diff --git a/.gitignore b/.gitignore index 9c4abe5a..3eb3c5cd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ application/config/database.php application/logs/*.php +application/controllers/test.php .DS_Store .buildpath .project diff --git a/application/config/config.php b/application/config/config.php index eaa349df..8be611c1 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -319,7 +319,7 @@ | by the output class. Do not 'echo' any values with compression enabled. | */ -$config['compress_output'] = TRUE; +$config['compress_output'] = false; /* |-------------------------------------------------------------------------- diff --git a/application/config/migration.php b/application/config/migration.php index 297e6917..cd7045f3 100644 --- a/application/config/migration.php +++ b/application/config/migration.php @@ -4,11 +4,11 @@ | Enable/Disable Migrations |-------------------------------------------------------------------------- | -| Migrations are disabled by default but should be enabled +| Migrations are disabled by default but should be enabled | whenever you intend to do a schema migration. | */ -$config['migration_enabled'] = TRUE; +$config['migration_enabled'] = true; /* @@ -21,7 +21,7 @@ | be upgraded / downgraded to. | */ -$config['migration_version'] = 2; +$config['migration_version'] = 3; /* diff --git a/application/controllers/groups.php b/application/controllers/groups.php index 031d7123..ef3d6484 100644 --- a/application/controllers/groups.php +++ b/application/controllers/groups.php @@ -323,8 +323,7 @@ public function members() { $data['group']['member_count'] = $this->Groups_model->get_group_members_count($group[0]['id']); $data['group']['members'] = $this->Groups_model->get_group_members($group[0]['id']); - - $invites = $this->db->query("SELECT * FROM groups_invites WHERE groupid = '".$group[0]['id']."' AND status = ''"); + $invites = $this->db->query("SELECT * FROM groups_invites WHERE groupid = '".$group[0]['id']."' AND status IS NULL"); if ($invites->num_rows() > 0) { $data['group']['invites'] = $invites->result_array(); } @@ -338,7 +337,6 @@ public function members() { if ($data['group']['owner'] != $this->session->userdata('userid')) { show_404($this->uri->uri_string()); } - $this->load->view('groups_members',$data); } diff --git a/application/controllers/install.php b/application/controllers/install.php index 07a87e8a..5cd8cafa 100644 --- a/application/controllers/install.php +++ b/application/controllers/install.php @@ -1,20 +1,20 @@ load->helper(array('url','form')); $this->load->library('session'); $this->load->database(); // Load Database for all methods - + } public function index() { - + // Step one: See if there is a database $data['install_complete'] = $this->database_install(); @@ -24,11 +24,11 @@ public function index() public function database_install() { - + // See if there is a users table // Also, be sure there _are_ users. if ( !$this->db->table_exists('users') ) { // No user table - + // There is no users table, run migrations to make // sure that database is up-to-date. $this->load->library('migration'); @@ -38,9 +38,9 @@ public function database_install() show_error($this->migration->error_string()); exit; } - + } - + // Make sure there is at least one user $this->db->from('users'); $number_of_users = $this->db->count_all_results(); @@ -49,13 +49,13 @@ public function database_install() return true; } else { return false; - } - + } + return false; } // Used to update from one version to another. - public function upgrade() + public function upgrade() { // There is no users table, run migrations to make // sure that database is up-to-date. diff --git a/application/controllers/nilai.php b/application/controllers/nilai.php index 492c10b9..1fe0b8a1 100644 --- a/application/controllers/nilai.php +++ b/application/controllers/nilai.php @@ -1,20 +1,20 @@ load->helper(array('url','form','date','oembed')); $this->load->library('session'); } - + // Unused for now. public function index() { } - + public function home($when='') { if (!$this->session->userdata('userid')) { redirect(''); } @@ -46,10 +46,10 @@ public function home($when='') $data['groups']['belong'] = $this->Groups_model->get_groups_user_belongs_to(); - $invites = $this->db->query("SELECT groups_invites.*, groups_invites.id as inviteid, groups.