A new, object-oriented, better vesion of μForum
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

753 lines
24 KiB

  1. <?php
  2. /**
  3. * @package uForum2
  4. * @file inc/controllers/MainController.class.php
  5. * @copyright 2007-2015 (c) PioDer <piotrek@pioder.pl>
  6. * @link http://www.pioder.pl/
  7. * @license see LICENSE.txt
  8. **/
  9. require ('./inc/controller.class.php');
  10. class MainController extends Controller
  11. {
  12. public function loadDefault()
  13. {
  14. $this->main();
  15. }
  16. private function loadDependencies() // zależności (sesje itp)
  17. {
  18. $this->loadModel('SessionModel'); //aktywacja sesji
  19. $this->loadModel('ConfigModel'); //konfiguracja ogólna skryptu
  20. $this->loadView('MainView');
  21. $this->getView('MainView')->putExistingModel('SessionModel', $this->getModel('SessionModel'));
  22. $this->getView('MainView')->putExistingModel('ConfigModel', $this->getModel('ConfigModel'));
  23. //przekierowanie!
  24. if ($_GET['mode'] == 'editprofile' || $_GET['mode'] == 'register' || $_GET['mode'] == 'login')
  25. {
  26. if ($_SERVER['REQUEST_SCHEME'] != 'https' && USE_HTTPS)
  27. $this->forward(buildURL($_SERVER['REQUEST_URI'], true));
  28. }
  29. else
  30. if ($_SERVER['REQUEST_SCHEME'] != 'http')
  31. $this->forward(buildURL($_SERVER['REQUEST_URI']));
  32. }
  33. public function main()
  34. {
  35. $this->loadDependencies();
  36. $this->loadModel('UsersModel');
  37. $this->getView('MainView')->main();
  38. }
  39. public function viewforum()
  40. {
  41. $this->loadDependencies();
  42. $this->loadModel('ForumsModel');
  43. $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  44. $f = $this->getModel('ForumsModel')->getForum($_GET['id']);
  45. if ($f == null)
  46. $this->getView('MainView')->forum_message('Forum does not exist!', buildURL('index.php'));
  47. else
  48. {
  49. $this->getView('MainView')->putExistingModel('ForumsModel', $this->getModel('ForumsModel'));
  50. $this->getView('MainView')->viewforum();
  51. }
  52. }
  53. public function userlist()
  54. {
  55. $this->loadDependencies();
  56. if (isset($_GET['rank']))
  57. {
  58. switch ($_GET['rank'])
  59. {
  60. case 'admin':
  61. $_GET['rank'] = RANK_ADMIN;
  62. break;
  63. case 'mod':
  64. $_GET['rank'] = RANK_MOD;
  65. break;
  66. case 'user':
  67. $_GET['rank'] = RANK_USER;
  68. break;
  69. default:
  70. $_GET['rank'] = '';
  71. break;
  72. }
  73. }
  74. else
  75. $_GET['rank'] = '';
  76. $_POST['sort_type'] = (isset($_POST['sort_type'])) ? $this->db->real_escape_string($_POST['sort_type']) : 'regdate';
  77. $allowed_sorting = array('regdate', 'lastvisit', 'nick', 'post_count');
  78. if (!in_array($_POST['sort_type'], $allowed_sorting))
  79. $_POST['sort_type'] = '';
  80. $_POST['sort_desc'] = (isset($_POST['sort_desc'])) ? 'DESC' : 'ASC';
  81. $this->getView('MainView')->userlist();
  82. }
  83. public function viewtopic()
  84. {
  85. $this->loadDependencies();
  86. $this->loadModel('PostsModel');
  87. $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  88. $t = $this->getModel('PostsModel')->getTopic($_GET['id']);
  89. if ($t == null)
  90. $this->getView('MainView')->forum_message('Topic does not exist!', buildURL('index.php'));
  91. else
  92. {
