/**
  * Run method with main page logic
  * 
  * Populate template and display confirmation for profile deletion. For POST requests,
  * check user credentials, check if profile exists and then delete entry from database.
  * Available to admins only
  * @access public
  */
 public function run()
 {
     $session = Session::getInstance();
     $user = $session->getUser();
     if ($user == null || !$user->isAdmin()) {
         $session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR);
         header("Location: " . BASE_URL);
         return;
     }
     $userDAO = UserDAO::getInstance();
     $delete_user = null;
     $form_errors = array();
     $form_values = array("id" => "");
     if (!empty($_POST)) {
         $id = isset($_POST["id"]) ? trim($_POST["id"]) : "";
         if (empty($id)) {
             header("Location: " . BASE_URL);
             return;
         } else {
             if (is_numeric($id)) {
                 $delete_user = $userDAO->load($id);
                 if ($delete_user) {
                     if ($userDAO->delete($delete_user)) {
                         $session->setMessage("User deleted");
                         header("Location: " . BASE_URL);
                         return;
                     } else {
                         $session->setMessage("Could not delete user", Session::MESSAGE_ERROR);
                     }
                 }
             }
         }
     } else {
         if (!empty($_GET)) {
             $id = isset($_GET["id"]) ? trim($_GET["id"]) : "";
             if (empty($id)) {
                 header("Location: " . BASE_URL);
                 return;
             } else {
                 if (is_numeric($id)) {
                     $delete_user = $userDAO->load($id);
                     if ($delete_user) {
                         $form_values["id"] = $delete_user->getId();
                     }
                 }
             }
         } else {
             header("Location: " . BASE_URL);
             return;
         }
     }
     $this->template->render(array("title" => "Delete Profile", "main_page" => "delete_profile_tpl.php", "user" => $user, "session" => $session, "delete_user" => $delete_user, "form_errors" => $form_errors, "form_values" => $form_values));
 }
示例#2
0
 /**
  * Run method with main page logic
  * 
  * Populate template and display login form. For POST requests,
  * check if a user exists with the specified password, and enter user id into session if login is valid.
  * @access public
  */
 public function run()
 {
     $form_errors = array();
     $form_values = array("username" => "", "password" => "");
     $session = Session::getInstance();
     $user = $session->getUser();
     if ($user != null) {
         $session->setMessage("You are already logged in", Session::MESSAGE_ERROR);
         header("Location: " . BASE_URL);
         return;
     }
     // Check if form data is being passed
     if (!empty($_POST)) {
         $form_values["username"] = isset($_POST["username"]) ? trim($_POST["username"]) : "";
         $form_values["password"] = isset($_POST["password"]) ? trim($_POST["password"]) : "";
         $password = sha1($form_values["password"]);
         if (empty($form_values["username"])) {
             $form_errors["username"] = "******";
         }
         if (empty($form_values["password"])) {
             $form_errors["password"] = "******";
         }
         if (empty($form_errors["username"])) {
             $userDAO = UserDAO::getInstance();
             $user = $userDAO->loadByUsername($form_values["username"]);
             if ($user && $user->getStatus() == User::STATUS_OK) {
                 if (strcmp($user->getPasshash(), $password) != 0) {
                     $form_errors["username"] = "******";
                 }
             } else {
                 if ($user && $user->getStatus() == User::STATUS_NEEDADMIN) {
                     $form_errors["username"] = "******";
                 } else {
                     $form_errors["username"] = "******";
                 }
             }
         }
         if (empty($form_errors)) {
             $session->setUser($user);
             $session->setMessage("Welcome, {$user->getUsername()}");
             header("Location: " . BASE_URL);
             return;
         }
     }
     $user = $session->getUser();
     $this->template->render(array("main_page" => "login_tpl.php", "title" => "Login", "user" => $user, "form_values" => $form_values, "form_errors" => $form_errors));
 }
 /**
  * Run method with main page logic
  * 
  * Populate template and read in list of users in the database. Allow filtering by online identity
  * and by the first letter of a user name. Display list in the page.
