require_post("disable"), user_id())); $messages[] = t("Disabled notification."); } if (require_post("enable", false)) { $q = db()->prepare("UPDATE notifications SET is_disabled=0 WHERE id=? AND user_id=?"); $q->execute(array(require_post("enable"), user_id())); $messages[] = t("Enabled notification."); } require __DIR__ . "/../layout/templates.php"; page_header(t("Notification Preferences"), "page_wizard_notifications", array('js' => array('wizard', 'notifications', 'accounts'), 'class' => 'page_accounts')); global $user; $user = get_user(user_id()); require_user($user); // get all of our notifications $q = db()->prepare("SELECT * FROM notifications WHERE user_id=? ORDER BY notification_type DESC, id ASC"); $q->execute(array(user_id())); $notifications = $q->fetchAll(); // are we editing one? $instance = false; $account = false; if (require_get("edit", false)) {
<?php /** * Set the current session, cookie or user language. */ use Openclerk\I18n; $locale = require_post("locale"); $redirect = require_post("redirect"); $available = I18n::getAvailableLocales(); if (!isset($available[$locale])) { throw new LocaleException("Locale '{$locale}' does not exist for user selection"); } I18n::setLocale($locale); // update cookies setcookie('locale', $locale, time() + 60 * 60 * 24 * 365 * 10); // update users if (user_logged_in()) { $user = get_user(user_id()); $q = db()->prepare("UPDATE user_properties SET locale=? WHERE id=?"); $q->execute(array($locale, user_id())); } // go back to their previous page redirect($redirect);
<?php /** * Admin page for displaying the status of accounts in the system, allowing us to see * if particular classes of accounts are failing. */ require_admin(); require __DIR__ . "/../layout/templates.php"; require __DIR__ . "/../layout/graphs.php"; $messages = array(); $errors = array(); // enabling accounts? if (require_post("enable", false)) { $exchange = require_post("enable"); $account_data = get_account_data($exchange); // we re-enable ALL accounts, not just accounts belonging to active users, so that when a disabled user // logs back in, they automatically get their disabled accounts disabled as well $q = db()->prepare("SELECT t.*, users.email, user_properties.name AS users_name, user_properties.is_disabled AS user_is_disabled FROM " . $account_data['table'] . " t\n JOIN users ON t.user_id=users.id\n JOIN user_properties ON users.id=user_properties.id\n WHERE t.is_disabled=1"); $q->execute(); $count = 0; $accounts = $q->fetchAll(); foreach ($accounts as $account) { // re-enable it $q = db()->prepare("UPDATE " . $account_data['table'] . " SET is_disabled=0 WHERE id=? AND is_disabled_manually=0"); $q->execute(array($account['id'])); // email the user if their account is not disabled if (!$account['user_is_disabled']) { if ($account['email']) { $user_temp = array('email' => $account['email'], 'name' => $account['users_name']); send_user_email($user_temp, "reenable", array("name" => $account['users_name'] ? $account['users_name'] : $account['email'], "exchange" => get_exchange_name($exchange), "label" => $account_data['label'], "labels" => $account_data['labels'], "title" => isset($account['title']) && $account['title'] ? "\"" . $account['title'] . "\"" : "untitled", "url" => absolute_url(url_for("wizard_accounts")))); $messages[] = "Sent enabled message to " . htmlspecialchars($account['email']);
<?php require __DIR__ . "/../layout/graphs.php"; require_login(); $messages = array(); $errors = array(); if (require_post("confirm", false)) { reset_user_graphs(user_id()); $messages[] = t("User graphs and pages successfully reset."); } else { $errors[] = t("Did not reset user graphs and pages: you need to select the confirmation checkbox."); } set_temporary_messages($messages); set_temporary_errors($errors); redirect(url_for('profile'));
