public function __construct($session_started = false) { parent::__construct($session_started); //$this->setViewTemplate('_user_register.tpl'); $this->addToView('first_name', SessionCache::get('first_name')); $this->setPageTitle('User Registeration'); }
/** * @return str Currently logged-in ThinkUp username (email address) */ public static function getLoggedInUser() { if (self::isLoggedIn()) { return SessionCache::get('user'); } else { return null; } }
private static function verifySignatureFirebase($jwt) { $jwtCertsJSON = SessionCache::get(self::$JWT_CERTS_CACHE_KEY); if ($jwtCertsJSON === FALSE) { $jwtCertsJSON = HttpUtil::processRequest('https://www.googleapis.com/oauth2/v1/certs'); SessionCache::set(self::$JWT_CERTS_CACHE_KEY, $jwtCertsJSON); } $jwtCerts = json_decode($jwtCertsJSON, TRUE); return JWT::decode($jwt, $jwtCerts); }
public function insertCompanyName($company_name) { $q = "INSERT INTO #prefix#company SET name=:company_name, "; $q .= "added_by=:added_by, added_date=NOW();"; $vars = array(':company_name' => $company_name, ':added_by' => SessionCache::get('user_id')); if ($this->profiler_enabled) { Profiled::setDAOMethod(__METHOD__); } $ps = $this->execute($q, $vars); return $this->getUpdateCount($ps); }
private function getAccountIdByName($accountName) { $accountIdCacheKey = array('id' => 'ACCOUND_ID_FOR_' . strtolower($accountName), 'exp' => 3600); // 1 hour $accountId = SessionCache::get($accountIdCacheKey); if ($accountId == NULL) { $accountId = $this->getAccountIdByNameFromDB($accountName); SessionCache::set($accountIdCacheKey, $accountId); } return $accountId; }
public function disableLocation($location_id) { $modified_by = SessionCache::get('user_id'); $q = " UPDATE #prefix#city SET status=:status , modified_by = :modified_by, modified_date = NOW() WHERE id=:city_id"; $vars = array(':city_id' => $city_id, ':modified_by' => $modified_by, ':status' => 0); if ($this->profiler_enabled) { Profiler::setDAOMethod(__METHOD__); } $ps = $this->execute($q, $vars); return $this->getUpdateCount($ps); }
public function authControl() { if (!$this->is_missing_param) { $request_token = $_GET['oauth_token']; $request_token_secret = SessionCache::get('oauth_request_token_secret'); // get oauth values $plugin_option_dao = DAOFactory::GetDAO('PluginOptionDAO'); $options = $plugin_option_dao->getOptionsHash('twitter', true); //get cached $to = new TwitterOAuth($options['oauth_consumer_key']->option_value, $options['oauth_consumer_secret']->option_value, $request_token, $request_token_secret); $tok = $to->getAccessToken(); if (isset($tok['oauth_token']) && isset($tok['oauth_token_secret'])) { $api = new TwitterAPIAccessorOAuth($tok['oauth_token'], $tok['oauth_token_secret'], $options['oauth_consumer_key']->option_value, $options['oauth_consumer_secret']->option_value, $options['num_twitter_errors']->option_value, $options['max_api_calls_per_crawl']->option_value, false); $authed_twitter_user = $api->verifyCredentials(); // echo "User ID: ". $authed_twitter_user['user_id']; // echo "User name: ". $authed_twitter_user['user_name']; $owner_dao = DAOFactory::getDAO('OwnerDAO'); $owner = $owner_dao->getByEmail($this->getLoggedInUser()); if ((int) $authed_twitter_user['user_id'] > 0) { $instance_dao = DAOFactory::getDAO('TwitterInstanceDAO'); $instance = $instance_dao->getByUsername($authed_twitter_user['user_name'], 'twitter'); $owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO'); if (isset($instance)) { $owner_instance = $owner_instance_dao->get($owner->id, $instance->id); if ($owner_instance != null) { $owner_instance_dao->updateTokens($owner->id, $instance->id, $tok['oauth_token'], $tok['oauth_token_secret']); $this->addSuccessMessage($authed_twitter_user['user_name'] . " on Twitter is already set up in ThinkUp! To add a different Twitter account, " . "log out of Twitter.com in your browser and authorize ThinkUp again."); } else { if ($owner_instance_dao->insert($owner->id, $instance->id, $tok['oauth_token'], $tok['oauth_token_secret'])) { $this->addSuccessMessage("Success! " . $authed_twitter_user['user_name'] . " on Twitter has been added to ThinkUp!"); } else { $this->addErrorMessage("Error: Could not create an owner instance."); } } } else { $instance_dao->insert($authed_twitter_user['user_id'], $authed_twitter_user['user_name']); $instance = $instance_dao->getByUsername($authed_twitter_user['user_name']); if ($owner_instance_dao->insert($owner->id, $instance->id, $tok['oauth_token'], $tok['oauth_token_secret'])) { $this->addSuccessMessage("Success! " . $authed_twitter_user['user_name'] . " on Twitter has been added to ThinkUp!"); } else { $this->addErrorMessage("Error: Could not create an owner instance."); } } } } else { $msg = "Error: Twitter authorization did not complete successfully. Check if your account already " . " exists. If not, please try again."; $this->addErrorMessage($msg); } $this->view_mgr->clear_all_cache(); } return $this->generateView(); }
public function userLogoutUpdate($reason = 1) { $user_id = SessionCache::get('user_id'); $cookie = SessionCache::get('cookie'); $q = "UPDATE #prefix#user_logon_info SET logout=NOW(), working_time = (logout-login)/60, logout_reason=:logout_reason "; $q .= "WHERE user_id=:user_id AND cookie=:cookie"; $vars = array(':user_id' => $user_id, ':cookie' => $cookie, ':logout_reason' => $reason); $ps = $this->execute($q, $vars); $loginTime = explode(":", SessionCache::get('login_time')); $logoutTime = explode(":", date('H:i')); $totalTime = 60 * $logoutTime[0] + $logoutTime[1] - (60 * $loginTime[0] + $loginTime[1]); $this->updateWorkingHour($user_id, $totalTime); SessionCache::unsetKey('login_time'); SessionCache::unsetKey('cookie'); }
