aboutsummaryrefslogtreecommitdiff
path: root/h-source/Application/Controllers/UsersController.php
diff options
context:
space:
mode:
authorAntonio Gallo <tonicucoz@gmail.com>2010-10-17 13:29:57 +0000
committerAntonio Gallo <tonicucoz@gmail.com>2010-10-17 13:29:57 +0000
commit232aa1924c8c0f10d87b210b46c9f061af5c844c (patch)
tree2351f2aaff7ad244f60358954e4711692fb8aadc /h-source/Application/Controllers/UsersController.php
parenta17e3e0495bee3705d3c1e5ead2db1a8359e64e9 (diff)
added files
Diffstat (limited to 'h-source/Application/Controllers/UsersController.php')
-rw-r--r--h-source/Application/Controllers/UsersController.php428
1 files changed, 428 insertions, 0 deletions
diff --git a/h-source/Application/Controllers/UsersController.php b/h-source/Application/Controllers/UsersController.php
new file mode 100644
index 0000000..6e760ba
--- /dev/null
+++ b/h-source/Application/Controllers/UsersController.php
@@ -0,0 +1,428 @@
+<?php
+
+// h-source, a web software to build a community of people that want to share their hardware information.
+// Copyright (C) 2010 Antonio Gallo (h-source-copyright.txt)
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+if (!defined('EG')) die('Direct access not allowed!');
+
+class UsersController extends BaseController
+{
+
+ private $_updating;
+
+ public function __construct($model, $controller, $queryString)
+ {
+ parent::__construct($model, $controller, $queryString);
+
+ $this->model('UsersModel');
+ $this->model('ProfileModel');
+ $this->model('HardwareModel');
+ $this->model('ParamsModel');
+
+ $updating = $this->m['ParamsModel']->select('updating')->where(array('id_par'=>1))->toList('updating')->send();
+ $data['updating_flag'] = $updating[0];
+ $this->_updating = $data['updating_flag'];
+
+ $data['title'] = 'Login';
+ $this->append($data);
+ }
+
+ public function login($lang = 'en', $type = null,$the_action = null,$the_id = null)
+ {
+ $data = array();
+
+ if ( strcmp($this->_updating,'no') === 0 )
+ {
+ $data['flag'] = isset($type) ? 'setted' : null;
+ $html['type'] = in_array($type,Hardware::$controllers) ? sanitizeAll($type) : 'notebooks';
+ $html['the_action'] = sanitizeAlphanum($the_action);
+ $html['the_id'] = (int)$the_id;
+ $html['lang'] = Lang::sanitize($lang);
+
+ $data['title'] = 'Login - '.Website::$generalName;
+
+ if (isset($type))
+ {
+ $data['action'] = Url::getRoot("users/login/".$html['lang']."/".$html['type']."/".$html['the_action']."/".$html['the_id']);
+ }
+ else
+ {
+ $data['action'] = Url::getRoot("users/login/".$html['lang']);
+ }
+
+ $data['notice'] = null;
+
+ $this->s['registered']->checkStatus();
+
+ if ($this->s['registered']->status['status']=='logged') { //check if already logged
+ $this->s['registered']->redirect('logged');
+ }
+ if (isset($_POST['username']) and isset($_POST['password']))
+ {
+ $username = ctype_alnum($_POST['username']) ? sanitizeAll($_POST['username']) : '';
+ $choice = $this->s['registered']->login($username,$_POST['password']);
+
+ switch($choice) {
+ case 'logged':
+ $this->redirect('home/index',3,'You are already logged...');
+ break;
+ case 'accepted':
+ if (isset($type))
+ {
+ $address = strcmp($html['the_action'],'view') === 0 ? $html['type']."/view/".$html['lang']."/".$html['the_id'] : $html['type']."/catalogue/".$html['lang'];
+
+ $this->redirect($address,0);
+ }
+ else
+ {
+ $this->redirect('home/index',0);
+ }
+ break;
+ case 'login-error':
+ $data['notice'] = '<div class="alert">Wrong username or password</div>';
+ break;
+ case 'wait':
+ $data['notice'] = '<div class="alert">You have to wait 5 seconds before you can try to login another time</div>';
+ break;
+ }
+ }
+ }
+
+ $this->append($data);
+ $this->load('login');
+ }
+
+ public function logout($lang = 'en')
+ {
+ $res = $this->s['registered']->logout();
+
+ if ($res === 'not-logged')
+ {
+ $data['notice'] = "<div class='alert'>You can't logout because you are not logged..</div>\n";
+ }
+ else if ($res === 'was-logged')
+ {
+ $this->redirect('home',0);
+ }
+ else if ($res === 'error')
+ {
+
+ }
+
+ $this->append($data);
+ $this->load('logout');
+ }
+
+ public function add($lang = 'en')
+ {
+ $data['title'] = 'create account - '.Website::$generalName;
+
+ if ( strcmp($this->_updating,'no') === 0 )
+ {
+ //start session for captcha
+ session_start();
+
+ if ( isset($_SESSION['status']) ) unset($_SESSION['status']);
+
+ $this->shift(1);
+
+ $this->m['UsersModel']->strongConditions['insert'] = array(
+ "checkAlphanum" => "username",
+ "checkLength|35" => "username",
+ "checkMail" => "e_mail",
+ "+checkLength|35" => "e_mail",
+ "checkEqual" => "password,confirmation",
+ "checkMatch|/^[a-zA-Z0-9\_\-\!]+$/" => "password,confirmation|characters allowed for the password: a-z A-Z 0-9 - _ !"