<?php /** * Admin page for displaying the status of accounts in the system, allowing us to see * if particular classes of accounts are failing. */ require_admin(); require __DIR__ . "/../layout/templates.php"; require __DIR__ . "/../layout/graphs.php"; $messages = array(); $errors = array(); $exchange = require_post("exchange"); $message = require_post("message", ""); // enabling accounts? if ($exchange && $message) { $account_data = get_account_data($exchange); // we re-enable ALL accounts, not just accounts belonging to active users, so that when a disabled user // logs back in, they automatically get their disabled accounts disabled as well $q = db()->prepare("SELECT t.*, users.email, users.name AS users_name, users.is_disabled AS user_is_disabled FROM " . $account_data['table'] . " t\n JOIN users ON t.user_id=users.id\n WHERE t.is_disabled=1"); $q->execute(); $count = 0; $accounts = $q->fetchAll(); foreach ($accounts as $account) { // email the user if their account is not disabled if (!$account['user_is_disabled']) { if ($account['email']) { $user_temp = array('email' => $account['email'], 'name' => $account['users_name']); send_user_email($user_temp, "account_failed_message", array("name" => $account['users_name'] ? $account['users_name'] : $account['email'], "exchange" => get_exchange_name($exchange), "message" => $message, "label" => $account_data['label'], "labels" => $account_data['labels'], "title" => isset($account['title']) && $account['title'] ? "\"" . $account['title'] . "\"" : "untitled", "url" => absolute_url(url_for("wizard_accounts")))); $messages[] = "Sent message to " . htmlspecialchars($account['email']); } }
$user = get_user(user_id()); require_user($user); // adding a new page? $title = require_post("title"); $title = substr($title, 0, 64); // limit to 64 characters if (!$title) { $title = t("Untitled"); } $errors = array(); $messages = array(); // check premium account limits if (!can_user_add($user, 'graph_pages')) { $errors[] = t("Cannot add graph page: too many existing graph pages.") . ($user['is_premium'] ? "" : " " . t("To add more graph pages, upgrade to a :premium_account.", array(':premium_account' => link_to(url_for('premium'), t('premium account'))))); set_temporary_errors($errors); redirect(url_for('profile', array('page' => require_post("page", "")))); } // it's OK - let's add a new one // first get the highest page order so far on this page $q = db()->prepare("SELECT * FROM graph_pages WHERE user_id=? ORDER BY page_order DESC LIMIT 1"); // including is_removed (in case of restore) $q->execute(array(user_id())); $highest = $q->fetch(); $new_order = $highest ? $highest['page_order'] + 1 : 1; // now insert it $q = db()->prepare("INSERT INTO graph_pages SET user_id=:user_id, title=:title, page_order=:page_order"); $q->execute(array('user_id' => user_id(), 'title' => $title, 'page_order' => $new_order)); $new_page_id = db()->lastInsertId(); $messages[] = t("Added new graph page :title.", array(':title' => htmlspecialchars($title))); // redirect set_temporary_messages($messages);
<?php require __DIR__ . "/../layout/graphs.php"; require_login(); // removing an existing page? $page_id = require_post("page"); $confirm = require_post("confirm", false); if (!$confirm) { // we're not deleting anything redirect(url_for('profile', array('page' => $page_id))); } // make sure it's our page $q = db()->prepare("SELECT * FROM graph_pages WHERE user_id=? AND id=?"); $q->execute(array(user_id(), $page_id)); if (!$q->fetch()) { throw new Exception(t("Cannot find page :id", array(':id' => htmlspecialchars($page_id)))); } // delete it by hiding it $q = db()->prepare("UPDATE graph_pages SET updated_at=NOW(),is_removed=1 WHERE user_id=? AND id=? LIMIT 1"); $q->execute(array(user_id(), $page_id)); // redirect to our home page, which will show the first page or none redirect(url_for('profile'));
"><?php echo htmlspecialchars($data[0]); ?> </span></button> <?php } ?> <hr> <button id="openid" class="openid"><span class="openid openid_manual"><?php echo ht("OpenID..."); ?> </span></button> <div id="openid_expand" style="<?php echo require_post("submit", "") == "Login" ? "" : "display:none;"; ?> "> <table> <tr> <th><?php echo ht("OpenID URL:"); ?> </th> <td> <input type="text" name="openid_manual" class="openid" id="openid_manual" size="40" value="<?php echo htmlspecialchars($openid); ?> " maxlength="255"> <input type="submit" name="submit" value="<?php echo ht("Login");