public function control() { if ($this->isLoggedIn()) { $config = Config::getInstance(); $this->setViewTemplate($this->tpl_name); $first_name = SessionCache::get('first_name'); //$first_name = 'Session'; $this->addToView('first_name', $first_name); //flush(); return $this->generateView(); } else { $controller = new LoginController(true); return $controller->go(); } }
public function testControl() { $builders = $this->buildData(); $config = Config::getInstance(); $escaped_site_root_path = str_replace('/', '\\/', $config->getValue('site_root_path')); $controller = new TestAuthAPIController(true); // No username, no API secret provided // This isn't an API call, so present HTML error output $results = $controller->go(); $this->assertPattern('/session\\/login.php\\?redirect\\=/', $controller->redirect_destination); // No API secret provided // This isn't an API call, so present HTML error output $_GET['un'] = '*****@*****.**'; $results = $controller->go(); $this->assertPattern('/session\\/login.php\\?redirect\\=/', $controller->redirect_destination); // Wrong API secret provided $_GET['as'] = 'fail_me'; $results = $controller->go(); $this->assertPattern("/UnauthorizedUserException/", $results); $this->assertPattern("/Unauthorized API call/", $results); $controller = new TestAuthAPIController(true); // Wrong username provided $_GET['as'] = 'c9089f3c9adaf0186f6ffb1ee8d6501c'; $_GET['un'] = 'fail_me'; $results = $controller->go(); $this->assertPattern("/UnauthorizedUserException/", $results); $this->assertPattern("/Unauthorized API call/", $results); // Working request $_GET['un'] = '*****@*****.**'; $_GET['as'] = 'c9089f3c9adaf0186f6ffb1ee8d6501c'; $results = $controller->go(); $this->assertPattern('/{"result":"success"}/', $results); $config = Config::getInstance(); $this->assertEqual(SessionCache::get('user'), '*****@*****.**'); // Now that _SESSION['user'] is set, we shouldn't need to provide un/as to use this controller // Also, the result will be returned as HTML, not JSON unset($_GET['as']); $results = $controller->go(); $this->assertPattern('/<html><body>Success<\\/body><\\/html>/', $results); // And just to make sure, if we 'logout', we should be denied access now Session::logout(); $results = $controller->go(); $this->assertPattern('/ControllerAuthException/', $results); $this->assertPattern('/You must/', $results); $this->assertPattern('/log in/', $results); }
public function addNotify($what, $type = 0) { $notify_dao = DAOFactory::getDAO('NotifyDAO'); $notify = array(); $notify['notify_type'] = $type; $notify['user_id'] = SessionCache::get('user_id'); $notify['title'] = "<a href=#>Prabhat</a> added You a" . $what; $notify['body'] = makeNotifyBody($what); // will contain user Image + Title + Date/Time. if ($notify_dao->insertNotification($notify)) { $notify_id = $notify_dao->getInsertId(); unset($notify['notify_type']); unset($notify['event_class']); //$notify['user_id'] = $this->getLoggedInUser(); $notify['user_id'] = $who; $notify_dao->insertMakeNotification($notify); } }
public function modifyCountry($country_id, $update_arr) { $modified_by = SessionCache::get('user_id'); $q = " UPDATE #prefix#country SET modified_by=:modified_by,modified_date=NOW "; $vars = array(); foreach ($update_arr as $key => $value) { $q .= ", " . $key . "=:" . $value; $field = ":" . $key; $vars[$field] = $value; } $vars[':modified_by'] = $modified_by; $vars[':country_id'] = $country_id; $q .= " WHERE id =:country_id"; if ($this->profiler_enabled) { Profiler::setDAOMethod(__METHOD__); } $ps = $this->execute($q, $vars); return $this->getUpdateCount($ps); }
public function authControl() { if (!$this->is_missing_param) { $username = $_GET['u']; $network = $_GET['n']; $user_dao = DAOFactory::getDAO('UserDAO'); $page = isset($_GET['page']) && is_numeric($_GET['page']) ? $_GET['page'] : 1; if ($user_dao->isUserInDBByName($username, $network)) { $this->setPageTitle('User Details: ' . $username); $user = $user_dao->getUserByName($username, $network); $owner_dao = DAOFactory::getDAO('OwnerDAO'); $owner = $owner_dao->getByEmail($this->getLoggedInUser()); $instance_dao = DAOFactory::getDAO('InstanceDAO'); $this->addToView('instances', $instance_dao->getByOwner($owner)); $this->addToView('profile', $user); $post_dao = DAOFactory::getDAO('PostDAO'); $user_posts = $post_dao->getAllPosts($user->user_id, $user->network, 20, $page); $this->addToView('user_statuses', $user_posts); if (sizeof($user_posts) == 20) { $this->addToView('next_page', $page + 1); } $this->addToView('last_page', $page - 1); $this->addToView('sources', $post_dao->getStatusSources($user->user_id, $user->network)); if (SessionCache::isKeySet('selected_instance_username') && SessionCache::isKeySet('selected_instance_network')) { $i = $instance_dao->getByUsername(SessionCache::get('selected_instance_username'), SessionCache::get('selected_instance_network')); if (isset($i)) { $this->addToView('instance', $i); $exchanges = $post_dao->getExchangesBetweenUsers($i->network_user_id, $i->network, $user->user_id); $this->addToView('exchanges', $exchanges); $this->addToView('total_exchanges', count($exchanges)); $follow_dao = DAOFactory::getDAO('FollowDAO'); $mutual_friends = $follow_dao->getMutualFriends($user->user_id, $i->network_user_id, $i->network); $this->addToView('mutual_friends', $mutual_friends); $this->addToView('total_mutual_friends', count($mutual_friends)); } } } else { $this->addErrorMessage($username . ' is not in the system.'); } } return $this->generateView(); }
