· 6 years ago · Oct 01, 2019, 02:00 PM
1<?php
2
3namespace Aplikacja;
4
5class Dashboard
6{
7 private $request;
8 private $post;
9 private $get;
10
11 public function __construct($request){
12 $requestString = explode("?", $request);
13 $this->request = empty($requestString) ? $request : $requestString[0];
14 //$this->request = $request;
15 }
16
17 public function ProcessRequest()
18 {
19 if(!$this->request)
20 {
21 return;
22 //echo "cos sie zjebalo";
23 }
24
25 $this -> post = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
26 $this -> get = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
27
28 switch ($this->request)
29 {
30 case "/":
31 $this->showDashboard();
32 break;
33 case "/registerForm":
34 $this->showRegister();
35 break;
36 case "/loginForm":
37 $this->showLogin($this->post);
38 break;
39 case "/register":
40 $this->register();
41 break;
42 case "/afterRegistration":
43 $this->showAfterRegistration();
44 break;
45 case "/login":
46 $this->login();
47 break;
48 case "/forgetForm":
49 $this->showForget();
50 break;
51 case "/passwordResetForm":
52 $this->showPasswordReset();
53 break;
54 case "/forgot":
55 $this->forgot();
56 break;
57 case "/resetPassword":
58 $this->resetPassword();
59 break;
60 case "/profile":
61 $this->showProfile($this->get);
62 break;
63 case "/changePassword":
64 $this->changePassword();
65 break;
66 case "/changeCredentials":
67 $this->changeCredentials();
68 break;
69 case "/sessiondestroy":
70 session_destroy();
71 break;
72 case "/showActivated":
73 $this->showActivated();
74 break;
75 case "/activation":
76 $this->activation();
77 break;
78 case "/resendEmailActivation":
79 $this->showResendEmailActivation();
80 break;
81 case "/logout":
82 $this->logout();
83 break;
84 dafault:
85 //dodac 404
86 break;
87 //dalsze inputy
88 }
89
90 }
91
92 public function emailActivation($email, $username, $hash){
93
94 mail($email, "Aktywacja hasła dla ".$username." - ".SITE_NAME, "Masz 30 minut na zmianę hasła. Kliknij w link:
95 http://".ROOT_APP_URL."/activation?hash=".$hash, "From: skorpss@gmail.com" . "\r\n" .
96 "CC: somebodyelse@example.com");
97
98 }
99
100 public function showResendEmailActivation(){
101 $this->emailActivation($this->get['email'], $this->get['username'], $this->get['hash']);
102
103 header("Location:http://".ROOT_APP_URL."/afterRegistration?email=".$this->get["email"]."&username=".$this->get['username']."&hash=".$this->get['hash']);
104 return;
105 }
106
107 public function showActivated(){
108 $title = "bla bla bla - ".SITE_NAME;
109
110 require("app/views/ifActivated.view.php");
111 }
112
113 public function activation(){
114 $db = new DB();
115
116 $db -> query('SELECT * FROM user_activation WHERE activation_hash = :hash');
117 $db -> bind(':hash', $this->get['hash']);
118 $row = $db -> single();
119
120 if($row){
121 $db -> query('DELETE FROM user_activation WHERE username = :username');
122 $db -> bind(':username', $row['username']);
123 $db -> execute();//dodac przsy logowaniu spr activation
124
125 $db -> query('UPDATE user SET is_activated = 1 WHERE username = :username');
126 $db -> bind(':username', $row['username']);
127 $db -> execute;
128 $affected = $db->rowsAffected();
129
130 if($affected > 0){
131 header("Location:http://".ROOT_APP_URL."/showActivated?pw=done");
132 return;
133 }else{
134 header("Location:http://".ROOT_APP_URL."/showActivated?pw=notdone");
135 return;
136 }
137 }else{
138 header("Location:http://".ROOT_APP_URL."/showActivated?pw=notdone");
139 return;
140 }
141 }
142
143 public function showAfterRegistration(){
144 $title = "Registration successful" . " - " . SITE_NAME;
145
146 require("app/views/afterRegistration.view.php");
147 }
148
149 public function showPasswordReset(){
150 $title = "Reset hasła"." - ".SITE_NAME;