+ );
+
+ $this->m['UsersModel']->databaseConditions['insert'] = array(
+ "checkUnique" => "username",
+ "+checkUnique" => "e_mail"
+ );
+
+ if ($this->s['registered']->status['status'] === 'logged')
+ {
+ $this->redirect('home/index/'.$this->lang,2,'you are already logged..');
+ }
+ else
+ {
+ $data['notice'] = null;
+
+ $this->m['UsersModel']->setFields('username:sanitizeAll,e_mail:sanitizeAll,password:sha1','none');
+
+ $this->m['UsersModel']->updateTable('insert');
+
+ $data['notice'] = $this->m['UsersModel']->notice;
+
+ $values = $this->m['UsersModel']->getFormValues('insert','sanitizeHtml');
+ $values['confirmation'] = '';
+
+ $data['values'] = $values;
+
+ $this->append($data);
+
+ $this->load('add');
+ $this->right();
+ }
+ }
+ else
+ {
+ $this->redirect('users/login/'.$this->lang,0);
+ }
+ }
+
+ public function confirm($lang = 'en', $id_user = 0, $confirmation_token = '')
+ {
+ $data['title'] = 'confirm account - '.Website::$generalName;
+
+ if ( strcmp($this->_updating,'no') === 0 )
+ {
+ if ($this->s['registered']->status['status'] === 'logged')
+ {
+ $this->redirect('home/index/'.$this->lang,2,'you are already logged..');
+ }
+ else
+ {
+ $clean['id_user'] = (int)$id_user;
+ $clean['confirmation_token'] = sanitizeAlphanum($confirmation_token);
+
+ $data['status_confirm'] = false;
+
+ $res = $this->m['UsersModel']->select('id_user,creation_time')->where(array("id_user"=>$clean['id_user'],"confirmation_token"=>$clean['confirmation_token'],"has_confirmed"=>1,"deleted"=>"no"))->send();
+
+ // echo $this->m['UsersModel']->getQuery();
+
+ if (count($res) > 0)
+ {
+ $now = time();
+ $checkTime = $res[0]['regusers']['creation_time'] + Account::$confirmTime;
+ if ($checkTime > $now)
+ {
+ $this->m['UsersModel']->values = array('has_confirmed' => 0, 'creation_time' => 0);
+ if ($this->m['UsersModel']->update($clean['id_user']))
+ {
+ $data['status_confirm'] = true;
+
+ //ad a record in the profile table
+ $this->m['ProfileModel']->values = array('created_by' => $clean['id_user']);
+ $this->m['ProfileModel']->insert();
+
+ }
+ }
+ }
+
+ // var_dump($data['status_confirm']);
+
+ $this->append($data);
+ $this->load('confirmation');
+ $this->right();
+ }
+ }
+ else
+ {
+ $this->redirect('users/login/'.$this->lang,0);
+ }
+ }
+
+ public function change($lang = 'en', $id_user = 0, $forgot_token = '')
+ {
+ session_start();
+
+ $data['title'] = 'change password - '.Website::$generalName;
+
+ if ( strcmp($this->_updating,'no') === 0 )
+ {
+ if ($this->s['registered']->status['status'] === 'logged')
+ {
+ $this->redirect('home/index/'.$this->lang,2,'you are already logged..');
+ }
+ else
+ {
+ $clean['id_user'] = (int)$id_user;
+ $clean['forgot_token'] = sanitizeAlphanum($forgot_token);
+
+ $res = $this->m['UsersModel']->select('username,id_user,forgot_time,e_mail')->where(array("id_user"=>$clean['id_user'],"forgot_token"=>$clean['forgot_token'],"has_confirmed"=>0,"deleted"=>"no"))->send();
+
+ if (count($res) > 0)
+ {
+ $now = time();
+ $checkTime = $res[0]['regusers']['forgot_time'] + Account::$confirmTime;
+ if ($checkTime > $now)
+ {
+ $username = $res[0]['regusers']['username'];
+ $email = $res[0]['regusers']['e_mail'];
+
+ $newPassword = generateString(10);
+ $this->m['UsersModel']->values = array('password' => sha1($newPassword), 'forgot_time' => 0);
+ if ($this->m['UsersModel']->update($clean['id_user']))
+ {
+ $result = Account::sendpassword($username,$email,$newPassword);
+
+ if ($result)
+ {
+ $_SESSION['status'] = 'sent_new_password';