  * Available to members only
  * @access public
  */
 public function run()
 {
     $PAGINATION_LIMIT = 10;
     $session = Session::getInstance();
     $user = $session->getUser();
     if (!$user || !$user->validUser()) {
         $session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR);
         header("Location: " . BASE_URL);
         return;
     }
     $page = isset($_GET["page"]) && is_numeric($_GET["page"]) ? intval($_GET["page"]) : 1;
     if ($page < 1) {
         $page = 1;
     }
     $userDAO = UserDAO::getInstance();
     $user_array = $paginator_page = null;
     $form_values = array("identity" => "", "startswith" => "");
     $form_values["identity"] = $identity = isset($_GET["identity"]) ? trim($_GET["identity"]) : "";
     $form_values["startswith"] = isset($_GET["startswith"]) ? trim($_GET["startswith"]) : "";
     $identity_array = array("steam", "xbox", "psn", "wii");
     $queryVars = array();
     if ($identity) {
         $found = false;
         for ($i = 0; $i < count($identity_array) && !$found; $i++) {
             if (strcmp($identity, $identity_array[$i]) == 0) {
                 $paginator = new Paginator($userDAO->countIdentity($identity), $PAGINATION_LIMIT);
                 $paginator_page = $paginator->getPage($page);
                 $user_array = $userDAO->allByIdentity($identity, array("limit" => $paginator_page, "order" => "userName ASC"));
                 $found = true;
             }
         }
         $queryVars["identity"] = $form_values["identity"];
     } else {
         if (!empty($form_values["startswith"]) && preg_match("/^[a-z]/", $form_values["startswith"])) {
             $paginator = new Paginator($userDAO->countLetter($form_values["startswith"]), $PAGINATION_LIMIT);
             $paginator_page = $paginator->getPage($page);
             $user_array = $userDAO->allByLetter($form_values["startswith"], array("limit" => $paginator_page, "order" => "userName ASC"));
             $queryVars["startswith"] = $form_values["startswith"];
         } else {
             $paginator = new Paginator($userDAO->count(), $PAGINATION_LIMIT);
             $paginator_page = $paginator->getPage($page);
             $user_array = $userDAO->all(array("limit" => $paginator_page, "order" => "userName ASC"));
         }
     }
     $this->template->render(array("title" => "View Userlist", "main_page" => "user_list_tpl.php", "user_array" => $user_array, "session" => $session, "paginator_page" => $paginator_page, "form_values" => $form_values, "queryVars" => $queryVars));
 }
 /**
  * Run method with main page logic
  * 
  * Read in the specified profile from the database. Check if the current visitor is a valid user
  * and redirect if the user is not. If the user is valid,
  * populate template and display profile details in the page. Available to members only
  * @access public
  */
 public function run()
 {
     $session = Session::getInstance();
     $user = $session->getUser();
     // Check for a valid user
     if ($user == null || !$user->validUser()) {
         $session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR);
         header("Location: " . BASE_URL);
         return;
     }
     $userDAO = UserDAO::getInstance();
     $user = null;
     $title = "";
     if (!empty($_GET["id"]) && is_numeric($_GET["id"])) {
         $user_id = intval($_GET["id"]);
         $user = $userDAO->load($user_id);
         if ($user) {
             $title .= " - {$user->getUserName()}";
         }
     }
     $this->template->render(array("title" => "View Profile" . $title, "main_page" => "view_profile_tpl.php", "user" => $user, "session" => $session));
 }
示例#5
0
 /**
  * Helper method used with various public load methods. Used to load an instance of an Photo entity using the built strings of a query as specified in the caller method
  *
  * @access private
  * @param array $options (Optional) Read documentation on parseOptions for details
  * @return Photo
  */
 private function loadGeneral($options = null)
 {
     $albumDAO = AlbumDAO::getInstance();
     $userDAO = UserDAO::getInstance();
     $this->resetQueryStrings();
     $this->select_columns = array_merge($this->select_columns, $this->buildColumnArray());
     if (is_array($options)) {
         $this->parseOptions($options);
     }
     $query = "SELECT " . $this->query_select . " FROM " . $this->tableName . " " . $this->query_joins . " " . $this->query_where . " " . $this->query_order . " LIMIT 1";
     //echo $query;
     $stmt = self::$dbh->prepare($query);
     if (!empty($this->query_params)) {
         $stmt->execute($this->query_params);
     } else {
         $stmt->execute();
     }
     $result = $stmt->fetch(PDO::FETCH_NUM);
     if (!$result) {
         return null;
     }
     $photo = new Photo();
     $row = array_combine($this->select_columns, $result);
     $temp_array = $this->stripPrefixArray($row);
     $this->populateObject($photo, $temp_array);
     if ($this->joins) {
         $album = new Album();