public static function addCompany($company_data, $client_setup = false) { if (isset($branch_data)) { //Checking the required params. foreach (self::$REQUIRED_PARAMS as $param) { if (!isset($branch_data[$param]) || $branch_data[$param] == '') { self::$is_missing_param = true; break; } } if (!$this->is_missing_param) { $branch_data['added_by'] = SessionCache::get('user_id'); $company_dao = DAOFactory::getDAO('CompanyDAO'); $ret = $company_dao->insertCompanyBranch($branch_data); return $ret; } else { //$this->sendJsonResponse(0,$msg); } } }
public function testControl() { $builders = $this->buildData(); $config = Config::getInstance(); $escaped_site_root_path = str_replace('/', '\\/', $config->getValue('site_root_path')); $controller = new TestAuthAPIController(true); // No username, no API secret provided // This isn't an API call, so present HTML error output $results = $controller->go(); $this->assertPattern('/You must <a href="' . $escaped_site_root_path . 'session\\/login.php">log in<\\/a> to do this./', $results); // No API secret provided // This isn't an API call, so present HTML error output $_GET['un'] = '*****@*****.**'; $results = $controller->go(); $this->assertPattern('/You must <a href="' . $escaped_site_root_path . 'session\\/login.php">log in<\\/a> to do this./', $results); // Wrong API secret provided $_GET['as'] = 'fail_me'; $results = $controller->go(); $this->assertPattern("/UnauthorizedUserException: Unauthorized API call/", $results); // Wrong username provided $_GET['as'] = Session::getAPISecretFromPassword('XXX'); $_GET['un'] = 'fail_me'; $results = $controller->go(); $this->assertPattern("/UnauthorizedUserException: Unauthorized API call/", $results); // Working request $_GET['un'] = '*****@*****.**'; $_GET['as'] = Session::getAPISecretFromPassword('XXX'); $results = $controller->go(); $this->assertPattern('/{"result":"success"}/', $results); $config = Config::getInstance(); $this->assertEqual(SessionCache::get('user'), '*****@*****.**'); // Now that _SESSION['user'] is set, we shouldn't need to provide un/as to use this controller // Also, the result will be returned as HTML, not JSON unset($_GET['as']); $results = $controller->go(); $this->assertPattern('/<html/', $results); // And just to make sure, if we 'logout', we should be denied access now Session::logout(); $results = $controller->go(); $this->assertPattern('/You must <a href="' . $escaped_site_root_path . 'session\\/login.php">log in<\\/a> to do this./', $results); }
public function check() { switch ($this->type) { case 1: $resp = recaptcha_check_answer($this->prikey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { $this->msg = $resp->error; return false; } else { return true; } break; default: if (strcmp(md5($_POST['user_code']), SessionCache::get('ckey'))) { $this->msg = "Wrong text, try again"; return false; } else { return true; } break; } }
public function testPutGetIsset() { $config = Config::getInstance(); //nothing is set $this->assertNull(SessionCache::get('my_key')); $this->assertFalse(SessionCache::isKeySet('my_key')); //set a key SessionCache::put('my_key', 'my_value'); $this->assertTrue(isset($_SESSION[$config->getValue('source_root_path')])); $this->assertEqual($_SESSION[$config->getValue('source_root_path')]['my_key'], 'my_value'); $this->assertEqual(SessionCache::get('my_key'), 'my_value'); //overwrite existing key SessionCache::put('my_key', 'my_value2'); $this->assertTrue($_SESSION[$config->getValue('source_root_path')]['my_key'] != 'my_value'); $this->assertEqual($_SESSION[$config->getValue('source_root_path')]['my_key'], 'my_value2'); //set another key SessionCache::put('my_key2', 'my_other_value'); $this->assertEqual($_SESSION[$config->getValue('source_root_path')]['my_key2'], 'my_other_value'); //unset first key SessionCache::unsetKey('my_key'); $this->assertNull(SessionCache::get('my_key')); $this->assertFalse(SessionCache::isKeySet('my_key')); }
/** * Check the $_POST'ed CAPTCHA inputs match the contents of the CAPTCHA. * @return bool */ public function doesTextMatchImage() { //if in test mode, assume check is good if user_code is set to 123456 if (Utils::isTest()) { if (isset($_POST['user_code']) && $_POST['user_code'] == '123456') { return true; } else { return false; } } switch ($this->type) { case self::RECAPTCHA_CAPTCHA: $config = Config::getInstance(); $priv_key = $config->getValue('recaptcha_private_key'); $resp = recaptcha_check_answer($priv_key, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { return false; } else { return true; } break; default: if (strcmp(md5($_POST['user_code']), SessionCache::get('ckey'))) { return false; } else { return true; } break; } }
/** * Process actions based on $_GET parameters. Authorize FB user or add FB page. * @param arr $options Facebook plugin options * @param Facebook $facebook Facebook object */ protected function processPageActions($options, Facebook $facebook) { //authorize user if (isset($_GET["code"]) && isset($_GET["state"])) { //validate state to avoid CSRF attacks if ($_GET["state"] == SessionCache::get('facebook_auth_csrf')) { //Prepare API request //First, prep redirect URI $redirect_uri = urlencode(Utils::getApplicationURL() . 