*, users.emailaddress as invitedemail, users.id as invitedbyid FROM groups_invites LEFT JOIN groups ON groups_invites.groupid=groups.id LEFT JOIN users ON groups_invites.invitedby=users.id WHERE groups_invites.emailaddress = '".$this->session->userdata('emailaddress')."' AND groups_invites.status = ''"); + $invites = $this->db->query("SELECT groups_invites.*, groups_invites.id as inviteid, groups.*, users.email as invitedemail, users.user_id as invitedbyid FROM groups_invites LEFT JOIN groups ON groups_invites.groupid=groups.id LEFT JOIN users ON groups_invites.invitedby=users.user_id WHERE groups_invites.emailaddress = '".$this->session->userdata('emailaddress')."' AND groups_invites.status IS NULL"); if ($invites->num_rows() > 0) $data['invites'] = $invites->result_array(); - /*if ($this->session->userdata('emailaddress') == 'colin@cdevroe.com') { + /*if ($this->session->userdata('emailaddress') == 'colin@cdevroe.com') { $usercount = $this->db->query("SELECT COUNT(*) as numusers FROM users WHERE status = 'paid'"); $markcount = $this->db->query("SELECT COUNT(*) as nummarks FROM marks"); $groupcount = $this->db->query("SELECT COUNT(*) as numgroups FROM groups"); @@ -74,7 +74,7 @@ public function home($when='') $this->load->view('marks',$data); } - + public function bylabel() { if (!$this->session->userdata('userid')) { redirect(''); } @@ -85,7 +85,7 @@ public function bylabel() $this->load->model('Marks_model'); $label = $this->uri->segment(3); - + // Retrieve marks. $data['marks'] = $this->Marks_model->get_by_label($label); @@ -98,7 +98,7 @@ public function bylabel() $this->load->view('marks',$data); } - + public function bygroup() { if (!$this->session->userdata('userid')) { redirect(''); } @@ -150,7 +150,7 @@ public function search() $this->load->database(); $this->load->model('Groups_model'); $this->load->model('Marks_model'); - + $data['marks'] = $this->Marks_model->search_from_user($s); // Load the groups the user belongs to @@ -184,7 +184,7 @@ public function add() if ( $urlid === false ) { // Add mark to the current logged in user exit('Could not add the mark due to an unknown error.'); - + } else { $user_markid = $this->Marks_model->add_mark_to_user($urlid); } @@ -192,7 +192,7 @@ public function add() redirect('marks/edit/'.$user_markid.'/?bookmarklet=true'); } - + public function addlabel($urlid='',$label='') { if (!$this->session->userdata('userid')) { redirect('home'); } @@ -206,7 +206,7 @@ public function addlabel($urlid='',$label='') // Success! return; } - + public function addsmartlabel($domain='',$label='') { if (!$this->session->userdata('userid')) { redirect('home'); } @@ -225,7 +225,7 @@ public function addsmartlabel($domain='',$label='') return; } - + public function removesmartlabel($domain='',$label='') { if (!$this->session->userdata('userid')) { redirect('home'); } @@ -235,10 +235,10 @@ public function removesmartlabel($domain='',$label='') if ($this->input->get('label') != '') $label = $this->input->get('label'); $this->db->delete('users_smartlabels', array('userid' => $this->session->userdata('userid'),'domain'=>$domain)); - + return; } - + public function checkdefaultsmartlabel($parsedUrl='') { switch (str_replace('www.','',$parsedUrl['host'])) { @@ -249,32 +249,32 @@ public function checkdefaultsmartlabel($parsedUrl='') return array(TRUE,'watch'); } break; - + case 'viddler.com': $pathPos = strpos(strtolower($parsedUrl['path']),'/v'); if ($pathPos !== FALSE) { return array(TRUE,'watch'); } break; - + case 'devour.com': $pathPos = strpos(strtolower($parsedUrl['path']),'/video'); if ($pathPos !== FALSE) { return array(TRUE,'watch'); } break; - + case 'ted.com': $pathPos = strpos(strtolower($parsedUrl['path']),'/talks'); if ($pathPos !== FALSE) { return array(TRUE,'watch'); } break; - + case 'vimeo.com': return array(TRUE,'watch'); break; - + /* Documentation URLs */ case 'php.net': $pathPos = strpos(strtolower($parsedUrl['path']),'/manual'); @@ -282,74 +282,74 @@ public function checkdefaultsmartlabel($parsedUrl='') return array(TRUE,'read'); } break; - + case 'api.rubyonrails.org': return array(TRUE,'read'); break; - + case 'ruby-doc.org': return array(TRUE,'read'); break; - + case 'docs.jquery.com': return array(TRUE,'read'); break; - + case 'codeigniter.com': $pathPos = strpos(strtolower($parsedUrl['path']),'/user_guide'); if ($pathPos !