private static function setStatic($username) { $user = User::findUserByUsername($username); //the above function returns an instance of the user object self::$username = $user->attributes['username']; self::$password = $user->attributes['password']; }
public function run() { $msg = ''; if (!empty($_POST['submit'])) { if (!empty($_POST['password'])) { $user = new User(); if ($user->findUserByUsername($_POST['username'])) { if ($user->getForgot_hash() == $_REQUEST['token']) { $password = '******' . Utils::encryptPassword($_POST['password']); $user->setPassword($password)->setForgot_hash(md5(uniqid()))->save(); Utils::sendTemplateEmail($_POST['username'], 'changed_pass', array('app_name' => APP_NAME)); Utils::redirect('./'); } } else { $msg = 'The link to reset your password has expired or is invalid. <a href="./forgot">Please try again.</a>'; } } else { $msg = "Please enter a password!"; } } if (empty($_REQUEST['token'])) { // no required information specified, redirect user $this->view = null; Utils::redirect('./'); } $this->write('msg', $msg); $this->write('un', isset($_REQUEST['un']) ? base64_decode($_REQUEST['un']) : ""); $this->write('token', $_REQUEST['token']); parent::run(); }
function insertPost($dbc) { //Setting username (currently hard coded, will use SESSION variable later) $username = "******"; $user = User::findUserByUsername($username); var_dump($user); $userid = $user->userid; $errors = []; try { $title = Input::getString('title'); } catch (Exception $e) { array_push($errors, $e->getMessage()); } try { $description = Input::getString('description'); } catch (Exception $e) { array_push($errors, $e->getMessage()); } try { $location = Input::getString('location'); } catch (Exception $e) { array_push($errors, $e->getMessage()); } try { $email = Input::getString('email'); } catch (Exception $e) { array_push($errors, $e->getMessage()); } try { $price = Input::getString('price'); } catch (Exception $e) { array_push($errors, $e->getMessage()); } if (Input::has('title')) { if ($_FILES) { // Create variable for the uploads direc for images in our server $uploads_directory = 'img/uploads/'; $filename = $uploads_directory . basename($_FILES['image']['name']); if (move_uploaded_file($_FILES['image']['tmp_name'], $filename)) { // echo '<p>The file '. basename( $_FILES['image']['name']). ' has been uploaded.</p>'; } else { //alert("Sorry, there was an error uploading your file."); } } } $date = date('Y-m-d'); $insert_table = "INSERT INTO posts (userid, post_date, title, price, description, email, location, image) VALUES (:userid, :post_date, :title, :price, :description, :email, :location, :image)"; $stmt = $dbc->prepare($insert_table); $stmt->bindValue(':userid', $userid, PDO::PARAM_STR); $stmt->bindValue(':post_date', $date, PDO::PARAM_STR); $stmt->bindValue(':title', $title, PDO::PARAM_STR); $stmt->bindValue(':price', $price, PDO::PARAM_STR); $stmt->bindValue(':description', $description, PDO::PARAM_STR); $stmt->bindValue(':email', $email, PDO::PARAM_STR); $stmt->bindValue(':location', $location, PDO::PARAM_STR); $stmt->bindValue(':image', $filename, PDO::PARAM_STR); $stmt->execute(); return $errors; }
public static function attempt($username, $password) { $user = User::findUserByUsername($username); if (password_verify($password, $user->password)) { $_SESSION['LOGGED_IN_USER'] = $username; return true; } return false; }
function pageController() { session_start(); if (!Auth::check()) { header('Location: /auth/login'); exit; } $username = Auth::user(); $user = User::findUserByUsername($username); $user_id = $user->attributes['id']; $ads_list = Ad::findByUserId($user_id); return array('username' => $username, 'ads_list' => $ads_list); }
public static function attempt($username, $password) { $log = new Log(); $user = User::findUserByUsername($username); if ($username == $user->username && password_verify($password, $user->password)) { $_SESSION['LOGGED_IN_USER'] = $username; $log->info("{$username} logged in successfully"); return true; } else { $log->error("{$username} failed to login"); return false; } }