require_user($user); $currency = require_post("currency", require_get("currency", false)); if (!$currency || !is_valid_currency($currency) || !in_array($currency, get_site_config('premium_currencies'))) { $errors[] = t("Unknown currency or no currency specified."); set_temporary_errors($errors); redirect(url_for('premium')); } $messages = array(); $errors = array(); class PurchaseException extends Exception { } if (require_post("months", false) || require_post("years", false)) { try { $months = require_post("months", false); $years = require_post("years", false); if (!is_numeric($months) || !is_numeric($years) || !($months > 0 || $years > 0) || $months > 99 || $years > 99) { throw new PurchaseException(t("Invalid period selection.")); } $cost = 0; if ($months > 0) { $cost += wrap_number(get_premium_price($currency, 'monthly') * $months, 8); } if ($years > 0) { $cost += wrap_number(get_premium_price($currency, 'yearly') * $years, 8); } if ($cost == 0) { throw new PurchaseException(t("Could not calculate any cost")); } // find an unused $currency address and register it to the system $q = db()->prepare("SELECT * FROM premium_addresses WHERE is_used=0 AND currency=?");
<?php /** * Admin status page: jobs */ require_admin(); require __DIR__ . "/../layout/templates.php"; $messages = array(); $errors = array(); if (require_post("submit", false)) { $q = db()->prepare("DELETE FROM pending_subscriptions"); $q->execute(array()); $messages[] = "Deleted all pending subscription and unsubscription requests."; } page_header("Admin: Pending Subscription Requests", "page_admin_subscribe"); ?> <h1>Pending Subscription Requests</h1> <p class="backlink"><a href="<?php echo htmlspecialchars(url_for('admin')); ?> ">< Back to Site Status</a></p> <h2>Pending Subscriptions</h2> <textarea rows="10" cols="60"><?php $q = db()->prepare("SELECT users.email FROM pending_subscriptions JOIN users ON pending_subscriptions.user_id=users.id AND is_subscribe=1"); $q->execute(); while ($email = $q->fetch()) { echo htmlspecialchars($email['email']) . ", ";
} break; default: throw new Exception("Unknown new notification type '" . htmlspecialchars($notification_type) . "'"); } $permitted_notification_periods = get_permitted_notification_periods(); if (!isset($permitted_notification_periods[require_post("period")])) { throw new Exception("Invalid notification period '" . htmlspecialchars(require_post("period")) . "'"); } // remove any commas $value = number_unformat(require_post("value")); if (!is_numeric($value)) { throw new Exception("'" . htmlspecialchars($value) . "' is not numeric"); } $args = array("user_id" => user_id(), "type_id" => $type_id, "trigger_condition" => require_post("condition"), "trigger_value" => $value, "is_percent" => require_post("percent", 0) ? 1 : 0, "period" => require_post("period"), "notification_type" => $notification_type); if (require_post("id", false)) { // update existing // need to also reset last_value and is_notified so that we don't accidentally send notifications for an old currency $q = db()->prepare("UPDATE notifications SET notification_type=:notification_type, trigger_condition=:trigger_condition, trigger_value=:trigger_value, is_percent=:is_percent, period=:period, type_id=:type_id, is_notified=0, last_value=NULL, last_notification=NULL WHERE id=:id AND user_id=:user_id"); $args += array('id' => $instance['id']); $q->execute($args); $messages[] = t("Updated existing notification."); } else { // create new $q = db()->prepare("INSERT INTO notifications SET notification_type=:notification_type, trigger_condition=:trigger_condition, trigger_value=:trigger_value, is_percent=:is_percent, period=:period, type_id=:type_id, is_notified=0, user_id=:user_id"); $q->execute($args); $messages[] = t("Created new notification."); } // redirect set_temporary_messages($messages); set_temporary_errors($errors);