== FALSE) { return array(TRUE,'read'); } break; - + case 'css-tricks.com': $pathPos = strpos(strtolower($parsedUrl['path']),'/almanac'); if ($pathPos !== FALSE) { return array(TRUE,'read'); } break; - + case 'developer.apple.com': $pathPos = strpos(strtolower($parsedUrl['path']),'/library'); if ($pathPos !== FALSE) { return array(TRUE,'read'); } break; - + /* Recipe URLs */ - + case 'simplyrecipes.com': $pathPos = strpos(strtolower($parsedUrl['path']),'/recipes'); if ($pathPos !== FALSE) { return array(TRUE,'eatdrink'); } break; - + case 'allrecipes.com': return array(TRUE,'eatdrink'); break; - + case 'epicurious.com': $pathPos = strpos(strtolower($parsedUrl['path']),'/recipes'); if ($pathPos !== FALSE) { return array(TRUE,'eatdrink'); } break; - + case 'foodnetwork.com': $pathPos = strpos(strtolower($parsedUrl['path']),'/recipes'); if ($pathPos !== FALSE) { return array(TRUE,'eatdrink'); } break; - + case 'food.com': $pathPos = strpos(strtolower($parsedUrl['path']),'/recipe'); if ($pathPos !== FALSE) { return array(TRUE,'eatdrink'); } break; - + /* Shopping URLs */ case 'svpply.com': @@ -357,7 +357,7 @@ public function checkdefaultsmartlabel($parsedUrl='') if ($pathPos !== FALSE) { return array(TRUE,'buy'); } - break; + break; case 'amazon.com': $pathPos = strpos(strtolower($parsedUrl['path']),'/gp/product'); @@ -372,18 +372,18 @@ public function checkdefaultsmartlabel($parsedUrl='') return array(TRUE,'buy'); } break; - + case 'zappos.com': return array(TRUE,'buy'); - break; - + break; + default: //echo 'not adding any label'; break; } - + } - + public function addgroup($urlid='',$group='') { if (!$this->session->userdata('userid')) { redirect('home'); } @@ -434,7 +434,7 @@ public function edit() $mark = $this->Marks_model->get_users_mark_by_id($markid); if ( is_array($mark) == true ) { - + $parsedUrl = parse_url($mark[0]['url']); // First, check for user smart labels @@ -483,7 +483,7 @@ public function edit() show_404(); } } - + public function savenote($urlid='',$note='') { if (!$this->session->userdata('userid')) { redirect('home'); } @@ -497,7 +497,7 @@ public function savenote($urlid='',$note='') // Success! return; } - + public function archive() { if (!$this->session->userdata('userid')) { redirect(''); } @@ -509,7 +509,7 @@ public function archive() echo 'success'; exit; } - + public function restore() { if (!$this->session->userdata('userid')) { redirect(''); } @@ -539,7 +539,7 @@ public function delete() redirect('home'); } - + // Finds the day's bookmarks // Checks to see if they need oEmbed // Process them. @@ -579,7 +579,7 @@ public function backprocessOembed() } // end if return; } - + // Finds the day's bookmarks // Checks to see if they need Recipe Parsing // Process them. @@ -626,7 +626,7 @@ public function backprocessRecipes() return; } - + } /* End of file nilai.php */ diff --git a/application/controllers/users.php b/application/controllers/users.php index 8b6f47dc..c23c9cca 100644 --- a/application/controllers/users.php +++ b/application/controllers/users.php @@ -3,7 +3,7 @@ class Users extends CI_Controller { public function index(){ } // Unused - + // Method: login() // Used to log a user in // Accepts: Nothing @@ -31,7 +31,7 @@ public function login() { // If user found (and password matches) if ( is_array($user) === true ) { - + // If they were adding a mark, save the URL before session is destroyed. $addurl = $this->session->flashdata('addurl'); @@ -40,8 +40,8 @@ public function login() { // Create new session and add new user information to it $this->session->sess_create(); - $this->session->set_userdata(array('userid'=>$user['id'],'emailaddress'=>$user['emailaddress'],'logged_in'=>true,'status'=>$user['status'])); - + $this->session->set_userdata(array('userid'=>$user['user_id'],'emailaddress'=>$user['email'],'logged_in'=>true,'status'=>$user['status'])); + } else { // User not found, or password didn't match exit( 'Please supply a valid username or password. Or create an account.' ); @@ -57,7 +57,7 @@ public function login() { } } - + // Method: logout() // Used to log a user out of Nilai // Accepts: Noething @@ -68,19 +68,19 @@ public function logout() { $this->session->sess_destroy(); redirect(''); } - + // Method: add() // Used to add a user // Accepts: Nothing // Returns: Redirects to /home/ public function