+ }
+ else
+ {
+ $_SESSION['status'] = 'sent_new_password_error';
+ }
+
+ $hed = new HeaderObj(DOMAIN_NAME);
+ $hed->redirect('users/notice/'.Lang::$current,1);
+
+ }
+ }
+ }
+
+ $this->append($data);
+ $this->load('change');
+ $this->right();
+ }
+ }
+ else
+ {
+ $this->redirect('users/login/'.$this->lang,0);
+ }
+ }
+
+ public function forgot($lang = 'en')
+ {
+ $data['title'] = 'request password - '.Website::$generalName;
+
+ if ( strcmp($this->_updating,'no') === 0 )
+ {
+ session_start();
+
+ if ( isset($_SESSION['status']) ) unset($_SESSION['status']);
+
+ $this->shift(1);
+
+ if ($this->s['registered']->status['status'] === 'logged')
+ {
+ $this->redirect('home/index/'.$this->lang,2,'you are already logged..');
+ }
+ else
+ {
+ $data['notice'] = null;
+
+ if (isset($_POST['forgotAction']))
+ {
+ if (isset($_POST['username']))
+ {
+ $this->m['UsersModel']->forgot($_POST['username']);
+ $data['notice'] = $this->m['UsersModel']->notice;
+ }
+ }
+
+ $this->append($data);
+
+ $this->load('forgot');
+ $this->right();
+ }
+ }
+ else
+ {
+ $this->redirect('users/login/'.$this->lang,0);
+ }
+ }
+
+ public function notice($lang = 'en')
+ {
+ $data['title'] = 'notice - '.Website::$generalName;
+
+ if ( strcmp($this->_updating,'no') === 0 )
+ {
+ session_start();
+ if ($this->s['registered']->status['status'] === 'logged')
+ {
+ $this->redirect('home/index/'.$this->lang,2,'you are already logged..');
+ }
+ else
+ {
+ $this->load('notice');
+ $this->right();
+ }
+ }
+ else
+ {
+ $this->redirect('users/login/'.$this->lang,0);
+ }
+ }
+
+ public function meet($lang = 'en', $user = '')
+ {
+ $clean['user'] = ctype_alnum($user) ? sanitizeAll($user) : '';
+ $data['title'] = "meet ".$clean['user']." - ".Website::$generalName;
+
+ if (strcmp($clean['user'],'') !== 0)
+ {
+ $this->shift(2);
+
+ $res = $this->m['UsersModel']->db->select('regusers','has_confirmed,deleted,username','username="'.$clean['user'].'" and has_confirmed=0 and deleted="no"');
+// echo $this->m['UsersModel']->getQuery();
+ if (count($res) > 0)
+ {
+ $whereArray = array(
+ 'username' => $clean['user'],
+ 'has_confirmed' => 0,
+ 'deleted' => 'no'
+ );
+
+ $data['table'] = $this->m['ProfileModel']->select('regusers.e_mail,regusers.username,profile.*')->from('regusers inner join profile')->on('regusers.id_user = profile.created_by')->where($whereArray)->send();
+
+ // echo $this->m['HardwareModel']->getQuery();
+
+ $data['meet_username'] = $res[0]['regusers']['username'];
+
+ $this->append($data);
+ $this->load('meet');
+ $this->right();
+ }
+ }
+ }
+
+ public function contributions($lang = 'en', $user = '')
+ {
+ $clean['user'] = ctype_alnum($user) ? sanitizeAll($user) : '';
+ $data['title'] = $clean['user']." contributions - ".Website::$generalName;
+
+ if (strcmp($clean['user'],'') !== 0)
+ {
+ $this->shift(2);
+
+ $res = $this->m['UsersModel']->db->select('regusers','has_confirmed,deleted,username','username="'.$clean['user'].'" and has_confirmed=0 and deleted="no"');
+
+ if (count($res) > 0)
+ {
+ $whereArray = array(
+ 'username' => $clean['user'],
+ 'has_confirmed' => 0,
+ 'deleted' => 'no'
+ );
+
+ $data['table'] = $this->m['HardwareModel']->select('hardware.*,regusers.username')->where($whereArray)->send();
+ // echo $this->m['HardwareModel']->getQuery();
+
+ $data['meet_username'] = $res[0]['regusers']['username'];
+
+ $this->append($data);
+ $this->load('contributions');
+ $this->right();
+ }
+ }
+ }
+
+} \ No newline at end of file