151
152 require("app/views/passwordReset.view.php");
153 }
154
155 public function showForget(){
156 $title = "Zmiana hasła"." - ".SITE_NAME;
157
158 require("app/views/forget.view.php");
159 }
160
161 public function showLogin($cookies) {
162 $title = "Logowanie"." - ".SITE_NAME;
163 /*
164 if(isset($cookies) AND $cookies['cookie']=="destroy"){
165 setcookie('username', '', -5, "/"); setcookie('email', '', -5, "/");
166 unset($_COOKIE['username']); unset($_COOKIE['email']);
167 }*/
168
169 if(isset($_COOKIE['username'])){
170 require("app/views/user_suggestion_login.view.php");
171 }else{
172 require("app/views/login.view.php");
173 }
174
175
176 }
177 public function showRegister() {
178 $title = "Rejestracja"." - ".SITE_NAME;
179
180 require("app/views/register.view.php");
181 }
182 public function showDashboard() {
183 $this->verifyUserSession();
184
185 $title = "Tablica informacyjna"." - ".SITE_NAME;
186
187 require("app/views/dashboard.view.php");
188 }
189 private function showProfile($zmienne) {
190 $this->verifyUserSession();
191
192 $title = "Profile"." - ".SITE_NAME;
193 //zrobic przyjazny url w .htaccess aby ?user=user wygladal jak profile/user
194 //zrobic aby nie zalogowany nie mogl wyswietlic tej strony
195 if($zmienne['user']==NULL){
196 $user=$_SESSION['user']->username;
197 }else{
198 $user=$zmienne['user'];
199 }
200
201 $db = new DB();
202 $db->query("SELECT * FROM user WHERE username = :username");
203 $db->bind(':username', $user);
204 $row = $db->single();
205
206 //zrobix tutaj country parser if empty
207 if(isset($row['country'])){
208 $panstwo = new countryParser($row['country']);
209 }else{
210 $panstwo = NULL;
211 }
212
213 require("app/views/profile.view.php");
214 }
215
216 private function register() {
217
218 $db = new DB();
219
220 if (empty($this->post['username']) || empty($this->post['email']) || empty($this->post['password']) || empty($this->post['password2']) || empty($this->post['lname']) || empty($this->post['fname'])){
221 Messages::setError("Zostawiłeś, któreś pole puste");
222 header("Location:http://". ROOT_APP_URL ."/registerForm");
223 return;
224 }
225 if ($this->post['password'] !== $this->post['password2']) {
226 Messages::setError("Hasła się nie zgadzają");
227 header("Location:http://". ROOT_APP_URL ."/registerForm");
228 return;
229 }
230 if ($this->post['terms'] !== "agreed") {
231 Messages::setError("Musisz zaakceptować regulamin");
232 header("Location:http://". ROOT_APP_URL ."/registerForm");
233 return;
234 }
235
236 $db -> query('SELECT * FROM user WHERE username = :username');
237 $db -> bind(':username', $this->post['username']);
238 $row1 = $db -> single();
239
240 if($row1){
241 Messages::setError("Juz sie zarejestrowal ktos o takim nicku");
242 header("Location:http://". ROOT_APP_URL ."/registerForm");
243 return;
244 }
245
246 $db -> query('SELECT * FROM user WHERE email = :email');
247 $db -> bind(':email', $this->post['email']);
248 $row2 = $db -> single();
249
250 if($row2){
251 Messages::setError("Juz sie zarejestrowal ktos o takim emailu");
252 header("Location:http://". ROOT_APP_URL ."/registerForm");
253 return;
254 }
255
256 if(empty($this->post['newsletter'])){
257 $newsletter="no";
258 }
259
260 $HashLinkActivation = hash('sha256', rand(1,getrandmax()));
261
262 $db -> query('INSERT INTO user_activation (username, activation_hash) VALUES (:username, :hash)');
263 $db -> bind(':username', $this->post['username']);
264 $db -> bind(':hash', $HashLinkActivation);
265 $db -> execute();
266
267 $db->query('INSERT INTO user (username,email,password,imie,nazwisko,newsletter) VALUES(:username,:email,:password,:imie,:nazwisko,:newsletter)');
268 $db->bind(':username', $this->post['username']);
269 $db->bind(':email', $this->post['email']);