add() { - + // Load everything we need for this method $this->load->database(); $this->load->model('Users_model'); $this->load->library( 'session' ); - $this->load->helper( array('url','email') ); + $this->load->helper( array('url','email', 'validation_helper') ); // Form input data $emailaddress = $this->input->post( 'emailaddress' ); @@ -88,7 +88,7 @@ public function add() { // If emailaddress or password is empty // Or if the email address is not valid, skip - if ( $emailaddress != '' && $password != '' && valid_email($emailaddress) ) { + if (valid_email($emailaddress) && isValid($password, 'password')) { // Check to see if email address exists already // If email already in use, exit @@ -102,7 +102,7 @@ public function add() { // Destroy old CodeIgniter Session $this->session->sess_destroy(); - + // Create brand-new session $this->session->sess_create(); @@ -111,7 +111,7 @@ public function add() { // Congratulate them $this->session->set_flashdata('message', 'Congratulations. Enjoy using Nilai.'); - + // ### Add some "Starter Links" // Mark: Read the FAQ @@ -128,7 +128,7 @@ public function add() { // All set, take them to their stream redirect('home'); - + } else { exit( 'Please enter a valid email address and a password.' ); @@ -136,7 +136,7 @@ public function add() { } // end if emailaddress/password } // end add() - + } /* End of file users.php */ diff --git a/application/controllers/welcome.php b/application/controllers/welcome.php index e5d7a510..ddf2f0d5 100644 --- a/application/controllers/welcome.php +++ b/application/controllers/welcome.php @@ -7,10 +7,10 @@ class Welcome extends CI_Controller { * * Maps to the following URL * http://example.com/index.php/welcome - * - or - + * - or - * http://example.com/index.php/welcome/index * - or - - * Since this controller is set as the default controller in + * Since this controller is set as the default controller in * config/routes.php, it's displayed at http://example.com/ * * So any other public methods not prefixed with an underscore will @@ -39,7 +39,7 @@ public function index() $this->load->view('home'); } } - + public function sirius() { $this->load->helper(array('url','form')); @@ -71,7 +71,7 @@ public function faq() { $this->load->helper(array('url','form')); $this->load->library('session'); - + $data['when'] = ''; $data['label'] = ''; @@ -101,7 +101,7 @@ public function changelog() { $this->load->helper(array('url','form')); $this->load->library('session'); - + if ($this->session->userdata('status') == 'active') { $data['label'] = ''; $data['group']['groupuid'] = ''; @@ -120,7 +120,7 @@ public function terms() $data = array(); $this->load->view('terms', $data); } - + } /* End of file welcome.php */ diff --git a/application/helpers/hash_helper.php b/application/helpers/hash_helper.php new file mode 100644 index 00000000..cb348472 --- /dev/null +++ b/application/helpers/hash_helper.php @@ -0,0 +1,92 @@ += 48 && $ord <= 57) ? true : $numeric; + $lower = ($ord >= 65 && $ord <= 90) ? true : $lower; + $upper = ($ord >= 97 && $ord <= 122) ? true : $upper; + } + + return ($numeric === true && $lower === true && $upper === true) ? true : false; +} + +function verifyHash($str, $hash) +{ + return (crypt($str, $hash) == $hash) ? true : false; +} \ No newline at end of file diff --git a/application/helpers/validation_helper.php b/application/helpers/validation_helper.php new file mode 100644 index 00000000..f2349071 --- /dev/null +++ b/application/helpers/validation_helper.php @@ -0,0 +1,80 @@ += 6) ? true : false; + } + elseif ($type == 'numeric') { + return (is_numeric($val) && $val >= 0) ? true : false; + } + elseif ($type == 'bool') { + return ($val === true || $val === false || $val == '0' || $val == '1') ? true : false; + } + elseif ($type == 'string') { + return (is_string($val)) ? true : false; + } + elseif ($type == 'datetime') { + return (preg_match('/([0-9]{4}-[0-9]{2}-[0-9]{2})\s([0-9]{2}:[0-9]{2}:[0-9]{2})/', $val)) ? true : false; + } + elseif ($type == 'date') { + return (preg_match('/([0-9]{4}-[0-9]{2}-[0-9]{2})/', $val)) ? true : false; + } + elseif ($type == 'time') { + return (preg_match('/([0-9]{2}:[0-9]{2}:[0-9]{2})/', $val)) ? true : false; + } + elseif ($type == 'domain') { + return (preg_match('/[A-Z0-9._-]+\.