$user = get_user(user_id()); $messages = array(); $errors = array(); // perform post logic if (require_post("id", false)) { $id = (int) require_post("id"); $q = db()->prepare("DELETE FROM finance_accounts WHERE user_id=? AND id=?"); $q->execute(array(user_id(), $id)); $q = db()->prepare("UPDATE transactions SET account_id=null WHERE user_id=? AND exchange=? AND account_id=?"); $q->execute(array(user_id(), 'account', $id)); $messages[] = t("Deleted finance account."); } if (require_post("title", false)) { $title = (string) require_post("title"); $description = (string) require_post("description", ""); $gst = (string) require_post("gst", ""); // make sure no existing title exists $q = db()->prepare("SELECT * FROM finance_accounts WHERE user_id=? AND title=?"); $q->execute(array(user_id(), $title)); if ($q->fetch()) { $errors[] = t("An account with the title ':title' already exists.", array(":title" => $title)); } if (!can_user_add($user, "finance_accounts")) { $errors[] = "Cannot add finance account: too many existing finance accounts." . ($user['is_premium'] ? "" : " To add more finance accounts, upgrade to a <a href=\"" . htmlspecialchars(url_for('premium')) . "\">premium account</a>."); } if (!$errors) { $q = db()->prepare("INSERT INTO finance_accounts SET title=:title, description=:description, gst=:gst, user_id=:user_id"); $q->execute(array('title' => $title, 'description' => $description, 'gst' => $gst, 'user_id' => user_id())); $messages[] = t("Added new finance account."); } }
<th><label for="user_name"><?php echo ht("Name:"); ?> </label></th> <td><input id="user_name" name="name" size="32" value="<?php echo htmlspecialchars(require_post("name", $user['name'] ? $user['name'] : false)); ?> " size="32" maxlength="64"></td> </tr> <tr> <th><label for="user_email"><?php echo ht("E-mail:"); ?> </label></th> <td><input id="user_email" name="email" size="48" value="<?php echo htmlspecialchars(require_post("email", $user['email'] ? $user['email'] : false)); ?> " size="32" maxlength="64"></td> </tr> <tr> <th></th> <td><label><input type="checkbox" name="disable_graph_refresh" value="1"<?php echo $user['disable_graph_refresh'] ? " checked" : ""; ?> > <?php echo ht("Disable automatic graph refresh"); ?> </label></td> </tr> <tr> <th></th>
<?php throw new Exception("This functionality is currently unavailable."); $email = trim(require_post("email", require_get("email", false))); $hash = require_post("hash", require_get("hash", false)); $password = require_post("password", require_get("password", false)); if ($password && !is_string($password)) { throw new Exception(t("Invalid password parameter")); } $password2 = require_post("password2", require_get("password2", false)); if ($password2 && !is_string($password2)) { throw new Exception(t("Invalid repeated password parameter")); } $messages = array(); $errors = array(); if ($email && $password) { if (!$hash) { $errors[] = t("No hash specified."); } if ($password && (strlen($password) < 6 || strlen($password) > 255)) { $errors[] = t("Please select a password between :min-:max characters long.", array(':min' => 6, ':max' => 255)); } if ($password && $password != $password2) { $errors[] = t("Those passwords do not match."); } // check the request hash $q = db()->prepare("SELECT * FROM users WHERE email=? AND ISNULL(password_hash) = 0"); $q->execute(array($email)); $user = $q->fetch(); if (!$user) { $errors[] = t("No such user account exists.");
$users = $q->fetchAll(); ?> <h1>Users Report</h1> <p class="backlink"><a href="<?php echo htmlspecialchars(url_for('admin')); ?> ">< Back to Site Status</a></p> <form action="<?php echo htmlspecialchars(url_for('admin_user_list')); ?> " method="post"> <label>Search: <input type="text" maxlength="128" size="32" name="search" value="<?php echo htmlspecialchars(require_post("search", "")); ?> "></label> <input type="submit" value="Search"> </form> <form action="<?php echo htmlspecialchars(url_for('admin_user_list')); ?> " method="post"> <input type="hidden" name="search" value=""> <input type="submit" value="Reset"> </form> <form action="<?php echo htmlspecialchars(url_for('admin_user_list'));