  93. $this->getView('MainView')->putExistingModel('PostsModel', $this->getModel('PostsModel'));
  94. $this->getView('MainView')->viewtopic();
  95. }
  96. }
  97. public function newtopic()
  98. {
  99. $this->posting(POSTING_NEWTOPIC);
  100. }
  101. public function reply()
  102. {
  103. $this->posting(POSTING_REPLY);
  104. }
  105. public function editpost()
  106. {
  107. $this->posting(POSTING_EDIT);
  108. }
  109. public function quote()
  110. {
  111. $this->posting(POSTING_QUOTE);
  112. }
  113. public function moderate()
  114. {
  115. $this->loadDependencies();
  116. $this->loadModel('PostsModel');
  117. $this->loadModel('ForumsModel');
  118. $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  119. $_GET['submode'] = (isset($_GET['submode'])) ? trim(strip_tags($this->db->real_escape_string($_GET['submode']))) : 0;
  120. if (!$this->getModel('SessionModel')->isLogged())
  121. {
  122. $this->getView('MainView')->forum_message('You are not logged.', buildURL('index.php?mode=login', true));
  123. $lockv = true;
  124. }
  125. if ($this->getModel('SessionModel')->getRank() == RANK_USER && !isset($lockv))
  126. {
  127. $this->getView('MainView')->forum_message('Only mods have access to this menu', buildURL('index.php'));
  128. $lockv = true;
  129. }
  130. //sprawdź czy wątek/post istnieje
  131. if (!isset($lockv))
  132. switch($_GET['submode'])
  133. {
  134. case 'deletetopic':
  135. case 'locktopic':
  136. case 'sticktopic':
  137. case 'movetopic':
  138. $t = $this->getModel('PostsModel')->getTopic($_GET['id']);
  139. if ($t == null)
  140. {
  141. $this->getView('MainView')->forum_message('Topic does not exist!', buildURL('index.php'));
  142. $lockv = true;
  143. }
  144. break;
  145. case 'deletepost':
  146. $p = $this->getModel('PostsModel')->getPost($_GET['id']);
  147. if ($p == null)
  148. {
  149. $this->getView('MainView')->forum_message('Post does not exist!', buildURL('index.php'));
  150. $lockv = true;
  151. }
  152. else
  153. {
  154. $t = $this->getModel('PostsModel')->getTopic($p['topic_id']);
  155. if ($t['post_count'] == 1)
  156. {
  157. $this->getView('MainView')->forum_message('If topic has only one post, use <span style="font-weight: bold">delete topic</span> option.', buildURL('index.php?mode=viewtopic&amp;id='.$p['topic_id']), 3);
  158. $lockv = true;
  159. }
  160. }
  161. break;
  162. default:
  163. $this->getView('MainView')->forum_message('Invalid mode', buildURL('index.php'));
  164. $lockv = true;
  165. break;
  166. }
  167. //wysyłanie formularza
  168. if (isset($_POST['confirmed']) && !isset($lockv))
  169. {
  170. if (!isset($_POST['rejected']))
  171. {
  172. switch($_GET['submode'])
  173. {
  174. case 'deletepost':
  175. $this->getModel('PostsModel')->deletePost($_GET['id']);
  176. $this->getView('MainView')->forum_message('Post deleted. Redirecting...', buildURL('index.php?mode=viewtopic&amp;id='.$p['topic_id']));
  177. $lockv = true;
  178. break;
  179. case 'deletetopic':
  180. $this->getModel('PostsModel')->deleteTopic($_GET['id']);
  181. $this->getView('MainView')->forum_message('Topic deleted. Redirecting...', buildURL('index.php?mode=viewforum&amp;id='.$t['forum_id']));
  182. $lockv = true;
  183. break;
  184. case 'locktopic':
  185. if ($t['topic_locked'] == false)