[A-Z]{2,}/i', $val) || $val == '*') ? true : false; + } + elseif ($type == 'subdomain') { + return (preg_match('/^[A-Z0-9_-]{3,}$/i', $val)) ? true : false; + } + elseif ($type == 'json') { + $tmp = json_encode($val); + return (json_last_error() == JSON_ERROR_NONE) ? true : false; + } + elseif ($type == 'variable') { + // PHP variables + // Must start with letter or underscore + // Can only contain letters, underscores and/or numbers + return (preg_match('/^[a-z_\x7f-\xff]([a-z0-9_\x7f-\xff])*$/i', $val)) ? true : false; + } + elseif ($type == 'slug') { + // Slugs can only contain letters, numbers and dashes + return (preg_match('/^[a-z0-9\-\/]+$/i', $val)) ? true : false; + } + return false; +} + +function validate($options=array(), $data_types=array(), $required=array()) +{ + $meets_reqs = true; + $errors = new stdClass; + + //Check required fields + if (! empty($required)) { + foreach ($required as $column) { + if (! isset($options[$column]) || $options[$column] == '') { + $errors->{$column} = ucwords(strtolower(str_replace('_', ' ', $column))) . ' is required.'; + $meets_reqs = false; + } + } + } + + // Check data type requirements + if (! empty($data_types)) { + foreach ($data_types as $column => $type) { + if (isset($options[$column]) && ! isValid($options[$column], $type)) { + $errors->{$column} = ucwords(strtolower(str_replace('_', ' ', $column))) . ' is not valid.'; + $meets_reqs = false; + } + } + } + + return ($meets_reqs === false) ? $errors : true; +} \ No newline at end of file diff --git a/application/migrations/003_users_update.php b/application/migrations/003_users_update.php new file mode 100644 index 00000000..ed03a700 --- /dev/null +++ b/application/migrations/003_users_update.php @@ -0,0 +1,32 @@ +db->query('ALTER TABLE `users` CHANGE COLUMN `id` `user_id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT'); + $this->db->query('ALTER TABLE `users` DROP PRIMARY KEY, ADD PRIMARY KEY (`user_id`)'); + $this->db->query('ALTER TABLE `users` CHANGE COLUMN `emailaddress` `email` varchar(255) NOT NULL'); + $this->db->query('ALTER TABLE `users` CHANGE COLUMN `password` `password` varchar(150) NOT NULL'); + $this->db->query('ALTER TABLE `users` CHANGE COLUMN `datejoined` `date_joined` datetime NOT NULL DEFAULT \'0000-00-00 00:00:00\''); + $this->db->query('ALTER TABLE `users` CHANGE COLUMN `status` `status` varchar(25) NOT NULL DEFAULT \'inactive\''); + $this->db->query('ALTER TABLE `users` ADD COLUMN `last_updated` timestamp NOT NULL ON UPDATE CURRENT_TIMESTAMP DEFAULT CURRENT_TIMESTAMP AFTER `status`'); + $this->db->query('ALTER TABLE `users` DROP INDEX `emailaddress`'); + $this->db->query('ALTER TABLE `users` ADD UNIQUE `email`(email)'); + } + + public function down() + { + + $this->db->query('ALTER TABLE `users` CHANGE COLUMN `user_id` `id` bigint(11) NOT NULL AUTO_INCREMENT'); + $this->db->query('ALTER TABLE `users` DROP PRIMARY KEY, ADD PRIMARY KEY (`id`)'); + $this->db->query('ALTER TABLE `users` DROP COLUMN `last_updated`'); + $this->db->query('ALTER TABLE `users` CHANGE COLUMN `email` `emailaddress` varchar(255) NOT NULL'); + $this->db->query('ALTER TABLE `users` CHANGE COLUMN `password` `password` varchar(255) NOT NULL'); + $this->db->query('ALTER TABLE `users` CHANGE COLUMN `date_joined` `datejoined` timestamp NOT NULL ON UPDATE CURRENT_TIMESTAMP DEFAULT CURRENT_TIMESTAMP'); + $this->db->query('ALTER TABLE `users` CHANGE COLUMN `status` `status` varchar(255) NOT NULL'); + $this->db->query('ALTER TABLE `users` DROP INDEX `email`'); + $this->db->query('ALTER TABLE `users` ADD UNIQUE `emailaddress`(emailaddress)'); + } + +} \ No newline at end of file diff --git a/application/models/groups_model.php b/application/models/groups_model.php index 798b604f..e74c2a5c 100644 --- a/application/models/groups_model.php +++ b/application/models/groups_model.php @@ -17,9 +17,9 @@ function create_group() // Add group to database $this->db->insert('groups',array('name'=>$name,'description'=>$description,'uid'=>$uid,'createdby'=>$this->session->userdata('userid'))); - + $groupid = $this->Groups_model->get_group_id($uid); - if (!$groupid) { + if (!$groupid) { exit ('there was a problem creating the group'); } @@ -62,11 +62,11 @@ function delete_group() function get_group_id( $uid ) { - + if (!