} // process 'create_creator' if (require_post('create_creator', false) && require_post('id', false)) { // does one exist? $q = db()->prepare("SELECT * FROM transaction_creators WHERE user_id=? AND exchange=? AND account_id=?"); $q->execute(array(user_id(), $account_data['exchange'], require_post("id"))); if ($q->fetch()) { // enable the existing one $q = db()->prepare("UPDATE transaction_creators SET is_disabled=0,is_disabled_manually=0 WHERE user_id=? AND exchange=? AND account_id=?"); $q->execute(array(user_id(), $account_data['exchange'], require_post("id"))); } else { // insert a new one that's enabled $q = db()->prepare("INSERT INTO transaction_creators SET user_id=?,exchange=?,account_id=?"); $q->execute(array(user_id(), $account_data['exchange'], require_post("id"))); } $messages[] = t("Enabled transaction creation for :title; transactions will soon be automatically created for this :label.", array(':title' => $account_data['title'], ':label' => $account_data['label'])); set_temporary_messages($messages); redirect(url_for(require_post("callback"))); } // process 'reset_creator' if (require_post('reset_creator', false) && require_post('id', false)) { // delete all existing creators $q = db()->prepare("DELETE FROM transaction_creators WHERE user_id=? AND exchange=? AND account_id=?"); $q->execute(array(user_id(), $account_data['exchange'], require_post("id"))); // delete all existing transactions $q = db()->prepare("DELETE FROM transactions WHERE user_id=? AND exchange=? AND account_id=?"); $q->execute(array(user_id(), $account_data['exchange'], require_post("id"))); $messages[] = t("Removed all transactions for :title.", array(':title' => $account_data['title'])); set_temporary_messages($messages); redirect(url_for(require_post("callback"))); }
</label></th> <td><input type="text" name="title" size="18" maxlength="64" value="<?php echo htmlspecialchars(require_post("title", "")); ?> "> <?php echo ht("(optional)"); ?> </td> </tr> <tr> <th><label for="address"><?php echo htmlspecialchars($account_data['titles']); ?> :</label></th> <td><textarea name="addresses" rows="5" cols="36"><?php echo htmlspecialchars(require_post("addresses", "")); ?> </textarea><br><small><?php echo ht("(One address per line.)"); ?> </small></td> </tr> <tr> <td colspan="2" class="buttons"> <input type="hidden" name="currency" value="<?php echo htmlspecialchars($account_data['currency']); ?> "> <input type="submit" name="add" value="<?php echo ht("Add addresses"); ?>
/** * Admin post callback for generating SQL statements for getting all user account data * that can then be used to export. */ require_admin(); require __DIR__ . "/../layout/templates.php"; require __DIR__ . "/../layout/graphs.php"; $messages = array(); $errors = array(); page_header("Admin: Export User", "page_admin_user_export"); $id = require_post("id"); $filename = require_post("filename", "exported.sql"); $dbname = require_post("dbname", "clerk"); $username = require_post("username", "clerk"); $password = require_post("password", "clerk"); ?> <h1>Export User</h1> <p class="backlink"><a href="<?php echo htmlspecialchars(url_for('admin_user_list')); ?> ">< Back to User List</a></p> <form action="<?php echo htmlspecialchars(url_for("admin_user_export")); ?> " method="post"> <table class="standard"> <tr>
<?php /** * Allows users to delete OAuth2 locations from their account. */ require_login(); $messages = array(); $errors = array(); $uid = require_post("uid"); $provider = require_post("provider"); // make sure we aren't deleting our last identity $q = db()->prepare("SELECT COUNT(*) AS c FROM user_oauth2_identities WHERE user_id=?"); $q->execute(array(user_id())); $count = $q->fetch(); // or we have an OpenID identity $q = db()->prepare("SELECT * FROM user_openid_identities WHERE user_id=? LIMIT 1"); $q->execute(array(user_id())); $openid = $q->fetch(); // or we have a password hash $q = db()->prepare("SELECT * FROM user_passwords WHERE user_id=?"); $q->execute(array(user_id())); $password_hash = $q->fetch(); if ($count['c'] <= 1 && !$password_hash && !$openid) { $errors[] = t("Cannot remove that OAuth2 identity; at least one identity must be defined."); set_temporary_messages($messages); set_temporary_errors($errors); redirect(url_for('user#user_openid')); } $user = \Users\User::getInstance(db()); \Users\UserOAuth2::removeIdentity(db(), $user, $provider, $uid); $messages[] = t("Removed OAuth2 identity ':identity'.", array(':identity' => $provider));