  186. {
  187. $this->getModel('PostsModel')->lockTopic($_GET['id']);
  188. $this->getView('MainView')->forum_message('Topic locked. Redirecting...', buildURL('index.php?mode=viewtopic&amp;id='.$_GET['id']));
  189. }
  190. else
  191. {
  192. $this->getModel('PostsModel')->lockTopic($_GET['id'], false);
  193. $this->getView('MainView')->forum_message('Topic unlocked. Redirecting...', buildURL('index.php?mode=viewtopic&amp;id='.$_GET['id']));
  194. }
  195. $lockv = true;
  196. break;
  197. case 'sticktopic':
  198. if ($t['topic_sticky'] == false)
  199. {
  200. $this->getModel('PostsModel')->stickTopic($_GET['id']);
  201. $this->getView('MainView')->forum_message('Topic sticked. Redirecting...', buildURL('index.php?mode=viewtopic&amp;id='.$_GET['id']));
  202. }
  203. else
  204. {
  205. $this->getModel('PostsModel')->stickTopic($_GET['id'], false);
  206. $this->getView('MainView')->forum_message('Topic unsticked. Redirecting...', buildURL('index.php?mode=viewtopic&amp;id='.$_GET['id']));
  207. }
  208. $lockv = true;
  209. break;
  210. case 'movetopic':
  211. if ($this->getModel('ForumsModel')->getForum($_POST['forum_id']) == null)
  212. $this->getView('MainView')->forum_message('Forum does not exist!', buildURL('index.php?mode=viewtopic&amp;id='.$_GET['id']));
  213. else
  214. {
  215. $this->getModel('PostsModel')->moveTopic($_GET['id'], $_POST['forum_id']);
  216. $this->getView('MainView')->forum_message('Topic moved. Redirecting...', buildURL('index.php?mode=viewtopic&amp;id='.$_GET['id']));
  217. }
  218. $lockv = true;
  219. break;
  220. }
  221. }
  222. else
  223. {
  224. switch ($_GET['submode'])
  225. {
  226. case 'deletetopic':
  227. case 'locktopic':
  228. case 'sticktopic':
  229. case 'movetopic':
  230. $this->forward(buildURL('index.php?mode=viewtopic&id='.$_GET['id']));
  231. break;
  232. case 'deletepost':
  233. $this->forward(buildURL('index.php?mode=viewtopic&id='.$p['topic_id']));
  234. }
  235. }
  236. }
  237. if (!isset($lockv))
  238. switch($_GET['submode'])
  239. {
  240. case 'deletepost':
  241. $this->getView('MainView')->confirm_action('Do you really want delete post <span style="font-weight: bold">#'.$_GET['id'].'</span>?');
  242. break;
  243. case 'deletetopic':
  244. $this->getView('MainView')->confirm_action('Do you really want delete topic <span style="font-weight: bold">#'.$_GET['id'].'</span> with all posts? This operation cannot undone.');
  245. break;
  246. case 'locktopic':
  247. if ($t['topic_locked'] == false)
  248. $this->getView('MainView')->confirm_action('Do you want lock topic <span style="font-weight: bold">#'.$_GET['id'].'</span>?');
  249. else
  250. $this->getView('MainView')->confirm_action('Do you want unlock topic <span style="font-weight: bold">#'.$_GET['id'].'</span>?');
  251. break;
  252. case 'sticktopic':
  253. if ($t['topic_sticky'] == false)
  254. $this->getView('MainView')->confirm_action('Do you want stick topic <span style="font-weight: bold">#'.$_GET['id'].'</span>?');
  255. else
  256. $this->getView('MainView')->confirm_action('Do you want unstick topic <span style="font-weight: bold">#'.$_GET['id'].'</span>?');
  257. break;
  258. case 'movetopic':
  259. $this->getView('MainView')->putExistingModel('PostsModel', $this->getModel('PostsModel'));