$uid) { return false; } $group = $this->db->get_where('groups', array('uid' => $uid)); - + if ($group->num_rows() > 0) { $group = $group->result_object(); return $group[0]->id; @@ -82,7 +82,7 @@ function get_group_info($groupid) if ($group->num_rows() > 0) { return $group->result_array(); } - + return false; } @@ -97,9 +97,9 @@ function get_all_groups() } function get_groups_user_belongs_to() - { + { $user_belongs_to_groups = $this->db->query('SELECT * FROM users_groups LEFT JOIN groups ON users_groups.groupid=groups.id WHERE users_groups.userid='.$this->session->userdata('userid')); - + if ($user_belongs_to_groups->num_rows() > 0) { return $user_belongs_to_groups->result_array(); } else { @@ -121,7 +121,7 @@ function get_groups_created_by_user() function get_group_members($id) { - $groupmembers = $this->db->query("SELECT * FROM users_groups LEFT JOIN users ON users_groups.userid=users.id WHERE users_groups.groupid = '".$id."'"); + $groupmembers = $this->db->query("SELECT * FROM users_groups LEFT JOIN users ON users_groups.userid=users.user_id WHERE users_groups.groupid = '".$id."'"); if ( $groupmembers->num_rows() > 0 ) { return $groupmembers->result_array(); @@ -176,9 +176,9 @@ function invite_member_to_group() // Do not allow a person to be invited more than once $invites = $this->db->get_where('groups_invites', array('emailaddress' => $emailaddress, 'groupid' => $groupid)); - + if ($invites->num_rows() > 0) { - return false; + return false; } // Add invite to invites table diff --git a/application/models/marks_model.php b/application/models/marks_model.php index d30fa821..c4ad0d6e 100644 --- a/application/models/marks_model.php +++ b/application/models/marks_model.php @@ -22,19 +22,19 @@ function create($title='',$url='') } $this->db->insert('marks',array('title'=>$title,'url'=>$url)); - + // Still unsure if this is the best way to get this ID return $this->db->insert_id(); } function add_mark_to_user($urlid='') - { + { if ($urlid=='') return false; // Lets see if this user has ever added this URL before $mark = $this->db->get_where('users_marks',array('urlid'=>$urlid,'userid'=>$this->session->userdata('userid'))); - + if ($mark->num_rows() > 0) { $mark = $mark->result_array(); return $mark[0]['id']; @@ -57,7 +57,7 @@ function delete_mark_for_user($urlid) // Lets see if this user has ever added this URL before $mark = $this->db->delete('users_marks',array('urlid'=>$urlid,'userid'=>$this->session->userdata('userid'))); - + return true; } @@ -83,15 +83,15 @@ function get_by_time($time='') switch($time) { case '': - $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.id, users.emailaddress, users_marks.id as usersmarkid, users_marks.dateadded as dateadded FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users ON users_marks.addedby=users.id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND users_marks.status != 'archive' ORDER BY users_marks.id DESC LIMIT 100"); + $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.user_id, users.email, users_marks.id as usersmarkid, users_marks.dateadded as dateadded FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users ON users_marks.addedby=users.user_id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND users_marks.status != 'archive' ORDER BY users_marks.id DESC LIMIT 100"); break; case 'today': - $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.id, users.emailaddress, users_marks.id as usersmarkid, users_marks.dateadded as dateadded FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users on users_marks.addedby=users.id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND UNIX_TIMESTAMP(marks.dateadded) > ".$today." AND users_marks.status != 'archive' ORDER BY users_marks.id DESC LIMIT 100"); + $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.user_id, users.email, users_marks.id as usersmarkid, users_marks.dateadded as dateadded FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users on users_marks.addedby=users.user_id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND UNIX_TIMESTAMP(marks.dateadded) > ".$today." AND users_marks.status != 'archive' ORDER BY users_marks.id DESC LIMIT 100"); break; case 'yesterday': - $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.id, users.emailaddress, users_marks.id as usersmarkid, users_marks.dateadded as dateadded FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users on users_marks.addedby=users.id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND UNIX_TIMESTAMP(marks.dateadded) > ".