'account/?p=facebook'); //Build API request URL $api_req = 'https://graph.facebook.com/oauth/access_token?client_id=' . $options['facebook_app_id']->option_value . '&client_secret=' . $options['facebook_api_secret']->option_value . '&redirect_uri=' . $redirect_uri . '&state=' . SessionCache::get('facebook_auth_csrf') . '&code=' . $_GET["code"]; $access_token_response = FacebookGraphAPIAccessor::rawApiRequest($api_req, false); parse_str($access_token_response); if (isset($access_token)) { /** * Swap in short-term token for long-lived token as per * https://developers.facebook.com/docs/facebook-login/access-tokens/#extending */ $api_req = 'https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=' . $options['facebook_app_id']->option_value . '&client_secret=' . $options['facebook_api_secret']->option_value . '&fb_exchange_token=' . $access_token; $access_token_response = FacebookGraphAPIAccessor::rawApiRequest($api_req, false); parse_str($access_token_response); $facebook->setAccessToken($access_token); $fb_user_profile = $facebook->api('/me'); $fb_username = $fb_user_profile['name']; $fb_user_id = $fb_user_profile['id']; if (empty($fb_username)) { $error = 'Sorry, ThinkUp does not support business accounts.'; $this->addErrorMessage($error, 'authorization'); } else { $this->addSuccessMessage($this->saveAccessToken($fb_user_id, $access_token, $fb_username), 'authorization'); } } else { $error_msg = "Problem authorizing your Facebook account! Please correct your plugin settings."; $error_object = json_decode($access_token_response); if (isset($error_object) && isset($error_object->error->type) && isset($error_object->error->message)) { $error_msg = $error_msg . "<br>Facebook says: \"" . $error_object->error->type . ": " . $error_object->error->message . "\""; } else { $error_msg = $error_msg . "<br>Facebook's response: \"" . $access_token_response . "\""; } $this->addErrorMessage($error_msg, 'authorization', true); } } else { $this->addErrorMessage("Could not authenticate Facebook account due to invalid CSRF token.", 'authorization'); } } //insert pages if (isset($_GET["action"]) && $_GET["action"] == "add page" && isset($_GET["facebook_page_id"]) && isset($_GET["viewer_id"]) && isset($_GET["owner_id"]) && isset($_GET["instance_id"])) { //get access token $oid = DAOFactory::getDAO('OwnerInstanceDAO'); $tokens = $oid->getOAuthTokens($_GET["instance_id"]); $access_token = $tokens['oauth_access_token']; $page_data = FacebookGraphAPIAccessor::apiRequest('/' . $_GET["facebook_page_id"], $access_token, "id,name,picture"); self::insertPage($page_data->id, $_GET["viewer_id"], $_GET["instance_id"], $page_data->name, $page_data->picture->data->url); } }
public function testSession() { $optiondao = new OptionMySQLDAO(); $config = Config::getInstance(); $app_path = $config->getValue('source_root_path'); // set session data $optiondao->setSessionData('bla', array('name' => 'value')); $key = 'options_data:bla'; $this->assertIdentical(array('name' => 'value'), SessionCache::get($key)); // clear session data $optiondao->clearSessionData('bla'); $this->assertFalse(SessionCache::isKeySet($key)); // get session data $this->assertFalse($optiondao->getSessionData('bla')); // no data // with data SessionCache::put($key, array('name' => 'value')); $this->assertIdentical(array('name' => 'value'), $optiondao->getSessionData('bla')); // test updates $data1 = array('namespace' => 'test', 'option_name' => 'testname', 'option_value' => 'test_value'); $builder1 = FixtureBuilder::build(self::TEST_TABLE, $data1); $options = $optiondao->getOptions('test'); $this->assertNotNull($options); # update by name $optiondao->updateOptionByName('test', 'testname', 'test_value123'); $options = $optiondao->getOptions('test'); $this->assertEqual($options['testname']->option_value, 'test_value123'); # update by id $optiondao->updateOption($options['testname']->option_id, 'test_value1234'); $options = $optiondao->getOptions('test'); $this->assertEqual($options['testname']->option_value, 'test_value1234'); # delete by name $optiondao->deleteOptionByName('test', 'testname'); $options = $optiondao->getOptions('test'); $this->assertNull($options); # delete by id $builder1 = null; $builder1 = FixtureBuilder::build(self::TEST_TABLE, $data1); $optiondao->deleteOption($builder1->columns['last_insert_id']); $options = $optiondao->getOptions('test'); $this->assertNull($options); }
public function testSaveConfigViewData() { $this->simulateLogin('*****@*****.**', true, true); $_POST['save'] = true; $_POST['csrf_token'] = parent::CSRF_TOKEN; // no values $controller = new AppConfigController(true); $results = $controller->control(); $json_obj = json_decode($results); $this->assertEqual($json_obj->status, 'success'); $this->assertEqual($json_obj->saved, 0); $this->assertEqual($json_obj->deleted, 0); // bad arg for is_registration_open $_POST['is_opted_out_usage_stats'] = 'falsify'; $controller = new AppConfigController(true); $results = $controller->control(); $json_obj = json_decode($results); $this->assertEqual($json_obj->status, 'failed'); $this->assertNotNull($json_obj->required->is_opted_out_usage_stats); $_POST['is_opted_out_usage_stats'] = 'false'; // bad arg for is_registration_open $_POST['is_registration_open'] = 'falsey'; //$_POST['recaptcha_enable'] = 'false'; $controller = new AppConfigController(true); $results = $controller->control(); $json_obj = json_decode($results); $this->assertEqual($json_obj->status, 'failed'); $this->assertNotNull($json_obj->required->is_registration_open); // bad arg for recaptcha $_POST['is_registration_open'] = 'false'; $_POST['recaptcha_enable'] = 'false'; $controller = new AppConfigController(true); $results = $controller->control(); $json_obj = json_decode($results); $this->assertEqual($json_obj->status, 'failed'); $this->assertNotNull($json_obj->required->recaptcha_enable); // bad deps for recaptcha $_POST['recaptcha_enable'] = 'true'; $controller = new AppConfigController(true); $results = $controller->control(); $json_obj = json_decode($results); $this->assertEqual($json_obj->status, 'failed'); $this->assertNotNull($json_obj->required); $this->assertNotNull($json_obj->required->recaptcha_public_key); $this->assertNotNull($json_obj->required->recaptcha_private_key); // valid save for recaptcha $_POST['recaptcha_enable'] = 