  260. $this->getView('MainView')->move_topic();
  261. break;
  262. }
  263. }
  264. public function posting($type)
  265. {
  266. $this->loadDependencies();
  267. $msg = '';
  268. $this->loadModel('PostsModel');
  269. $this->loadModel('ForumsModel');
  270. $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  271. if (!$this->getModel('SessionModel')->isLogged())
  272. {
  273. $this->getView('MainView')->forum_message('You are not logged.', buildURL('index.php?mode=login', true));
  274. $lockv = true;
  275. }
  276. //CHECKING IF TOPIC/FORUM EXISTS AND IS NOT LOCKED
  277. if (!isset($lockv))
  278. switch($type)
  279. {
  280. case POSTING_NEWTOPIC: //checking if forum exists and is not locked
  281. $f = $this->getModel('ForumsModel')->getForum($_GET['id']);
  282. if ($f == null)
  283. {
  284. $this->getView('MainView')->forum_message('Forum does not exist!', buildURL('index.php'));
  285. $lockv = true;
  286. }
  287. else
  288. if ($f['locked'] == true)
  289. {
  290. $this->getView('MainView')->forum_message('Forum is locked', buildURL('index.php?mode=viewforum&amp;id='.$_GET['id']));
  291. $lockv = true;
  292. }
  293. break;
  294. case POSTING_REPLY: //checking if topic exists
  295. case POSTING_QUOTE:
  296. $t = $this->getModel('PostsModel')->getTopic($_GET['id']);
  297. if ($t == null)
  298. {
  299. $this->getView('MainView')->forum_message('Topic does not exist!', buildURL('index.php'));
  300. $lockv = true;
  301. }
  302. else
  303. {
  304. if ($t['forum_locked'] == true && $this->getModel('SessionModel')->getRank() < RANK_MOD)
  305. {
  306. $this->getView('MainView')->forum_message('Forum is locked', buildURL('index.php?mode=viewtopic&amp;id='.$t['topic_id']));
  307. $lockv = true;
  308. }
  309. if ($t['topic_locked'] == true && $this->getModel('SessionModel')->getRank() < RANK_MOD)
  310. {
  311. $this->getView('MainView')->forum_message('Topic is locked', buildURL('index.php?mode=viewtopic&amp;id='.$t['topic_id']));
  312. $lockv = true;
  313. }
  314. if ($type == POSTING_QUOTE)
  315. {
  316. $_GET['q'] = (isset($_GET['q'])) ? trim(strip_tags($this->db->real_escape_string($_GET['q']))) : 0;
  317. $qp = $this->getModel('PostsModel')->getPost($_GET['q']);
  318. if ($qp == null)
  319. {
  320. $this->getView('MainView')->forum_message('Invalid quoted post', buildURL('index.php?mode=viewtopic&amp;id='.$t['topic_id']));
  321. $lockv = true;
  322. }
  323. else
  324. {
  325. if ($qp['topic_id'] != $_GET['id'])
  326. {
  327. $this->getView('MainView')->forum_message('Invalid quoted post', buildURL('index.php?mode=viewtopic&amp;id='.$t['topic_id']));
  328. $lockv = true;
  329. }
  330. }
  331. }
  332. }
  333. break;
  334. case POSTING_EDIT:
  335. $p = $this->getModel('PostsModel')->getPost($_GET['id']);
  336. if ($p == null)
  337. {
  338. $this->getView('MainView')->forum_message('Post does not exist!', buildURL('index.php'));
  339. $lockv = true;
  340. }
  341. else
  342. {
  343. $t = $this->getModel('PostsModel')->getTopic($p['topic_id']);
  344. if ($t['forum_locked'] == true && $this->getModel('SessionModel')->getRank() < RANK_MOD)
  345. {
  346. $this->getView('MainView')->forum_message('Forum is locked', buildURL('index.php?mode=viewtopic&amp;id='.$t['topic_id']));