public function run() { $msg = ""; $to = 1; $user = new User(); if (isset($_REQUEST['str'])) { $email = mysql_real_escape_string(base64_decode($_REQUEST['str'])); $confirm_string = substr($_REQUEST['cs'], 0, 10); // verify the email belongs to a user if ($user->findUserByUsername($email) && substr($user->getConfirm_string(), 0, 10) == $confirm_string) { $sql = "\n UPDATE " . USERS . "\n SET\n confirm_string = '',\n confirm = 1,\n is_active = 1\n WHERE username = '******'"; mysql_query($sql); // send welcome email Utils::sendTemplateEmail($user->getUsername(), 'welcome', array('nickname' => $user->getNickname()), 'Worklist <*****@*****.**>'); User::login($user, false); //Optionally can login with confirm URL $jumbotron = "\n <h2>Welcome to Worklist!</h2>\n <p>\n Click on a job and add your bid, or come join us in our \n <a href='https://gitter.im/highfidelity/worklist' target='_blank'>public chat room</a>.\n Questions? Check out the <a href='./help'>help tab</a>.\n </p>"; } else { Utils::redirect('./'); } } elseif (isset($_REQUEST['ppstr'])) { // paypal address confirmation $paypal_email = mysql_real_escape_string(base64_decode($_REQUEST['ppstr'])); $hash = mysql_real_escape_string($_REQUEST['pp']); // verify the email belongs to a user if (!$user->findUserByPPUsername($paypal_email, $hash)) { // hacking attempt, or some other error Utils::redirect('./'); } else { $user->setPaypal_verified(true); $user->setPaypal_hash(''); $user->save(); $jumbotron = "\n <h2>Thank you for confirming your Paypal address.</h2>\n <p>You can now bid on items in the Worklist!</p>"; } } elseif (isset($_REQUEST['emstr'])) { // new email address confirmation $new_email = mysql_real_escape_string(base64_decode($_REQUEST['emstr'])); if (!$user->findUserByUsername($_SESSION['username'])) { Utils::redirect('login'); //we are not logged in } //save new email $user->setUsername($new_email); $user->save(); $_SESSION['username'] = $new_email; $jumbotron = "<h2>Thank you for confirming your changed email address.</h2>"; } $jobs = new JobController(); $jobs->view->jumbotron = $jumbotron; $jobs->listView(); }
function pageController() { session_start(); if (!Auth::check()) { header('Location: /auth/login'); exit; } $username = Auth::user(); $user = User::findUserByUsername($username); $adid = Input::get('id'); $ad = Ad::find($adid); $item_name = $ad->attributes['item_name']; $price = $ad->attributes['price']; $description = $ad->attributes['description']; $image_path = $ad->attributes['image_path']; $contact = $ad->attributes['contact']; $errors = array(); if (!empty($_POST)) { if (Input::notEmpty('item_name')) { $item_name = ValidateAd::getItemName(); } if (Input::notEmpty('price')) { $price = ValidateAd::getPrice(); } if (Input::notEmpty('description')) { $description = ValidateAd::getDescription(); } if (Input::notEmpty('contact')) { $contact = ValidateAd::getContact(); } $errors = ValidateAd::getErrors(); if (empty($errors)) { $ad->attributes['item_name'] = $item_name; $ad->attributes['price'] = $price; $ad->attributes['description'] = $description; $ad->attributes['contact'] = $contact; $ad->attributes['image_path'] = $image_path; $ad->save(); } if (!Input::notEmpty('delete-id')) { //if the form has been submitted Ad::delete($ad->attributes['id']); header("Location: /ads"); die; //delete the specific ad - going to need to somehow tie in the ad id to the delete buttn for that specific id } } return array('ad' => $ad, 'username' => $username, 'item_name' => $item_name, 'price' => $price, 'description' => $description, 'image_path' => $image_path, 'contact' => $contact); }