'true'; $_POST['recaptcha_public_key'] = '1234'; // test magic quotes if enabled... if (get_magic_quotes_gpc()) { $_POST['recaptcha_public_key'] = "1\\'23\\\"4"; } $_POST['recaptcha_private_key'] = '1234abc'; $controller = new AppConfigController(true); $results = $controller->control(); $json_obj = json_decode($results); $this->assertEqual($json_obj->status, 'success'); $this->assertEqual($json_obj->saved, 5); // bad arg, not numeric $_POST['default_instance'] = 'notanumber'; $controller = new AppConfigController(true); $results = $controller->control(); $json_obj = json_decode($results); $this->assertEqual($json_obj->status, 'failed'); $this->assertNotNull($json_obj->required); $this->assertNotNull($json_obj->required->default_instance); // bad arg, not completely numeric $_POST['default_instance'] = '10notanumber'; $controller = new AppConfigController(true); $results = $controller->control(); $json_obj = json_decode($results); $this->assertEqual($json_obj->status, 'failed'); $this->assertNotNull($json_obj->required); $this->assertNotNull($json_obj->required->default_instance); // good single digit arg for default_instance $_POST['default_instance'] = '1'; $controller = new AppConfigController(true); $results = $controller->control(); $json_obj = json_decode($results); $this->assertEqual($json_obj->status, 'success'); $this->assertEqual($json_obj->saved, 6); // good double digit arg for default_instance $_POST['default_instance'] = '57'; $controller = new AppConfigController(true); $results = $controller->control(); $json_obj = json_decode($results); $this->assertEqual($json_obj->status, 'success'); $this->assertEqual($json_obj->saved, 6); // good triple digit arg for default_instance $_POST['default_instance'] = '105'; $controller = new AppConfigController(true); $results = $controller->control(); $json_obj = json_decode($results); $this->assertEqual($json_obj->status, 'success'); $this->assertEqual($json_obj->saved, 6); //assert Session info re: selected instance has been cleared $session_instance_network = SessionCache::get('selected_instance_network'); $session_instance_username = SessionCache::get('selected_instance_username'); $this->assertNull($session_instance_network); $this->assertNull($session_instance_username); $sql = "select * from " . $this->table_prefix . 'options where namespace = \'' . OptionDAO::APP_OPTIONS . '\' order by option_id'; $stmt = PluginOptionMySQLDAO::$PDO->query($sql); $data = array(); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { array_push($data, $row); } $stmt->closeCursor(); array_shift($data); //shift off database version record $this->assertEqual(count($data), 6); $this->assertEqual($data[0]['namespace'], OptionDAO::APP_OPTIONS); $this->assertEqual($data[0]['option_name'], 'is_registration_open'); $this->assertEqual($data[0]['option_value'], 'false'); $this->assertEqual($data[1]['namespace'], OptionDAO::APP_OPTIONS); $this->assertEqual($data[1]['option_name'], 'recaptcha_enable'); $this->assertEqual($data[1]['option_value'], 'true'); $this->assertEqual($data[2]['namespace'], OptionDAO::APP_OPTIONS); $this->assertEqual($data[2]['option_name'], 'recaptcha_public_key'); $value = '1234'; if (get_magic_quotes_gpc()) { $value = '1\'23"4'; } $this->assertEqual($data[2]['option_value'], $value); $this->assertEqual($data[3]['namespace'], OptionDAO::APP_OPTIONS); $this->assertEqual($data[3]['option_name'], 'recaptcha_private_key'); $this->assertEqual($data[3]['option_value'], '1234abc'); $this->assertEqual($data[4]['namespace'], OptionDAO::APP_OPTIONS); $this->assertEqual($data[4]['option_name'], 'is_opted_out_usage_stats'); $this->assertEqual($data[4]['option_value'], 'false'); $this->assertEqual($data[5]['option_name'], 'default_instance'); $this->assertEqual($data[5]['option_value'], '105'); // update records... $_POST['is_registration_open'] = 'true'; $_POST['recaptcha_enable'] = 'true'; $_POST['recaptcha_public_key'] = '12345'; // test magic quotes if enabled... if (get_magic_quotes_gpc()) { $_POST['recaptcha_public_key'] = "1\\'23\\\"45"; } $_POST['recaptcha_private_key'] = '12345abc'; $_POST['default_instance'] = '12345'; $controller = new AppConfigController(true); $results = $controller->control(); $json_obj = json_decode($results); $this->assertEqual($json_obj->status, 'success'); $this->assertEqual($json_obj->saved, 6); $this->assertEqual($json_obj->deleted, 0); $sql = "select * from " . $this->table_prefix . 'options where namespace = \'' . OptionDAO::APP_OPTIONS . '\' order by option_id'; $stmt = PluginOptionMySQLDAO::$PDO->query($sql); $data = array(); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { array_push($data, $row); } $stmt->closeCursor(); array_shift($data); //shift off database version record $this->assertEqual(count($data), 6); $this->assertEqual($data[0]['namespace'], OptionDAO::APP_OPTIONS); $this->assertEqual($data[0]['option_name'], 'is_registration_open'); $this->assertEqual($data[0]['option_value'], 'true'); $this->assertEqual($data[1]['namespace'], OptionDAO::APP_OPTIONS); $this->assertEqual($data[1]['option_name'], 'recaptcha_enable'); $this->assertEqual($data[1]['option_value'], 'true'); $this->assertEqual($data[2]['namespace'], OptionDAO::APP_OPTIONS); $this->assertEqual($data[2]['option_name'], 'recaptcha_public_key'); $value = '12345'; if (get_magic_quotes_gpc()) { $value = '1\'23"45'; } $this->assertEqual($data[2]['option_value'], $value); $this->assertEqual($data[3]['namespace'], OptionDAO::APP_OPTIONS); $this->assertEqual($data[3]['option_name'], 'recaptcha_private_key'); $this->assertEqual($data[3]['option_value'], '12345abc'); $this->assertEqual($data[4]['option_value'], 'false'); $this->assertEqual($data[5]['option_value'], '12345'); // delete records... $_POST['is_registration_open'] = 'true'; $_POST['recaptcha_enable'] = ''; $_POST['recaptcha_public_key'] = ''; $_POST['recaptcha_private_key'] = ''; $_POST['default_instance'] = ''; $_POST['is_opted_out_usage_stats'] = ''; $controller = new AppConfigController(true); $results = $controller->control(); $json_obj = json_decode($results); $this->assertEqual($json_obj->status, 'success'); $this->assertEqual($json_obj->saved, 1); $this->assertEqual($json_obj->deleted, 5); $sql = "select * from " . $this->table_prefix . 