270 $db->bind(':password', password_hash($this->post['username'].ENCRYPTION_KEY.$this->post['password'], PASSWORD_BCRYPT, ['cost' => 12]));
271 $db->bind(':imie', $this->post['fname']);
272 $db->bind(':nazwisko', $this->post['lname']);
273 $db->bind(':email', $this->post['email']);
274 $db->bind(':newsletter', $newsletter);
275 $db->execute();
276
277 if($db->lastInsertId()){
278 //setcookie("username", $row['username'], time()+3600*24*7);
279 //setcookie("email", $row['email'], time()+3600*24*7);
280
281 //Messages::setSuccess("Zarejestrowałeś się!");
282 $this->emailActivation($this->post['email'], $this->post['username'], $HashLinkActivation);
283 header("Location:http://". ROOT_APP_URL ."/afterRegistration?email=".$this->post["email"]."&username=".$this->post['username']."&hash=".$HashLinkActivation);
284 }else{
285 Messages::setError("Coś poszło nie tak, nie wiadomo co.");
286 header("Location:http://". ROOT_APP_URL ."/registerForm");
287 }
288 }
289
290 private function login(){
291 if (empty($this->post['username']) || empty($this->post['password'])){
292 Messages::setError("Nie wszystkie pola zostały wypełnione");
293 header("Location:http://". ROOT_APP_URL . "/loginForm");
294 return;
295 }
296
297 $db = new DB();
298 $db->query("SELECT * FROM user WHERE username = :username");
299 $db->bind(':username', $this->post['username']);
300 $row = $db->single();
301
302 if(password_verify($this->post['username'].ENCRYPTION_KEY.$this->post['password'], $row['password']))
303 {
304 $_SESSION['user'] = new User($row['id'], $row['email'], $row['username'], $row['imie'], $row['nazwisko']);
305 setcookie("username", $row['username'], time()+3600*24*7);
306 setcookie("email", $row['email'], time()+3600*24*7);
307
308
309
310 //Messages::setSuccess("Zalogowano poprawnie");
311 header("Location:http://". ROOT_APP_URL);
312 }else{
313 Messages::setError("Nie udało się zalogować");
314 header("Location:http://". ROOT_APP_URL ."/loginForm");
315 }
316 }
317
318 private function logout() {
319 unset($_SESSION['user']);
320
321 Messages::setSuccess('Wylogowano poprawnie');
322 header('Location:https://' . ROOT_APP_URL . "/loginForm");
323 }
324
325 private function verifyUserSession() {
326 if (empty($_SESSION['user'])) {
327 Messages::setError("Musisz się zalogować");
328 header("Location:http://" . ROOT_APP_URL . "/loginForm");
329 return;
330 }
331 }
332
333 private function changePassword(){
334 $this->verifyUserSession();
335
336
337 if ( empty($this->post['oldPassword']) || empty($this->post['password']) || empty($this->post['password2']) )
338 {
339 Messages::setError("Nie wszystkie pola zostały wypełnione.");
340 header("Location:http://" . ROOT_APP_URL . "/profile?edit=on");
341 return;
342 }
343
344 //sprawdzanie starego hasla
345
346 $db = new DB();
347 $db->query('SELECT password FROM user WHERE username = :username');
348 $db->bind(':username', $_SESSION['user']->username);
349 $oldPassword = $db->single();
350 $hashPassword = password_hash($_SESSION['user'].ENCRYPTION_KEY.$this->post['password'], PASSWORD_BCRYPT, ['cost' => 12]);
351 $hashOldPassword = password_hash($_SESSION['user'].ENCRYPTION_KEY.$this->post['oldPassword'], PASSWORD_BCRYPT, ['cost' => 12]);
352 //porownanie starego hasla z haslem w bazie
353 if ($oldPassword["password"] !== $hashOldPassword){
354 Messages::setError("Stare hasło różni się od tego, które posiadasz.");
355 header("Location:http://" . ROOT_APP_URL . "/profile?edit=on");
356 return;
357 }
358 //porownanie starego hasla z nowym
359 if ($hashPassword == $hashOldPassword){
360 Messages::setError("Nowe hasło jest identyczne jak stare.");
361 header("Location:http://" . ROOT_APP_URL . "/profile?edit=on");
362 return;
363 }
364 //sprawdzenie czy pacjent sie nie pomylil :P