$yesterday." AND UNIX_TIMESTAMP(marks.dateadded) < ".$today." AND users_marks.status != 'archive' ORDER BY users_marks.id DESC LIMIT 100"); + $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.user_id, users.email, users_marks.id as usersmarkid, users_marks.dateadded as dateadded FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users on users_marks.addedby=users.user_id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND UNIX_TIMESTAMP(marks.dateadded) > ".$yesterday." AND UNIX_TIMESTAMP(marks.dateadded) < ".$today." AND users_marks.status != 'archive' ORDER BY users_marks.id DESC LIMIT 100"); break; } @@ -135,11 +135,11 @@ function get_number_saved_today() return false; } - function get_by_label($label='') - { + function get_by_label($label='') + { if ($label == 'unlabeled') $label = ''; - - $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.id, users.emailaddress, users_marks.id as usersmarkid, users_marks.dateadded as dateadded FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users on users_marks.addedby=users.id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND users_marks.tags = '".$label."' AND users_marks.status != 'archive' ORDER BY users_marks.id DESC LIMIT 100"); + + $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.user_id, users.email, users_marks.id as usersmarkid, users_marks.dateadded as dateadded FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users on users_marks.addedby=users.user_id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND users_marks.tags = '".$label."' AND users_marks.status != 'archive' ORDER BY users_marks.id DESC LIMIT 100"); // Are there any results? If so, return. if ($marks->num_rows() > 0) { @@ -151,7 +151,7 @@ function get_by_label($label='') function get_archived() { - $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.id, users.emailaddress, users_marks.id as usersmarkid, users_marks.dateadded as dateadded FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users on users_marks.addedby=users.id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND users_marks.status = 'archive' ORDER BY users_marks.id DESC LIMIT 100"); + $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.user_id, users.email, users_marks.id as usersmarkid, users_marks.dateadded as dateadded FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users on users_marks.addedby=users.user_id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND users_marks.status = 'archive' ORDER BY users_marks.id DESC LIMIT 100"); // Are there any results? If so, return. @@ -166,7 +166,7 @@ function get_by_group($groupuid='') { if ($groupuid == '') return false; - $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.id, users.emailaddress, users_marks.id as usersmarkid, users_marks.dateadded as dateadded, groups.id as groupid FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users ON users_marks.addedby=users.id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND groups.uid='".$groupuid."' AND users_marks.status != 'archive' ORDER BY users_marks.id DESC LIMIT 100"); + $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.user_id, users.email, users_marks.id as usersmarkid, users_marks.dateadded as dateadded, groups.id as groupid FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users ON users_marks.addedby=users.user_id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND groups.uid='".$groupuid."' AND users_marks.status != 'archive' ORDER BY users_marks.id DESC LIMIT 100"); // Are there any results? If so, return. if ($marks->num_rows() > 0) { @@ -179,7 +179,7 @@ function get_by_group($groupuid='') function add_mark_to_group($urlid='',$groupid='') { if ($urlid=='' || $groupid =='') return false; - + $this->load->model('Groups_model'); $this->db->update('users_marks',array('groups'=>$groupid),array('urlid' => $urlid,'userid'=>$this->session->userdata('userid'))); @@ -202,7 +202,7 @@ function search_from_user($search='') { if ($search == '') return false; - $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.id, users.emailaddress, users_marks.id as usersmarkid, users_marks.dateadded as dateadded FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users on users_marks.addedby=users.id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND marks.title LIKE '%".