'options where namespace = \'' . OptionDAO::APP_OPTIONS . '\' order by option_id'; $stmt = PluginOptionMySQLDAO::$PDO->query($sql); $data = array(); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { array_push($data, $row); } $stmt->closeCursor(); array_shift($data); //shift off database version record $this->assertEqual(count($data), 1); }
/** * Constructs ThinkUpController * * Adds email address of currently logged in ThinkUp user, '' if not logged in, to view * {$logged_in_user} * @return ThinkUpController */ public function __construct($session_started = false) { try { $config = Config::getInstance(); $this->profiler_enabled = Profiler::isEnabled(); if ($this->profiler_enabled) { $this->start_time = microtime(true); } if ($config->getValue('timezone')) { date_default_timezone_set($config->getValue('timezone')); } if (!$session_started) { SessionCache::init(); } $this->view_mgr = new ViewManager(); if (SessionCache::isKeySet('selected_instance_network') && SessionCache::isKeySet('selected_instance_username')) { $this->addToView('selected_instance_network', SessionCache::get('selected_instance_network')); $this->addToView('selected_instance_username', SessionCache::get('selected_instance_username')); } if ($this->isLoggedIn()) { $this->addToView('logged_in_user', $this->getLoggedInUser()); } if ($this->isAdmin()) { $this->addToView('user_is_admin', true); } $THINKUP_VERSION = $config->getValue('THINKUP_VERSION'); $this->addToView('thinkup_version', $THINKUP_VERSION); } catch (Exception $e) { Loader::definePathConstants(); //echo 'sending this to Smarty:'.THINKUP_WEBAPP_PATH.'data/'; $cfg_array = array('site_root_path' => Utils::getSiteRootPathFromFileSystem(), 'source_root_path' => THINKUP_ROOT_PATH, 'datadir_path' => THINKUP_WEBAPP_PATH . 'data/', 'debug' => false, 'app_title_prefix' => "", 'cache_pages' => false); $this->view_mgr = new ViewManager($cfg_array); } }
/** * Returns a CSRF token that should be used whith _GETs and _POSTs requests. * @return str CSRF token */ public static function getCSRFToken() { if (self::isLoggedIn()) { return SessionCache::get('csrf_token'); } else { return null; } }
/** * Constructs ThinkUpController * * Adds email address of currently logged in ThinkUp user, '' if not logged in, to view * {$logged_in_user} * @return ThinkUpController */ public function __construct($session_started = false) { try { $config = Config::getInstance(); $this->profiler_enabled = Profiler::isEnabled(); if ($this->profiler_enabled) { $this->start_time = microtime(true); } if ($config->getValue('timezone')) { date_default_timezone_set($config->getValue('timezone')); } if (!$session_started) { SessionCache::init(); } $this->view_mgr = new ViewManager(); if (SessionCache::isKeySet('selected_instance_network') && SessionCache::isKeySet('selected_instance_username')) { $this->addToView('selected_instance_network', SessionCache::get('selected_instance_network')); $this->addToView('selected_instance_username', SessionCache::get('selected_instance_username')); } if ($this->isLoggedIn()) { $this->addToView('logged_in_user', $this->getLoggedInUser()); } if ($this->isAdmin()) { $this->addToView('user_is_admin', true); } $THINKUP_VERSION = $config->getValue('THINKUP_VERSION'); $this->addToView('thinkup_version', $THINKUP_VERSION); if (Utils::isThinkUpLLC()) { $thinkupllc_endpoint = $config->getValue('thinkupllc_endpoint'); $this->addToView('thinkupllc_endpoint', $thinkupllc_endpoint); } if (SessionCache::isKeySet('selected_instance_network') && SessionCache::isKeySet('selected_instance_username')) { $this->addToView('selected_instance_network', SessionCache::get('selected_instance_network')); $this->addToView('selected_instance_username', SessionCache::get('selected_instance_username')); } } catch (Exception $e) { Loader::definePathConstants(); //echo 'sending this to Smarty:'.THINKUP_WEBAPP_PATH.'data/'; $cfg_array = array('site_root_path' => Utils::getSiteRootPathFromFileSystem(), 'source_root_path' => THINKUP_ROOT_PATH, 'datadir_path' => THINKUP_WEBAPP_PATH . 'data/', 'debug' => false, 'app_title_prefix' => "", 'cache_pages' => false); $this->view_mgr = new ViewManager($cfg_array); $this->setErrorTemplateState(); $this->addToView('error_type', get_class($e)); $disable_xss = false; // if we are an installer exception, don't filter XSS, we have markup, and we trust this content if (get_class($e) == 'InstallerException') { $disable_xss = true; } $this->addErrorMessage($e->getMessage(), null, $disable_xss); } }