  347. $lockv = true;
  348. }
  349. if ($t['topic_locked'] == true && $this->getModel('SessionModel')->getRank() < RANK_MOD)
  350. {
  351. $this->getView('MainView')->forum_message('Topic is locked', buildURL('index.php?mode=viewtopic&amp;id='.$t['topic_id']));
  352. $lockv = true;
  353. }
  354. $first = $this->getModel('PostsModel')->getFirstPost($t['topic_id']);
  355. if ($first['post_id'] == $_GET['id'])
  356. $type = POSTING_EDITTOPIC;
  357. if ($p['user_id'] != $this->getModel('SessionModel')->getID() && $this->getModel('SessionModel')->getRank() < RANK_MOD)
  358. {
  359. $this->getView('MainView')->forum_message('You can edit only own posts', buildURL('index.php?mode=viewtopic&amp;id='.$t['topic_id']));
  360. $lockv = true;
  361. }
  362. }
  363. break;
  364. }
  365. //przesłanie formularza --------------------------------------------------------------------------------
  366. if (isset($_POST['post']) && !isset($_POST['preview']) && !isset($lockv))
  367. {
  368. $_POST['post'] = trim(htmlspecialchars($this->db->real_escape_string($_POST['post'])));
  369. if ($type == POSTING_NEWTOPIC || $type == POSTING_EDITTOPIC) //walidacja tytułu tematu (add, edit)
  370. {
  371. $_POST['topic'] = trim(strip_tags($this->db->real_escape_string($_POST['topic'])));
  372. if (strlen($_POST['topic']) < 3)
  373. $msg .= 'Topic title is too short (min 3 characters)<br>';
  374. }
  375. if (strlen($_POST['post']) < 3)
  376. $msg .= 'Post content is too short (min 3 characters)<br>';
  377. if ($msg == null)
  378. {
  379. switch ($type)
  380. {
  381. case POSTING_NEWTOPIC: //akcje dodania nowego tematu
  382. $topic_id = $this->getModel('PostsModel')->addTopic($_POST['topic'], $_POST['post'], $_GET['id'], $this->getModel('SessionModel')->getID());
  383. if ($topic_id != null)
  384. {
  385. $this->getView('MainView')->forum_message('Topic created, Redirecting...', buildURL('index.php?mode=viewtopic&amp;id='.$topic_id));
  386. $lockv = true;
  387. }
  388. else
  389. $msg .= 'Something went wrong, try again.';
  390. break;
  391. case POSTING_EDITTOPIC:
  392. case POSTING_EDIT:
  393. $this->getModel('PostsModel')->changePost($_GET['id'], $_POST['post']);
  394. if ($type == POSTING_EDITTOPIC)
  395. $this->getModel('PostsModel')->changeTopic($t['topic_id'], $_POST['topic']);
  396. $this->getView('MainView')->forum_message('Post edited. Redirecting to topic...', buildURL('index.php?mode=viewtopic&amp;id='.$t['topic_id']));
  397. $lockv = true;
  398. break;
  399. case POSTING_QUOTE:
  400. case POSTING_REPLY:
  401. $this->getModel('PostsModel')->addPost($_GET['id'], $this->getModel('SessionModel')->getID(), $_POST['post']);
  402. $this->getView('MainView')->forum_message('Reply saved. Redirecting to topic...', buildURL('index.php?mode=viewtopic&amp;id='.$_GET['id']));
  403. $lockv = true;
  404. break;
  405. }
  406. }
  407. }
  408. if (!isset($lockv))
  409. {
  410. switch ($type)
  411. {
  412. case POSTING_NEWTOPIC:
  413. case POSTING_REPLY:
  414. $_POST['post'] = (isset($_POST['post'])) ? $_POST['post'] : '';
  415. break;
  416. case POSTING_EDITTOPIC:
  417. $_POST['post'] = (isset($_POST['post'])) ? $_POST['post'] : $p['content'];
  418. $_POST['topic'] = (isset($_POST['topic'])) ? $_POST['topic'] : $t['topic_title'];