         $temp_array = $albumDAO->stripPrefixArray($row);
         $userDAO->populateObject($album, $temp_array);
         $photo->album = $album;
         //print_r ($event);
     }
     return $photo;
 }
 /**
  * Run method with main page logic
  * 
  * Populate template and display form for registration. For POST requests, check if the user
  * already exists. If not, create new User and AuthToken entries and send an email notification to the user
  * @access public
  */
 public function run()
 {
     $form_errors = array();
     $form_values = array("username" => "", "password" => "", "password2" => "", "ulid" => "");
     $session = Session::getInstance();
     $user = $session->getUser();
     // Session should not have a defined user
     if ($user != null) {
         $session->setMessage("You are already a user", Session::MESSAGE_ERROR);
         header("Location: " . BASE_URL);
         return;
     }
     if (!empty($_POST)) {
         $form_values["username"] = isset($_POST["username"]) ? trim($_POST["username"]) : "";
         $form_values["password"] = isset($_POST["password"]) ? trim($_POST["password"]) : "";
         $form_values["password2"] = isset($_POST["password2"]) ? trim($_POST["password2"]) : "";
         $form_values["ulid"] = isset($_POST["ulid"]) ? trim($_POST["ulid"]) : "";
         if (empty($form_values["username"])) {
             $form_errors["username"] = "******";
         }
         if (empty($form_values["password"])) {
             $form_errors["password"] = "******";
         }
         if (empty($form_values["password2"])) {
             $form_errors["password"] = "******";
         }
         if (empty($form_values["ulid"])) {
             $form_errors["ulid"] = "No ulid specified";
         } else {
             if (!preg_match("/[a-z]{5,7}/", $form_values["ulid"])) {
                 $form_errors["ulid"] = "Ulid is not in the proper format.";
             }
         }
         $userDAO = UserDAO::getInstance();
         $user = $userDAO->loadByUsername($form_values["username"]);
         // User already exists
         if ($user != null) {
             $form_errors["username"] = "******";
         }
         if (strcmp($form_values["password"], $form_values["password2"]) != 0) {
             $form_errors["password"] = "******";
         }
         $user = $userDAO->loadByUlid($form_values["ulid"]);
         // User already exists
         if ($user != null) {
             $form_errors["ulid"] = "Ulid is already registered";
         }
         if (empty($form_errors)) {
             $user = new User();
             $user->setUsername($form_values["username"]);
             $user->setPassHash(sha1($form_values["password"]));
             $user->setUlid($form_values["ulid"]);
             $status = $userDAO->insert($user);
             if ($status) {
                 $token = new AuthToken();
                 $token->setUser($user);
                 $tokenDAO = AuthTokenDAO::getInstance();
                 $status = $tokenDAO->insert($token);
                 if ($status) {
                     $session->setMessage("Registration started. Check your email for a message to continue");
                     if (defined("SMTP_HOST") && strcmp(SMTP_HOST, "") != 0) {
                         $from_addr = EMAIL_ADDRESS;
                         //$to = "*****@*****.**";
                         $to = "{$form_values["ulid"]}@" . User::ISU_EMAIL_DOMAIN;
                         $subject = "Verify registration with " . SITE_NAME;
                         $body = "To start the next step of the registration process, click the verify link below and enter the requested information. If the URL does not appear as a link, copy the URL, paste it into your browser's address bar and proceed to the web page.\n\n" . joinPath(BASE_URL, "verify.php") . "?token={$token->getToken()}\n";
                         $headers = array("From" => $from_addr, "To" => $to, "Subject" => $subject);
                         $stmp = Mail::factory("smtp", array("host" => SMTP_HOST, "auth" => true, "username" => SMTP_USERNAME, "password" => SMTP_PASSWORD));
                         $mail = $stmp->send($to, $headers, $body);
                     }
                     header("Location: " . BASE_URL);
                     return;
                 }
             }
         }
     }
     $user = $session->getUser();
     $this->template->render(array("title" => "Register", "main_page" => "register_tpl.php", "user" => $user, "session" => $session, "form_errors" => $form_errors, "form_values" => $form_values));
 }
示例#7
0
 /**
  * Run method with main page logic
  * 
  * Display a form for a user to confirm his/her user identity that was previously stored in the
  * database. For POST requests, check that an AuthToken exists and that the user credentials entered in
  * the form match the credentials of the user stored in the database. If true,
  * alter the user's status to NEEDADMIN and make a session message indicating the next step in the process.