public function authControl() { $msg = ""; if (!$this->is_missing_param) { $request_token = $_GET['oauth_token']; $request_token_secret = SessionCache::get('oauth_request_token_secret'); // get oauth values $plugin_option_dao = DAOFactory::GetDAO('PluginOptionDAO'); $options = $plugin_option_dao->getOptionsHash('twitter', true); //get cached $to = new TwitterOAuth($options['oauth_consumer_key']->option_value, $options['oauth_consumer_secret']->option_value, $request_token, $request_token_secret); $tok = $to->getAccessToken(); if (isset($tok['oauth_token']) && isset($tok['oauth_token_secret'])) { $api = new TwitterAPIAccessorOAuth($tok['oauth_token'], $tok['oauth_token_secret'], $options['oauth_consumer_key']->option_value, $options['oauth_consumer_secret']->option_value, $options['num_twitter_errors']->option_value, $options['max_api_calls_per_crawl']->option_value, false); $u = $api->verifyCredentials(); //echo "User ID: ". $u['user_id']; //echo "User name: ". $u['user_name']; $twitter_id = $u['user_id']; $tu = $u['user_name']; $od = DAOFactory::getDAO('OwnerDAO'); $owner = $od->getByEmail($this->getLoggedInUser()); if ($twitter_id > 0) { $msg = "<h2 class=\"subhead\">Twitter authentication successful!</h2>"; $instance_dao = DAOFactory::getDAO('TwitterInstanceDAO'); $i = $instance_dao->getByUsername($tu); $owner_instance_dao = DAOFactory::getDAO('OwnerInstanceDAO'); if (isset($i)) { $msg .= "Instance already exists.<br />"; $oi = $oid->get($owner->id, $i->id); if ($oi != null) { $msg .= "Owner already has this instance, no insert required.<br />"; if ($oid->updateTokens($owner->id, $i->id, $tok['oauth_token'], $tok['oauth_token_secret'])) { $msg .= "OAuth Tokens updated."; } else { $msg .= "OAuth Tokens NOT updated."; } } else { if ($owner_instance_dao->insert($owner->id, $i->id, $tok['oauth_token'], $tok['oauth_token_secret'])) { $msg .= "Added owner instance.<br />"; } else { $msg .= "PROBLEM Did not add owner instance.<br />"; } } } else { $msg .= "Instance does not exist.<br />"; $instance_dao->insert($twitter_id, $tu); $msg .= "Created instance.<br />"; $i = $instance_dao->getByUsername($tu); if ($owner_instance_dao->insert($owner->id, $i->id, $tok['oauth_token'], $tok['oauth_token_secret'])) { $msg .= "Created an owner instance.<br />"; } else { $msg .= "Did NOT create an owner instance.<br />"; } } } } else { $msg = "PROBLEM! Twitter authorization did not complete successfully. Check if your account already " . " exists. If not, please try again."; } $this->view_mgr->clear_all_cache(); $config = Config::getInstance(); $msg .= '<br /><br /><a href="' . $config->getValue('site_root_path') . 'account/index.php?p=twitter" class="tt-button ui-state-default tt-button-icon-left ui-corner-all"><span class="ui-icon ui-icon-circle-arrow-e"></span>Back to your account</a>'; $this->addInfoMessage($msg); } return $this->generateView(); }
/** * Process actions based on $_GET parameters. Authorize FB user or add FB page. * @param arr $options Facebook plugin options * @param Facebook $facebook Facebook object */ protected function processPageActions($options, Facebook $facebook) { //authorize user if (isset($_GET["code"]) && isset($_GET["state"])) { //validate state to avoid CSRF attacks if ($_GET["state"] == SessionCache::get('facebook_auth_csrf')) { //Prepare API request //First, prep redirect URI $config = Config::getInstance(); $site_root_path = $config->getValue('site_root_path'); $redirect_uri = urlencode(sprintf('%s://%s%s%s', !empty($_SERVER['HTTPS']) ? 'https' : 'http', empty($_SERVER['SERVER_NAME']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'], $site_root_path, 'account/?p=facebook')); //Build API request URL $api_req = 'https://graph.facebook.com/oauth/access_token?client_id=' . $options['facebook_app_id']->option_value . '&client_secret=' . $options['facebook_api_secret']->option_value . '&redirect_uri=' . $redirect_uri . '&state=' . SessionCache::get('facebook_auth_csrf') . '&code=' . $_GET["code"]; $access_token_response = FacebookGraphAPIAccessor::rawApiRequest($api_req, false); parse_str($access_token_response); if (isset($access_token)) { $facebook->setAccessToken($access_token); $fb_user_profile = $facebook->api('/me'); $fb_username = $fb_user_profile['name']; $fb_user_id = $fb_user_profile['id']; $this->addSuccessMessage($this->saveAccessToken($fb_user_id, $access_token, $fb_username), 'authorization'); } else { $error_msg = "Problem authorizing your Facebook account! Please correct your plugin settings."; $error_object = json_decode($access_token_response); if (isset($error_object) && isset($error_object->error->type) && isset($error_object->error->message)) { $error_msg = $error_msg . "<br>Facebook says: \"" . $error_object->error->type . ": " . $error_object->error->message . "\""; } else { $error_msg = $error_msg . "<br>Facebook's response: \"" . $access_token_response . "\""; } $this->addErrorMessage($error_msg, 'authorization'); } } else { $this->addErrorMessage("Could not authenticate Facebook account due to invalid CSRF token.", 'authorization'); } } //insert pages if (isset($_GET["action"]) && $_GET["action"] == "add page" && isset($_GET["facebook_page_id"]) && isset($_GET["viewer_id"]) && isset($_GET["owner_id"]) && isset($_GET["instance_id"])) { //get access token $oid = DAOFactory::getDAO('OwnerInstanceDAO'); $tokens = $oid->getOAuthTokens($_GET["instance_id"]); $access_token = $tokens['oauth_access_token']; $page_data = FacebookGraphAPIAccessor::apiRequest('/' . $_GET["facebook_page_id"], $access_token); self::insertPage($page_data->id, $_GET["viewer_id"], $_GET["instance_id"], $page_data->name, $page_data->picture); } }
/** * Gets option data from session using namespace as a key * @param $namespace * @retrun $array Hash of option data */ public function getSessionData($namespace) { $key = 'options_data:' . $namespace; if (SessionCache::isKeySet($key)) { return SessionCache::get($key); } else { return null; } }