  419. break;
  420. case POSTING_EDIT:
  421. $_POST['post'] = (isset($_POST['post'])) ? $_POST['post'] : $p['content'];
  422. break;
  423. case POSTING_QUOTE:
  424. $quote = ($qp['nick'] != null) ? '='.$qp['nick'] : '';
  425. $_POST['post'] = (isset($_POST['post'])) ? $_POST['post'] : '[quote'.$quote.']'.$qp['content'].'[/quote]';
  426. break;
  427. }
  428. if ($type == POSTING_NEWTOPIC)
  429. $_POST['topic'] = (isset($_POST['topic'])) ? $_POST['topic'] : ''; //tylko edycja/tworzenie tematu
  430. $this->getView('MainView')->putExistingModel('PostsModel', $this->getModel('PostsModel'));
  431. $this->getView('MainView')->putExistingModel('ForumsModel', $this->getModel('ForumsModel'));
  432. $this->getView('MainView')->posting_form($type, $msg);
  433. }
  434. }
  435. public function myprofile()
  436. {
  437. $this->loadDependencies();
  438. if (!$this->getModel('SessionModel')->isLogged())
  439. $this->forward('index.php');
  440. else
  441. $this->forward(buildURL('index.php?mode=viewprofile&id='.$this->getModel('SessionModel')->getID()));
  442. }
  443. public function viewprofile()
  444. {
  445. $this->loadDependencies();
  446. $this->loadModel('UsersModel');
  447. $this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel'));
  448. $_GET['id'] = (isset($_GET['id'])) ? trim(strip_tags($this->db->real_escape_string($_GET['id']))) : 0;
  449. if ($this->getModel('UsersModel')->getUserInformation($_GET['id']) == null)
  450. $this->getView('MainView')->forum_message('User does not exist!', buildURL('index.php'));
  451. else
  452. {
  453. $this->getView('MainView')->viewprofile();
  454. }
  455. }
  456. public function editprofile()
  457. {
  458. $this->loadDependencies();
  459. $this->loadModel('UsersModel');
  460. $user_info = $this->getModel('UsersModel')->getUserInformation($this->getModel('SessionModel')->getID(), true);
  461. if (!$this->getModel('SessionModel')->isLogged())
  462. {
  463. $this->getView('MainView')->forum_message('You are not logged.', buildURL('index.php?mode=login', true));
  464. }
  465. else
  466. {
  467. $msg = '';
  468. if (isset($_POST['nick'], $_POST['passwd'], $_POST['passwd_confirm'], $_POST['email']))
  469. {
  470. //secure pools
  471. $_POST['nick'] = trim(strip_tags($this->db->real_escape_string($_POST['nick'])));
  472. $_POST['passwd_old'] = trim(strip_tags($_POST['passwd_old']));
  473. $_POST['passwd'] = trim(strip_tags($_POST['passwd']));
  474. $_POST['passwd_confirm'] = trim(strip_tags($_POST['passwd_confirm']));
  475. $_POST['email'] = trim(strip_tags($this->db->real_escape_string($_POST['email'])));
  476. $_POST['location'] = trim(strip_tags($this->db->real_escape_string($_POST['location'])));
  477. $_POST['signature'] = trim(strip_tags($this->db->real_escape_string($_POST['signature'])));
  478. if ($_POST['email'] != $user_info['email'] || $_POST['passwd'] != '')
  479. {
  480. if ($this->getModel('UsersModel')->generatePasswordHash($user_info['nick'], $_POST['passwd_old']) != $user_info['password'])
  481. $msg .= 'Old password is incorrect!<br>';
  482. }
  483. if ($_POST['passwd'] != '')
  484. {
  485. if (strlen($_POST['passwd']) < 8)
  486. $msg .= 'Password is too short (min 8 characters)<br>';
  487. if ($_POST['passwd'] != $_POST['passwd_confirm'])