$date = (string) require_post("date"); $account = (int) require_post("account", false); $category = (int) require_post("category", false); $description = (string) require_post("description", ""); $reference = (string) require_post("reference", ""); $value1 = (string) require_post("value1"); $currency1 = (string) require_post("currency1"); $value2 = (string) require_post("value2", false); $currency2 = (string) require_post("currency2", false); if (!$value2) { $value2 = null; } if (!$currency2) { $currency2 = null; } $page_args = require_post("page_args", false); $messages = array(); $errors = array(); if (!in_array($currency1, get_all_currencies())) { $errors[] = t("':currency' is not a valid currency", array(':currency' => $currency1)); } if (!strtotime($date)) { $errors[] = t("':date' is not a valid date", array(':date' => $date)); } if (!$value1) { $errors[] = t("You need to specify a transaction value."); } if ($value2 && !$currency2) { $errors[] = t("You need to select a second currency in order to add a second transaction amount."); } // insert
<?php /** * Allows users to delete OpenID locations from their account. */ require_login(); $messages = array(); $errors = array(); $identity = require_post("identity"); // make sure we aren't deleting our last identity $q = db()->prepare("SELECT COUNT(*) AS c FROM user_openid_identities WHERE user_id=?"); $q->execute(array(user_id())); $count = $q->fetch(); // or we have an OAuth2 identity $q = db()->prepare("SELECT * FROM user_oauth2_identities WHERE user_id=? LIMIT 1"); $q->execute(array(user_id())); $oauth2 = $q->fetch(); // or we have a password hash $q = db()->prepare("SELECT * FROM user_passwords WHERE user_id=?"); $q->execute(array(user_id())); $password_hash = $q->fetch(); if ($count['c'] <= 1 && !$password_hash && !$oauth2) { $errors[] = t("Cannot remove that OpenID identity; at least one identity must be defined."); set_temporary_messages($messages); set_temporary_errors($errors); redirect(url_for('user#user_openid')); } $user = \Users\User::getInstance(db()); \Users\UserOpenID::removeIdentity(db(), $user, $identity); $messages[] = t("Removed OpenID identity ':identity'.", array(':identity' => $identity)); set_temporary_messages($messages);
<?php /** * An admin tool to generate a page with example graphs of every type. */ require __DIR__ . "/../layout/graphs.php"; require_login(); require_admin(); $page_id = require_post("page"); $messages = array(); $errors = array(); // check that we own this page $q = db()->prepare("SELECT * FROM graph_pages WHERE id=? AND user_id=?"); $q->execute(array($page_id, user_id())); if (!$q->fetch()) { throw new Exception("You do not own that graph page."); } // delete all old graphs $q = db()->prepare("DELETE FROM graphs WHERE page_id=?"); $q->execute(array($page_id)); // now go through all graphs $count = 0; foreach (graph_types() as $key => $graph_type) { if (isset($graph_type['category']) && $graph_type['category'] || isset($graph_type['subcategory']) && $graph_type['subcategory']) { // add a new heading $graph = array('page_id' => $page_id, 'graph_type' => 'heading', 'arg0' => 0, 'width' => 1, 'height' => 1, 'page_order' => $count, 'days' => 45, 'string0' => "Category: " . $graph_type['title']); } else { $graph = array('page_id' => $page_id, 'graph_type' => $key, 'arg0' => 0, 'width' => isset($graph_type['default_width']) ? $graph_type['default_width'] : get_site_config('default_user_graph_width'), 'height' => isset($graph_type['default_height']) ? $graph_type['default_height'] : get_site_config('default_user_graph_height'), 'page_order' => $count, 'days' => 45, 'string0' => ''); } $q = db()->prepare("INSERT INTO graphs SET page_id=:page_id, graph_type=:graph_type, arg0=:arg0, width=:width, height=:height, page_order=:page_order, days=:days, string0=:string0"); $q->execute($graph);