/** * Process actions based on $_GET parameters. Authorize FB user or add FB page. * @param arr $options Facebook plugin options */ protected function processPageActions($options) { //authorize user if (isset($_GET["code"]) && isset($_GET["state"])) { //validate state to avoid CSRF attacks if ($_GET["state"] == SessionCache::get('facebook_auth_csrf')) { //Prepare API request //First, prep redirect URI $redirect_uri = Utils::getApplicationURL() . 'account/?p=facebook'; //Build API request URL $api_req = 'oauth/access_token'; $api_req_params = array('client_id' => $options['facebook_app_id']->option_value, 'client_secret' => $options['facebook_api_secret']->option_value, 'redirect_uri' => $redirect_uri, 'state' => SessionCache::get('facebook_auth_csrf'), 'code' => $_GET["code"]); $access_token_response = FacebookGraphAPIAccessor::apiRequest($api_req, null, $api_req_params, null); //DEBUG // Logger::getInstance()->logInfo("Access token response: " // .Utils::varDumpToString($access_token_response), __METHOD__.','.__LINE__); if (isset($access_token_response->error)) { $this->addErrorMessage("There was a problem. Facebook says: " . $access_token_response->error->message . " Please try again.", 'user_add'); $logger->logInfo("Added error message ", __METHOD__ . ',' . __LINE__); return; } $access_token = $access_token_response->access_token; if (isset($access_token)) { /** * Swap in short-term token for long-lived token as per * https://developers.facebook.com/docs/facebook-login/access-tokens/#extending */ $api_req = 'oauth/access_token'; $api_req_params = array('grant_type' => 'fb_exchange_token', 'client_id' => $options['facebook_app_id']->option_value, 'client_secret' => $options['facebook_api_secret']->option_value, 'fb_exchange_token' => $access_token); $access_token_response = FacebookGraphAPIAccessor::apiRequest($api_req, null, $api_req_params); // DEBUG // Logger::getInstance()->logInfo("Exchanged access token response: " // .Utils::varDumpToString($access_token_response), __METHOD__.','.__LINE__); $access_token = $access_token_response->access_token; $fb_user_profile = FacebookGraphAPIAccessor::apiRequest('me', $access_token, 'name,id'); //DEBUG // Logger::getInstance()->logInfo("FB user profile: ".Utils::varDumpToString($fb_user_profile), // __METHOD__.','.__LINE__); if (isset($fb_user_profile->error)) { $error_msg = "Problem authorizing your Facebook account!"; $error_object = $access_token_response; if (isset($error_object) && isset($error_object->error->type) && isset($error_object->error->message)) { $error_msg = $error_msg . "<br>Facebook says: \"" . $error_object->error->type . ": " . $error_object->error->message . "\""; } else { $error_msg = $error_msg . "<br>Facebook's response: \"" . $access_token_response . "\""; } $this->addErrorMessage($error_msg, 'user_add', true); } else { $fb_username = isset($fb_user_profile->name) ? $fb_user_profile->name : ''; $fb_user_id = isset($fb_user_profile->id) ? $fb_user_profile->id : ''; if (empty($fb_username)) { $error = 'Sorry, ThinkUp does not support business accounts.'; $this->addErrorMessage($error, 'user_add'); } else { $this->saveAccessToken($fb_user_id, $access_token, $fb_username); } } } else { $error_msg = "Problem authorizing your Facebook account! Please correct your plugin settings."; $error_object = $access_token_response; if (isset($error_object) && isset($error_object->error->type) && isset($error_object->error->message)) { $error_msg = $error_msg . "<br>Facebook says: \"" . $error_object->error->type . ": " . $error_object->error->message . "\""; } else { $error_msg = $error_msg . "<br>Facebook's response: \"" . $access_token_response . "\""; } $this->addErrorMessage($error_msg, 'user_add', true); } } else { $this->addErrorMessage("Could not authenticate Facebook account due to invalid CSRF token.", 'user_add'); } } }
/** * Sets/deletes in the session to let us know we needed to run the Snowflake migration. * @param bool $delete Delete the session if true * @param mixed $value Session value, defaults to false * @return mixed Boolean true if successful, else contents of session key */ public function setSnowflakeSession($value = false, $delete = false) { $key = 'runnig_snowflake_uprade'; if ($delete) { if (SessionCache::isKeySet($key)) { SessionCache::unsetKey($key); return true; } } else { if ($value) { SessionCache::put($key, $value); return true; } else { if (SessionCache::isKeySet($key)) { return SessionCache::get($key); } else { return false; } } } return false; }
/** * Constructs ThinkUpController * * Adds email address of currently logged in ThinkUp user, '' if not logged in, to view * {$logged_in_user} * @return ThinkUpController */ public function __construct($session_started = false) { if (!$session_started) { session_start(); } try { $config = Config::getInstance(); $this->profiler_enabled = Profiler::isEnabled(); if ($this->profiler_enabled) { $this->start_time = microtime(true); } $this->view_mgr = new SmartyThinkUp(); if ($this->isLoggedIn()) { $this->addToView('logged_in_user', $this->getLoggedInUser()); } if ($this->isAdmin()) { $this->addToView('user_is_admin', true); } $THINKUP_VERSION = $config->getValue('THINKUP_VERSION'); $this->addToView('thinkup_version', $THINKUP_VERSION); if (SessionCache::isKeySet('selected_instance_network') && SessionCache::isKeySet('selected_instance_username')) { $this->addToView('selected_instance_network', SessionCache::get('selected_instance_network')); $this->addToView('selected_instance_username', SessionCache::get('selected_instance_username')); $this->addToView('logo_link', '?u=' . urlencode(SessionCache::get('selected_instance_username')) . '&n=' . urlencode(SessionCache::get('selected_instance_network'))); } } catch (Exception $e) { Utils::defineConstants(); $cfg_array = array('site_root_path' => THINKUP_BASE_URL, 'source_root_path' => THINKUP_ROOT_PATH, 'debug' => false, 'app_title' => "ThinkUp", 'cache_pages' => false); $this->view_mgr = new SmartyThinkUp($cfg_array); } }