  * @access public
  */
 public function run()
 {
     $session = Session::getInstance();
     // Session should not have a defined user
     if ($session->getUser() != null) {
         $session->setMessage("You are already a user", Session::MESSAGE_ERROR);
         header("Location: " . BASE_URL);
         return;
     }
     $form_errors = array();
     $form_values = array("username" => "", "password" => "", "token" => "");
     $tokenDAO = AuthTokenDAO::getInstance();
     // Do garbage collection on token table
     //$tokenDAO->garbageCollect ();
     //return;
     // Register form
     if (!empty($_POST)) {
         $form_values["username"] = isset($_POST["username"]) ? trim($_POST["username"]) : "";
         $form_values["password"] = isset($_POST["password"]) ? trim($_POST["password"]) : "";
         $form_values["token"] = isset($_POST["token"]) ? trim($_POST["token"]) : "";
         if (empty($form_values["username"])) {
             $form_errors["username"] = "******";
         }
         if (empty($form_values["password"])) {
             $form_errors["password"] = "******";
         }
         if (empty($form_values["token"])) {
             $tokenDAO->garbageCollect();
             header("Location: " . BASE_URL);
             return;
         }
         $token = $tokenDAO->loadByToken($form_values["token"], array("joins" => true));
         // No corresponding token exists
         if ($token == null) {
             $tokenDAO->garbageCollect();
             header("Location: " . BASE_URL);
             return;
         } else {
             if ($token->getExpireTime() < time() - AuthToken::MAX_EXPIRE) {
                 $userDAO->delete($token->getUser());
                 $tokenDAO->delete($token);
                 $session->setMessage("Token has expired. Profile has been deleted");
                 $tokenDAO->garbageCollect();
                 header("Location: " . BASE_URL);
                 return;
             }
         }
         // Check password and status of pending user
         $user = $token->getUser();
         $pass_hash = sha1($form_values["password"]);
         if (strcmp($user->getUsername(), $form_values["username"]) != 0) {
             $form_errors["username"] = "******";
         } else {
             if (strcmp($user->getPasshash(), $pass_hash) != 0) {
                 $tokenDAO->garbageCollect();
                 header("Location: " . BASE_URL);
                 return;
             } else {
                 if ($user->getStatus() == User::STATUS_OK) {
                     $tokenDAO->garbageCollect();
                     header("Location: " . BASE_URL);
                     return;
                 }
             }
         }
         // Form and token are valid. Change user status
         if (empty($form_errors)) {
             $user->setStatus(User::STATUS_NEEDADMIN);
             $user->setUserType(User::REGUSER_TYPE);
             $userDAO = UserDAO::getInstance();
             if (!$userDAO->save($user)) {
                 $session->setMessage("Could not alter profile");
             } else {
                 //$session->setUser ($user);
                 $session->setMessage("Now awaiting admin approval");
                 $tokenDAO->delete($token);
             }
             $tokenDAO->garbageCollect();
             header("Location: " . BASE_URL);
             return;
         }
     } else {
         if (!empty($_GET)) {
             $token_string = isset($_GET["token"]) ? trim($_GET["token"]) : "";
             $form_values["token"] = $token_string;
             if (empty($token_string)) {
                 $tokenDAO->garbageCollect();
                 header("Location: " . BASE_URL);
                 return;
             } else {
                 $token = $tokenDAO->loadByToken($token_string, array("joins" => true));
                 // Token does not exist. Redirect
                 if ($token == null) {
                     $tokenDAO->garbageCollect();
                     header("Location: " . BASE_URL);
                     return;
                 } else {
                     if ($token->getUser()->getStatus() != User::STATUS_PENDING) {
                         $tokenDAO->garbageCollect();
