private function _authenticate() { $session = new SessionHelper(); $formval = new FormHelper(); // Captcha include_once BASE_URI . 'app/vendor/securimage/securimage.php'; $securimage = new Securimage(); if ($securimage->check($formval->testInput($_POST['captcha_code'])) == false) { $session->setMessage('Verification code was incorrect, please try again', 3); return false; } $username = $formval->testInput($_POST['username']); $password = $formval->testInput($_POST['password']); $usermodel = new UserModel(); if ($usermodel->authenticateUser($username, $password)) { return true; } else { $session->setMessage('Username / password incorrect or acount inactive', 3); return false; } }
public function disableUser($userid) { $session = new SessionHelper(); $db = DbModel::getInstance(); $sql_disable = 'UPDATE users SET disabled = :disable WHERE id = :id'; $sql_setinactive = 'UPDATE users SET is_active = :is_active WHERE id = :id'; $db->beginTransaction(); $db->query($sql_disable); $db->bind(':disable', 1); $db->bind(':id', $userid); $db->execute(); if (!$db->rowCount()) { $db->cancelTransaction(); $session->setMessage("Can't disable user", 3); return false; } else { $db->query($sql_setinactive); $db->bind(':is_active', 0); $db->bind(':id', $userid); $db->execute(); if (!$db->rowCount()) { $db->cancelTransaction(); $session->setMessage('User is inactive, please set active first.', 2); return false; } else { $db->endTransaction(); $session->setMessage("User is disabled and can't login anymore.", 4); return true; } } }
public function deleteTopPost() { $postid = htmlspecialchars($_GET['id']); $session = new SessionHelper(); $user = new User(); $post = new Post($postid); $postmodel = new PostModel(); $categorymodel = new CategoryModel(); $category = new Category($post->category_id); // Only an admin or the moderator of this category may delete a toppost if ($user->role == 1 || $user->id == $category->moderator_id) { // This method will remove child posts (replies) as well if ($postmodel->deleteTopPost($postid)) { $session->setMessage('Post removed', 4); redirectTo('index.php?c=user&a=viewdashboard'); } else { $session->setMessage('Post not removed', 3); redirectTo('index.php?c=user&a=viewdashboard'); } } else { $session->setMessage('You are not an admin or you are not the moderator of this category', 2); redirectTo('index.php?c=user&a=viewdashboard'); } }
public function deleteCategory() { $session = new SessionHelper(); $categoryid = htmlspecialchars($_GET['id']); $user = new User(); $category = new Category($categoryid); $categorymodel = new CategoryModel(); // Only an admin or moderator of this category may delete a category if ($user->role == 1 || $user->id == $category->moderator_id) { if ($categorymodel->deleteCategory($categoryid)) { $session->setMessage('Category (and all posts) removed', 4); redirectTo('index.php?c=user&a=viewallcategories'); } else { $session->setMessage('Category not removed', 3); redirectTo('index.php?c=user&a=viewallcategories'); } } else { $session->setMessage('You are not an admin or the moderator of this category.', 3); redirectTo('index.php?c=user&a=viewallcategories'); } }