public function run() { // @TODO: We extra the request but it seems we then don't use it? extract($_REQUEST); $msg = ''; if (!empty($_POST['username'])) { $token = md5(uniqid()); $user = new User(); if ($user->findUserByUsername($_POST['username'])) { $user->setForgot_hash($token); $user->save(); $resetUrl = SECURE_SERVER_URL . 'resetpass?un=' . base64_encode($_POST['username']) . '&token=' . $token; $resetUrl = '<a href="' . $resetUrl . '" title="Password Recovery">' . $resetUrl . '</a>'; Utils::sendTemplateEmail($_POST['username'], 'recovery', array('url' => $resetUrl)); $msg = '<p class="LV_valid">Login information will be sent if the email address ' . $_POST['username'] . ' is registered.</p>'; } else { $msg = '<p class="LV_invalid">Sorry, unable to send password reset information. Try again or contact an administrator.</p>'; } } $this->write('msg', $msg); parent::run(); }
function pageController() { session_start(); if (!Auth::check()) { header('Location: /auth/login'); exit; } $username = Auth::user(); $user = User::findUserByUsername($username); $email = $user->attributes['email']; $password = $user->attributes['password']; $errors = array(); if (!empty($_POST)) { if (Input::notEmpty('email')) { $email = ValidateUser::getEmail(); } if (Input::notEmpty('password')) { $password = ValidateUser::getPassword(); } if (Input::notEmpty('passwordmatch')) { $passwordmatch = ValidateUser::getPasswordMatch(); } if (Input::notEmpty('passwordmatch') && Input::notEmpty('password')) { ValidateUser::getCheckMatch($password, $passwordmatch); } $errors = ValidateUser::getErrors(); if (empty($errors)) { $user->attributes['username'] = $username; $user->attributes['email'] = $email; $user->attributes['password'] = $password; $user->save(); header('Location: /users'); exit; } } return array('username' => $username, 'email' => $email, 'password' => $password); }
function pageController() { session_start(); if (!Input::has('id')) { header('Location: /ads'); exit; } if (Auth::check()) { $username = Auth::user(); $user = User::findUserByUsername($username); $userid = $user->attributes['id']; } else { $userid = null; } $adid = Input::get('id'); $ad = Ad::find($adid); $aduserid = $ad->attributes['user_id']; $item_name = $ad->attributes['item_name']; $price = $ad->attributes['price']; $description = $ad->attributes['description']; $image_path = $ad->attributes['image_path']; $contact = $ad->attributes['contact']; return array('adid' => $adid, 'userid' => $userid, 'aduserid' => $aduserid, 'item_name' => $item_name, 'price' => $price, 'description' => $description, 'image_path' => $image_path, 'contact' => $contact); }
/** * Post-AuthView process: create new accounts for new users */ public function signup() { global $countrylist; $this->view = null; $success = false; $msg = ''; try { $access_token = isset($_POST["access_token"]) ? trim($_POST["access_token"]) : ""; $country = isset($_POST["country"]) ? trim($_POST["country"]) : ""; $username = isset($_POST["username"]) ? trim($_POST["username"]) : ""; $password = isset($_POST["password"]) ? $_POST["password"] : ""; $pass2 = isset($_POST["password2"]) ? $_POST["password2"] : ""; $usernameTestUser = new User(); $tokenTestUser = new User(); $usernameTestUser->findUserByUsername($username); $tokenTestUser->findUserByAuthToken($access_token); if (empty($access_token)) { throw new Exception("Access token not provided."); } else { if (empty($country) || !array_key_exists($country, $countrylist)) { throw new Exception("Invalid country." . $country); } else { if (empty($username) || !filter_var($username, FILTER_VALIDATE_EMAIL)) { throw new Exception("Invalid username."); } else { if (empty($password) || $password != $pass2) { throw new Exception("Invalid passwords."); } else { if ($usernameTestUser->getId()) { throw new Exception("Username already taken."); } else { if ($tokenTestUser->getId()) { throw new Exception("Access token already in use."); } } } } } } $this->access_token = $access_token; $gh_user = $this->apiRequest(GITHUB_API_URL . 'user'); if (!