  488. $msg .= 'Password do not match!<br>';
  489. }
  490. //check if avatar is uploaded
  491. if ($_FILES['avatar']['tmp_name'] != null)
  492. {
  493. global $allowed_avatars;
  494. $image_size = @getimagesize($_FILES['avatar']['tmp_name']);
  495. if ($image_size == null)
  496. $msg .= 'Type of uploaded file are not allowed.<br>';
  497. else
  498. if (!in_array($image_size['mime'], $allowed_avatars))
  499. $msg .= 'Type of uploaded avatar is not supported.<br>';
  500. else
  501. if ($image_size[0] > 120 || $image_size[1] > 150)
  502. $msg .= 'Uploaded avatar is too big (maximum 120x150 px).<br>';
  503. }
  504. if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  505. $msg .= 'Email is incorrect<br>';
  506. if ($msg == '')
  507. {
  508. if ($_FILES['avatar']['tmp_name'] != null && !isset($_POST['delete_avatar'])) //change an avatar
  509. {
  510. if ($user_info['avatar'] != '')
  511. unlink('./'.$user_info['avatar']);
  512. $ext = pathinfo($_FILES['avatar']['name'], PATHINFO_EXTENSION);
  513. $av = 'images/avatars/'.$this->getModel('SessionModel')->getID().'.'.$ext;
  514. move_uploaded_file($_FILES['avatar']['tmp_name'], './'.$av);
  515. }
  516. else
  517. if (isset($_POST['delete_avatar']))
  518. {
  519. unlink('./'.$user_info['avatar']);
  520. $av = '';
  521. }
  522. else
  523. $av = $user_info['avatar']; //if new avatar is not set
  524. if ($_POST['passwd'] != '')
  525. $this->getModel('UsersModel')->changeUserPassword($this->getModel('SessionModel')->getID(), $user_info['nick'], $_POST['passwd']);
  526. $this->getModel('UsersModel')->updateUserProfile($this->getModel('SessionModel')->getID(), '', $_POST['email'], $_POST['location'], $_POST['signature'], $av);
  527. $this->getView('MainView')->forum_message('Your profile has changed.', buildURL('index.php?mode=viewprofile&amp;id='.$this->getModel('SessionModel')->getID()));
  528. $lockv = true;
  529. }
  530. }
  531. $_POST['nick'] = (isset($_POST['nick'])) ? $_POST['nick'] : $user_info['nick'];
  532. $_POST['email'] = (isset($_POST['email'])) ? $_POST['email'] : $user_info['email'];
  533. $_POST['location'] = (isset($_POST['location'])) ? $_POST['location'] : $user_info['location'];
  534. $_POST['signature'] = (isset($_POST['signature'])) ? $_POST['signature'] : $user_info['signature'];
  535. $this->getView('MainView')->putExistingModel('UsersModel', $this->getModel('UsersModel'));
  536. if (!isset($lockv))
  537. $this->getView('MainView')->edprofile_form($msg);
  538. }
  539. }
  540. public function logout()
  541. {
  542. $this->loadDependencies();
  543. if (!$this->getModel('SessionModel')->isLogged())
  544. $this->forward('index.php');
  545. $this->getModel('SessionModel')->deleteSession();
  546. $this->getView('MainView')->forum_message('You are logged out.', buildURL('index.php'));
  547. }
  548. public function login()
  549. {
  550. $this->loadDependencies();
  551. $this->loadModel('BansModel');
  552. $this->loadModel('UsersModel');
  553. if ($this->getModel('SessionModel')->isLogged())
  554. $this->forward(buildURL('index.php'));
  555. $msg = '';
  556. if (isset($_POST['nick'], $_POST['passwd']))
  557. {
  558. //secure pools
  559. $_POST['nick'] = trim(strip_tags($this->db->real_escape_string($_POST['nick'])));