                         header("Location: " . BASE_URL);
                         return;
                     } else {
                         if ($token->getExpireTime() < time() - AuthToken::MAX_EXPIRE) {
                             $userDAO->delete($token->getUser());
                             $tokenDAO->delete($token);
                             $session->setMessage("Token has expired. Profile has been deleted", Session::MESSAGE_ERROR);
                             $tokenDAO->garbageCollect();
                             header("Location: " . BASE_URL);
                             return;
                         }
                     }
                 }
             }
         } else {
             header("Location: " . BASE_URL);
             return;
         }
     }
     // Do garbage collection on token table
     $tokenDAO->garbageCollect();
     $this->template->render(array("title" => "Verify Account", "main_page" => "verify_tpl.php", "form_values" => $form_values, "form_errors" => $form_errors));
 }
示例#8
0
 /**
  * Create a Session by reading variables from the $_SESSION superglobal
  * and populate data such as a User object
  *
  * @access protected
  */
 private function createSession()
 {
     @session_start();
     if (isset($_SESSION["userId"]) && $_SESSION["userId"] != User::NULL_TYPE) {
         $userDAO = UserDAO::getInstance();
         $user = $userDAO->load($_SESSION["userId"]);
         if ($user != null) {
             $this->user = $user;
         }
     }
     if (isset($_SESSION["message"])) {
         $this->message = $_SESSION["message"];
     }
     if (isset($_SESSION["data"])) {
         $this->data = unserialize($_SESSION["data"]);
     }
     if (isset($_SESSION["message_type"])) {
         $this->setMessageType($_SESSION["message_type"]);
     }
 }
示例#9
0
 /**
  * Parse the options array for limit clauses and order by clauses. The valid keys and value types are specified below.
  * limit - Page object. Will take values from a Paginator Page object and
  * set LIMIT and OFFSET portions of database query accordingly
  * 
  * joins - bool. If true, an INNER JOIN will be done to retrieve the
  * User associated with the article
  * 
  * order - string. Concatenate string with ORDER BY operator
  * @access private
  * @param array &$options
  */
 protected function parseOptions(&$options)
 {
     if (!is_array($options)) {
         throw new InvalidArgumentException("Options for a database access function must be in an array");
     }
     if (array_key_exists("limit", $options) && $options["limit"] instanceof Page) {
         $this->query_limit .= $this->getLimitClause($options["limit"]);
     }
     if (array_key_exists("joins", $options) && $options["joins"] == true) {
         $userDAO = UserDAO::getInstance();
         $this->query_select .= ", " . $userDAO->buildColumnString();
         $this->query_joins .= "INNER JOIN (" . $userDAO->getTableName() . ") ON (" . $userDAO->getTableName() . ".id = " . $this->getTableName() . ".userId)";
         $this->select_columns = array_merge($this->select_columns, $userDAO->buildColumnArray());
         $this->joins = true;
     }
     if (array_key_exists("order", $options) && is_string($options["order"])) {
         // Reference to article member
         if (strpos($options["order"], ".") === false) {
             $this->query_order = "ORDER BY " . $this->tableName . "." . $options["order"];
         } else {
             if (strpos($options["order"], "users.") === 0 && $this->joins) {
                 $this->query_order = "ORDER BY " . $options["order"];
             } else {
                 $this->query_order = "ORDER BY " . $options["order"];
             }
         }
         //            else {
         //                throw new InvalidArgumentException ("Invalid configuration for order option");
         //            }
     }
 }
示例#10
0
 /**
  * inicia interloginnte a DAO
  * @return void
  */
 public function startDAO()
 {
     $this->DAO = UserDAO::getInstance();
 }
 /**
  * Run method with main page logic
  * 
  * Populate template and display form for editing an profile entry. For POST requests,
  * check user credentials, check if profile exists and then update entry in database.