$gh_user) { throw new Exception("Unable to read user credentials from github."); } $nicknameTestUser = new User(); $nickname = $gh_user->login; if ($nicknameTestUser->findUserByNickname($nickname)) { $nickname = preg_replace('/[^a-zA-Z0-9]/', '', $gh_user->name); } while ($nicknameTestUser->findUserByNickname($nickname)) { $rand = mt_rand(1, 99999); $nickname = $gh_user->login . $rand; if ($nicknameTestUser->findUserByNickname($nickname)) { $nickname = preg_replace('/[^a-zA-Z0-9]/', '', $gh_user->name) . $rand; } } $user = User::signup($username, $nickname, $password, $access_token, $country); $success = true; $this->sync($user, $gh_user); // Email user $subject = "Registration"; $link = SECURE_SERVER_URL . "confirmation?cs=" . $user->getConfirm_string() . "&str=" . base64_encode($user->getUsername()); $body = '<p>' . $user->getNickname() . ': </p>' . '<p>You are one click away from an account on Worklist:</p>' . '<p><a href="' . $link . '">Click to verify your email address</a> and activate your account.</p>' . '<p>Welcome aboard, <br /> Worklist / High Fidelity</p>'; $plain = $user->getNickname() . "\n\n" . "You are one click away from an account on Worklist: \n\n" . 'Click/copy following URL to verify your email address activate your account:' . $link . "\n\n" . "Welcome aboard, \n Worklist / High Fidelity\n"; $msg = "An email containing a confirmation link was sent to your email address. " . "Please click on that link to verify your email address and activate your account."; if (!Utils::send_email($user->getUsername(), $subject, $body, $plain)) { error_log("SignupController: Utils::send_email failed"); $msg = 'There was an issue sending email. Please try again or notify admin@lovemachineinc.com'; } } catch (Exception $e) { $msg = $e->getMessage(); } echo json_encode(array('success' => $success, 'msg' => $msg)); }
function pageController() { session_start(); if (!Auth::check()) { header('Location: /auth/login'); exit; } $username = Auth::user(); $user = User::findUserByUsername($username); $errors = array(); if (!empty($_POST)) { $item_name = ValidateAd::getItemName(); $price = ValidateAd::getPrice(); $description = ValidateAd::getDescription(); $contact = ValidateAd::getContact(); $errors = ValidateAd::getErrors(); $finfo = new finfo(FILEINFO_MIME_TYPE); try { $ext = array_search($finfo->file($_FILES['image']['tmp_name']), array('jpg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif'), true); if (false === $ext) { throw new RuntimeException('Invalid file format.'); } } catch (RunTimeException $e) { $error = $e->getMessage(); array_push($errors, $error); } $target = "public/upload_images"; if (Input::notEmpty('item_name') && Input::notEmpty('price') && Input::notEmpty('description') && Input::notEmpty('contact')) { if (empty($errors)) { if (array_key_exists('image', $_FILES)) { if ($_FILES["image"]["error"] == UPLOAD_ERR_OK) { $tmp_name = $_FILES["image"]["tmp_name"]; $name = $_FILES["image"]["name"]; try { if ($name != "jpg" && $name != "png" && $name != "jpeg" && $name != "gif") { throw new RuntimeException('Invalid file format.'); } } catch (RunTimeException $e) { $error = $e->getMessage(); array_push($errors, $error); } move_uploaded_file($tmp_name, "{$target}/{$name}"); } } else { } $ad = new Ad(); $ad->item_name = $item_name; $ad->price = $price; $ad->description = $description; $ad->contact = $contact; $ad->user_id = $user->attributes['id']; $ad->image_path = "{$target}/{$name}"; $ad->save(); // redirect from add to the users profile so they can see what they added header('Location: /users'); exit; } } } return array('username' => $username, 'errors' => $errors); }
$stmt->bindValue(':location', $location, PDO::PARAM_STR); $stmt->bindValue(':image', $filename, PDO::PARAM_STR); $stmt->execute(); return $errors; } if (!empty($_POST)) { if (checkValues()) { $errors = insertPost($dbc); } else { $message = "Invalid format. Please try again."; $javascript = "<script type='text/javascript'>alert('{$message}');</script>"; echo $javascript; } } $loggedInUser = $_SESSION['tempuser']; $user = User::findUserByUsername($loggedInUser); ?> <!DOCTYPE html> <html> <head> <title>Handel</title> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- BOOTSTRAP CSS --> <link href="css/bootstrap.min.css" rel="stylesheet"> <!-- CUSTOM CSS --> <link rel="stylesheet" type="text/css" href="../css/main.css"> <!-- TITLE IMG --> <!-- <link rel="shortcut icon" href="img/mole.png"> -->