  560. $_POST['passwd'] = $this->getModel('UsersModel')->generatePasswordHash($_POST['nick'], trim(strip_tags($this->db->real_escape_string($_POST['passwd']))));
  561. $userinfo = $this->getModel('SessionModel')->tryGetUser($_POST['nick'], $_POST['passwd']);
  562. if (count($userinfo) == 0)
  563. $msg = 'Invalid username or password.';
  564. if ($msg == '')
  565. {
  566. $ban_info = $this->getModel('BansModel')->getUserBan($userinfo['user_id']);
  567. if ($ban_info == null)
  568. {
  569. $this->getModel('SessionModel')->registerNewSession($userinfo['user_id']);
  570. $this->getView('MainView')->forum_message('You are logged as: <span style="font-weight: bold">'.$userinfo['nick'].'</span>', buildURL('index.php'));
  571. }
  572. else
  573. {
  574. $reason = ($ban_info['reason'] != '') ? '<br>Reason: <span style="font-style: italic">'.$ban_info['reason'].'</span>' : '';
  575. $this->getView('MainView')->forum_message('You are banned!'.$reason);
  576. }
  577. $lockv = true;
  578. }
  579. }
  580. $_POST['nick'] = (isset($_POST['nick'])) ? $_POST['nick'] : '';
  581. if (!isset($lockv))
  582. $this->getView('MainView')->login_form($msg);
  583. }
  584. public function register()
  585. {
  586. $this->loadDependencies();
  587. $this->loadModel('UsersModel');
  588. if ($this->getModel('SessionModel')->isLogged())
  589. $this->forward('index.php');
  590. $msg = '';
  591. if (isset($_POST['nick'], $_POST['passwd'], $_POST['passwd_confirm'], $_POST['email']))
  592. {
  593. //secure pools
  594. $_POST['nick'] = trim(strip_tags($this->db->real_escape_string($_POST['nick'])));
  595. $_POST['passwd'] = trim(strip_tags($_POST['passwd']));
  596. $_POST['passwd_confirm'] = trim(strip_tags($_POST['passwd_confirm']));
  597. $_POST['email'] = trim(strip_tags($this->db->real_escape_string($_POST['email'])));
  598. if (strlen($_POST['nick']) < 3)
  599. $msg .= 'Nick is too short (min 3 characters)<br>';
  600. if (strlen($_POST['passwd']) < 8)
  601. $msg .= 'Password is too short (min 8 characters)<br>';
  602. if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
  603. $msg .= 'Email is incorrect<br>';
  604. if ($this->getModel('UsersModel')->nickExists($_POST['nick']) == true)
  605. $msg .= 'Nick is in use. Type another one.<br>';
  606. if ($_POST['passwd'] != $_POST['passwd_confirm'])
  607. $msg .= 'Password do not match';
  608. if ($msg == '')
  609. {
  610. $this->getModel('UsersModel')->createNewUser($_POST['nick'], $_POST['passwd'], $_POST['email']);
  611. $this->getView('MainView')->forum_message('Your account has created. Log in to write new posts.', buildURL('index.php'), 3);
  612. $lockv = true;
  613. }
  614. }
  615. $_POST['nick'] = (isset($_POST['nick'])) ? $_POST['nick'] : '';
  616. $_POST['email'] = (isset($_POST['email'])) ? $_POST['email'] : '';
  617. if (!isset($lockv))
  618. $this->getView('MainView')->register_form($msg);
  619. }
  620. public function checknick()
  621. {
  622. $this->loadModel('UsersModel');
  623. if (!isset($_GET['nick']))
  624. $_GET['nick'] = '';
  625. $_GET['nick'] = trim($this->db->real_escape_string(strip_tags($_GET['nick'])));
  626. if ($this->getModel('UsersModel')->nickExists($_GET['nick']) == true)
  627. echo 'true';
  628. else
  629. echo 'false';
  630. }
  631. }
  632. ?>