365 if ($this->post['password'] !== $this->post['password2'])
366 {
367 Messages::setError("Nowe hasła nie są identyczne.");
368 header("Location:http://" . ROOT_APP_URL . "/profile?edit=on");
369 return;
370 }
371
372
373 $db->query('UPDATE user SET password = :password WHERE id = :id');
374 $db->bind(':id', $_SESSION['user']->id);
375 $db->bind(':password', $hashPassword);
376 $db->execute();
377
378 if ($db->rowsAffected() > 0){//sprawdzic czy nie wyswietla ci panelu po zmianie hasla, po zrobieniu zabezpieczen
379 Messages::setSuccess("Hasło zmienione. Zaloguj się nowymi danymi.");
380 header("Location:http://". ROOT_APP_URL ."/loginForm");
381 }else{
382 Messages::setError("Nie udało się zmienić hasła.");
383 header("Location:http://" . ROOT_APP_URL . "/profile?edit=on");
384 }
385 }
386
387 public function forgot(){
388 if (empty($this->post['emailorusername'])){
389 Messages::setError("Podaj adres Email lub Nazwe Uzytkownika uzytą do rejestracji.");
390 header("Location:http://". ROOT_APP_URL ."/forgetForm");
391 return;
392 }
393
394 $db = new DB();
395 $db -> query ("SELECT * FROM user WHERE email = :email OR username = :username");
396 $db -> bind (':email', $this->post['emailorusername']);
397 $db -> bind (':username', $this->post['emailorusername']);
398 $row = $db->single();
399
400 if($row){
401 $userID = $row['id'];
402 $secret = sha1(\microtime());
403
404
405 $db->query('INSERT INTO reminder (userID, secretKey, validUntile) VALUES (:userID, :secret, now()+ INTERVAL 30 MINUTE)');
406 $db->bind(':userID', $userID);
407 $db->bind(':secret', $secret);
408 $db->execute();
409 $id = $db->lastInsertId();
410
411 mail($row['email'], "Reset hasła dla ".$row['username']." - ".SITE_NAME, "Masz 30 minut na zmianę hasła. Kliknij w link:
412 http://".ROOT_APP_URL."/passwordResetForm?id=".$id."&secret=".$secret, "From: webmaster@example.com" . "\r\n" .
413 "CC: somebodyelse@example.com");
414
415 }
416
417 Messages::setSuccess("Sprawdź skrzynke email. Jeśli te dane znajdują się u nas w bazie - dostaniesz wiadomość.");
418 header("Location:http://".ROOT_APP_URL."/forgetForm");
419 }
420
421 public function resetPassword(){
422
423
424 if(empty($this->post['id']) || empty($this->post['secret']) || empty($this->post['password'])){
425
426 Messages::setError("Brak Danych");
427 header("Location:http://".ROOT_APP_URL."/loginForm");
428 return;
429 }
430
431 if($this->post['password'] !== $this->post['password2']){
432 Messages::setError("Nowe hasła się nie zgadzają.");
433 header("Location:http://".ROOT_APP_URL."/passwordResetForm");//?id=".$this->post['id']."&secret=".$this->post['secret']
434 return;
435 }
436
437 $db = new DB();
438 $db->query("SELECT * FROM reminder WHERE id = :id AND secretKey = :secret AND dateUsed IS NULL AND validUntile > now()");
439 $db->bind(':id', $this->post['id']);
440 $db->bind(':secret', $this->post['secret']);
441 $row = $db->single();
442
443 if($row){
444 $db->query("SELECT username FROM user WHERE id = :id");
445 $db->bind(':id', $row['userID']);
446 $user = $db->single();
447
448 $db -> query("UPDATE user SET password = :password WHERE id = :id");
449 $db -> bind(':id', $row['userID']);
450 $db -> bind(':password', password_hash($user['username'].ENCRYPTION_KEY.$this->post['password'], PASSWORD_BCRYPT, ['cost' => 12]));
451 $db -> execute();
452
453 $db -> query('UPDATE reminder SET dateUsed = now() WHERE id = :id');
454 $db -> bind(':id', $this->post['id']);
455 $db -> execute();
456
457 Messages::setSuccess("Hasło ustawione. Możesz się zalogować.");
458 header("Location:http://" . ROOT_APP_URL . "/loginFormU");
459 }else{
460 Messages::setError("Link nieprawidłowy. Hasło nie zostało zmienione.");
461 header("Location:http://" . ROOT_APP_URL . "/loginFormN");
462 }
463 }
464}