  * Available to members only
  * @access public
  */
 public function run()
 {
     $session = Session::getInstance();
     $user = $session->getUser();
     if ($user == null || !$user->validUser()) {
         $session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR);
         header("Location: " . BASE_URL);
         return;
     }
     $userDAO = UserDAO::getInstance();
     $alter_user = null;
     $form_errors = array();
     $form_values = array("id" => "", "password" => "", "password2" => "", "status" => "", "usertype" => "", "steamId" => "", "xboxId" => "", "psnId" => "", "wiiId" => "");
     // Check form
     if (!empty($_POST)) {
         $form_values["id"] = isset($_POST["id"]) ? trim($_POST["id"]) : "";
         $form_values["password"] = isset($_POST["password"]) ? trim($_POST["password"]) : "";
         $form_values["password2"] = isset($_POST["password2"]) ? trim($_POST["password2"]) : "";
         $form_values["status"] = isset($_POST["status"]) ? trim($_POST["status"]) : "";
         $form_values["usertype"] = isset($_POST["usertype"]) ? trim($_POST["usertype"]) : "";
         $form_values["steamId"] = isset($_POST["steamId"]) ? trim($_POST["steamId"]) : "";
         $form_values["xboxId"] = isset($_POST["xboxId"]) ? trim($_POST["xboxId"]) : "";
         $form_values["psnId"] = isset($_POST["psnId"]) ? trim($_POST["psnId"]) : "";
         $form_values["wiiId"] = isset($_POST["wiiId"]) ? trim($_POST["wiiId"]) : "";
         if (empty($form_values["id"])) {
             $form_errors["id"] = "User id not set";
         }
         if (empty($form_values["password"]) && empty($form_values["password2"])) {
         } else {
             if (empty($form_values["password"])) {
                 $form_errors["password"] = "******";
             } else {
                 if (empty($form_values["password2"])) {
                     $form_errors["password"] = "******";
                 } else {
                     if (strcmp($form_values["password"], $form_values["password2"]) != 0) {
                         $form_errors["password"] = "******";
                         $form_values["password2"] = "";
                     }
                 }
             }
         }
         if ($user->isAdmin() && !empty($form_values["status"])) {
             if (!is_numeric($form_values["status"])) {
                 $form_errors["status"] = "Status must be a number";
             } else {
                 $status = intval($form_values["status"]);
                 $tmp = new User();
                 try {
                     $tmp->setUserType($status);
                 } catch (InvalidUserTypeException $e) {
                     $form_errors["status"] = "Invalid value for status";
                 }
             }
         } else {
             if ($user->isAdmin() && empty($form_values["status"])) {
                 $form_errors["status"] = "Status not defined";
             }
         }
         if ($user->isAdmin() && !empty($form_values["usertype"])) {
             if (!is_numeric($form_values["usertype"])) {
                 $form_errors["usertype"] = "Status must be a number";
             }
             $tmp = new User();
             try {
                 $tmp->setUserType($status);
             } catch (InvalidStatusException $e) {
                 $form_errors["usertype"] = "Invalid value for status";
             }
         } else {
             if ($user->isAdmin() && !empty($form_values["usertype"])) {
                 $form_errors["usertype"] = "Type not defined";
             }
         }
         // Regular expression check for identities
         if (!empty($form_values["steamId"])) {
             if (strlen($form_values["steamId"]) > 20) {
                 $form_errors["steamId"] = "Steam ID too long";
             } else {
                 if (!preg_match("/^([A-Za-z0-9_]{3,20})\$/", $form_values["steamId"])) {
                     $form_errors["steamId"] = "Steam ID is not valid";
                 }
             }
         }
         if (!empty($form_values["xboxId"])) {
             if (strlen($form_values["xboxId"]) > 15) {
                 $form_errors["xboxId"] = "Xbox gamertag too long";
             } else {
                 if (!preg_match("/^[A-Za-z0-9 ]{3,15}\$/", $form_values["xboxId"])) {
                     $form_errors["xboxId"] = "Xbox gamertag is not valid";
                 }
             }
         }
         if (!empty($form_values["psnId"])) {
             if (strlen($form_values["psnId"]) > 16) {
                 $form_errors["psnId"] = "PSN ID too long";
             } else {
                 if (!preg_match("/^([A-Za-z0-9-_]+){3,16}\$/", $form_values["psnId"])) {
                     $form_errors["psnId"] = "PSN ID is not valid";
                 }
             }
         }
         if (!empty($form_values["wiiId"])) {
             if (strlen($form_values["wiiId"]) > 20) {
                 $form_errors["wiiId"] = "Steam Id too long";
             } else {
                 if (!preg_match("/^([0-9]{4}[- ][0-9]{4}[- ][0-9]{4}[- ][0-9]{4})\$/", $form_values["wiiId"])) {
                     $form_errors["wiiId"] = "Wii Friend Code is not valid";
                 }
             }
         }
         // No errors found
         if (empty($form_errors)) {
             // Status call not done
             $alter_user = $userDAO->load($form_values["id"]);
             if ($alter_user != null) {
                 if ($session->getUser()->isAdmin() || $alter_user->getId() == $session->getUser()->id) {
                     if (!empty($form_values["password"])) {
                         $alter_user->setPassHash(sha1($form_values["password"]));
                     }
                     if (!empty($form_values["status"])) {
                         $alter_user->setStatus(intval($form_values["status"]));
                     }
                     if (!empty($form_values["usertype"])) {
                         $alter_user->setUserType(intval($form_values["usertype"]));
                     }
                     if (!empty($form_values["steamId"])) {
                         $alter_user->setSteamId($form_values["steamId"]);
                     }
                     if (!empty($form_values["xboxId"])) {
                         $alter_user->setXboxId($form_values["xboxId"]);
                     }
                     if (!empty($form_values["psnId"])) {
                         $alter_user->setPsnId($form_values["psnId"]);
                     }
                     if (!empty($form_values["wiiId"])) {
                         $alter_user->setWiiId($form_values["wiiId"]);
                     }
                     // Save profile
                     if ($userDAO->save($alter_user)) {
                         $session->setMessage("User profile altered");
                         header("Location: {$_SERVER["PHP_SELF"]}?id={$alter_user->id}");
                         return;
                     } else {
                         $session->setMessage("User profile not altered", Session::MESSAGE_ERROR);
                     }
                 } else {
                     header("Location: " . BASE_URL);
                     return;
                 }
             }
         } else {
             if (empty($form_errors["id"])) {
                 $alter_user = $userDAO->load($form_values["id"]);
             }
         }
     } else {
         if (!empty($_GET)) {
             $form_values["id"] = isset($_GET["id"]) ? trim($_GET["id"]) : "";
             if (empty($form_values["id"])) {
                 $form_errors["id"] = "User id not set";
             }
             if (empty($form_errors)) {
                 $alter_user = $userDAO->load($form_values["id"]);
                 // Value is null so user does not exist. Allow null to be passed to template
                 if (!$alter_user) {
                 } else {
                     if ($session->getUser()->isAdmin()) {
                         $form_values["steamId"] = $alter_user->getSteamId();
                         $form_values["xboxId"] = $alter_user->getXboxId();
                         $form_values["psnId"] = $alter_user->getPsnId();
                         $form_values["wiiId"] = $alter_user->getWiiId();
                     } else {
                         if (!$session->getUser()->isAdmin() && $alter_user->getId() != $session->getUser()->getId()) {
                             $session->setMessage("Do not have permission", Session::MESSAGE_ERROR);
                             header("Location: " . BASE_URL);
                             return;
                         } else {
                             $form_values["steamId"] = $alter_user->getSteamId();
                             $form_values["xboxId"] = $alter_user->getXboxId();
                             $form_values["psnId"] = $alter_user->getPsnId();
                             $form_values["wiiId"] = $alter_user->getWiiId();
                         }
                     }
                 }
             }
         } else {
             header("Location: " . BASE_URL);
             return;
         }
     }
     $this->template->render(array("title" => "Edit Profile", "main_page" => "edit_profile_tpl.php", "session" => $session, "alter_user" => $alter_user, "form_errors" => $form_errors, "form_values" => $form_values));
 }
 /**
  * Run method with main page logic
  * 
  * Populate template and read in list of users in the database. Populate template and
  * display an interface to administer user data for allowing bulk deletion of users, deletion of a single
  * user, links to editing and viewing each user entry. Available to admins only
  * Available to members only
  * @access public
  */
 public function run()
 {
     $PAGINATION_LIMIT = 10;
     $session = Session::getInstance();
     $user = $session->getUser();
     if ($user == null || !$user->isAdmin()) {
         $session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR);
         header("Location: " . BASE_URL);
         return;
     }
     $userDAO = UserDAO::getInstance();
     $method = isset($_GET["users"]) ? trim($_GET["users"]) : "";
     $page = isset($_GET["page"]) && is_numeric($_GET["page"]) ? intval($_GET["page"]) : 1;
     if ($page < 1) {
         $page = 1;
     }
     $action = isset($_GET["action"]) ? trim($_GET["action"]) : "";
     $page = is_numeric($page) ? $page : 1;
     $paginator_page = $queryVars = null;
     // POST request for bulk deletion of users
     if (!empty($_POST) && !empty($_POST["userids"]) && !empty($_POST["action"]) && empty($_POST["domodstatus"])) {
         $action = isset($_POST["action"]) ? trim($_POST["action"]) : "";
         if (!strcmp($action, "delete") == 0) {
             header("Location: " . BASE_URL);
             return;
         }
         $status = $userDAO->deleteByIds($_POST["userids"]);
         if ($status) {
             $session->setMessage("Selected users deleted");
             header("Location: {$_SERVER["PHP_SELF"]}?users=all");
             return;
         } else {
             $session->setMessage("Deletion failed", Session::MESSAGE_ERROR);
             header("Location: {$_SERVER["PHP_SELF"]}?users=all");
             return;
         }
     } else {
         if (!empty($_GET) && !empty($_GET["userids"]) && !empty($_GET["domodstatus"])) {
             $status = isset($_GET["status"]) ? trim($_GET["status"]) : "";
             if (!empty($status)) {
                 $status = intval($status);
                 $tmp = new User();
                 try {
                     $tmp->setUserType($status);
                 } catch (InvalidUserTypeException $e) {
                     $session->setMessage("Invalid status choice");
                     header("Location: {$_SERVER["PHP_SELF"]}?users=all");
                     return;
                 }
             }
             $status = $userDAO->saveStatusByIds($status, $_GET["userids"]);
             if ($status) {
                 $session->setMessage("Selected users updated");
                 header("Location: {$_SERVER["PHP_SELF"]}?users=all");
                 return;
             } else {
                 $session->setMessage("Update failed", Session::MESSAGE_ERROR);
                 header("Location: {$_SERVER["PHP_SELF"]}?users=all");
                 return;
             }
         } else {
             if (strcmp($action, "delete") == 0 && !empty($_GET["userids"])) {
                 $content_title = "Delete Users";
                 $user_array = $userDAO->allByIds($_GET["userids"]);
             } else {
                 if (strcmp($method, "all") == 0) {
                     $count = $userDAO->count();
                     $paginator = new Paginator($count, $PAGINATION_LIMIT);
                     if ($page < 0) {
                         $page = 1;
                     }
                     $paginator_page = $paginator->getPage($page);
                     $user_array = $userDAO->all(array("limit" => $paginator_page, "order" => "userName"));
                     $content_title = "All Users Options";
                     $queryVars = array("users" => "all");
                 } else {
                     $user_array = $userDAO->allPendingUsers();
                     $content_title = "Pending Users Options";
                 }
             }
         }
     }
     $this->template->render(array("title" => "Admin - User Options", "main_page" => "user_options_tpl.php", "user" => $user, "session" => $session, "user_array" => $user_array, "content_title" => $content_title, "paginator_page" => $paginator_page, "queryVars" => $queryVars, "action" => $action));
 }
示例#13
0
文件: User.php 项目: reytuty/facil
 public function lembrarSenha()
 {
     $ReturnResultVO = new ReturnResultVO();
     $email = DataHandler::getValueByArrayIndex($_GET, "email");
     $DAO = UserDAO::getInstance();
     $ResultData = $DAO->select(UserDAO::RETURN_STD_OBJECT, $id = NULL, $active = NULL, $user_type_id = NULL, $login = NULL, $password = NULL, $email = $email);
     $ReturnResultVO->success = $ResultData->success;
     if ($ResultData->success) {
         if (count($ResultData->result) > 0) {
             $userStd = $ResultData->result[0];
             //Debug::print_r($userStd);
             //======
             $smtp = new Smtp(Config::SYSTEM_MAIL_SMTP, 587);
             $smtp->user = Config::SYSTEM_MAIL_LOGIN;
             $smtp->pass = Config::SYSTEM_MAIL_PASSWORD;
             ob_start();
             $smtp->debug = true;
             $from = Config::SYSTEM_MAIL_FROM;
             $to = $VO->getEmail();
             $subject = "Teto lembrar senha";
             $mensagem = file_get_contents(Config::getFolderView("/templates/email_para_lembrar_senha.html"));
             $mensagem = str_replace("###login", $userStd->login, $mensagem);
             $mensagem = str_replace("###senha", $userStd->password, $mensagem);
             $smtp->Send($to, $from, $subject, $mensagem, "text/html");
             ob_end_clean();
         }
     }
     echo $ReturnResultVO->toJson();
     exit;
 }