$search."%' ORDER BY users_marks.id DESC LIMIT 100"); + $marks = $this->db->query("SELECT users_marks.*, marks.*, groups.*, users.user_id, users.email, users_marks.id as usersmarkid, users_marks.dateadded as dateadded FROM users_marks LEFT JOIN marks ON users_marks.urlid=marks.id LEFT JOIN groups ON users_marks.groups=groups.id LEFT JOIN users on users_marks.addedby=users.user_id WHERE users_marks.userid='".$this->session->userdata('userid')."' AND marks.title LIKE '%".$search."%' ORDER BY users_marks.id DESC LIMIT 100"); // Are there any results? If so, return. if ($marks->num_rows() > 0) { diff --git a/application/models/users_model.php b/application/models/users_model.php index 44b3ca3d..3674064f 100644 --- a/application/models/users_model.php +++ b/application/models/users_model.php @@ -11,28 +11,34 @@ function __construct() function create_user() { - + // Form input data - $emailaddress = $this->input->post( 'emailaddress' ); - $password = $this->input->post( 'password' ); + $email = $this->input->post('emailaddress'); + $password = $this->input->post('password'); // Check to see if email address exists already // If email already in use, exit - $user = $this->Users_model->get_user_by_emailaddress($emailaddress); + $user = $this->Users_model->get_user_by_email($email); if ( is_array($user) ) { return false; } // Add user to users table - $this->db->insert('users',array('emailaddress'=>$emailaddress,'password'=>md5($password),'status'=>'active')); - + $this->load->helper('hash_helper'); + $password = generateHash($password); + + if ($password === false) { + return false; + } + + $this->db->insert('users', array( + 'email' => $email, + 'password' => $password, + 'status' => 'active' + )); + // Get userid of this user - // I wish this was a single line of code, halp? - // I used to use $userid = $this->db->insert_id() but that seemed like it wouldn't scale to me - $user = $this->db->get_where( 'users', array( 'emailaddress' => $emailaddress ) ); - $user = $user->result_array(); - - return $user[0]['id']; + return $this->db->insert_id(); } @@ -40,76 +46,85 @@ function create_user() function update_user() { // Form input data - $userid = $this->input->post( 'userid' ); - $emailaddress = $this->input->post( 'emailaddress' ); - $password = $this->input->post( 'password' ); - $status = $this->input->post( 'status' ); - - // Add user to users table - $this->db->update('users',array('emailaddress'=>$emailaddress,'password'=>md5($password),'status'=>$status), array('id'=>$userid)); + $user_id = $this->input->post('userid'); + $email = $this->input->post('emailaddress'); + $password = generateHash($this->input->post('password')); + $status = $this->input->post('status'); + + if ($password !== false) { + + // Add user to users table + $this->db->update('users', + array( + 'email' => $emailaddress, + 'password' => $password, + 'status' => $status + ), + array( + 'user_id' => $user_id + ) + ); + } } // DANGER! // Unused yet, however - function remove_user($userid='') + function remove_user($user_id='') { - if ( !$userid || $userid == '' ) $userid = $this->session->userdata('userid'); - - $this->db->delete('users', array('id'=>$userid)); + $userid = (empty($user_id) || ! is_numeric($user_id)) ? $this->session->userdata('userid') : $user_id; + $this->db->delete('users', array('user_id'=>$user_id)); } - function get_user_by_id($id='') + function get_user_by_id($user_id='') { - if ( !$id || $id == '' ) return false; - - $user = $this->db->get_where( 'users', array( 'id' => $id ) ); - - if ( $user->num_rows() > 0 ) { - return $user->row_array(); - } + if (empty($user_id)) { + return false; + } - return false; + $user = $this->db->get_where('users', array( 'user_id' => $user_id ) ); + return ($user->num_rows() > 0) ? $user->row_array() : false; } - function get_user_by_emailaddress($emailaddress='') + function get_user_by_email($email='') { - if ( !$emailaddress || $emailaddress == '' ) return false; - - $user = $this->db->get_where( 'users', array( 'emailaddress' => $emailaddress ) ); - - if ( $user->num_rows() > 0 ) { - return $user->row_array(); - } + if (empty($email)) { + return false; + } - return false; + $user = $this->db->get_where('users', array( 'email' => $email)); + return ($user->num_rows() > 0) ? $user->row_array() : false; } function get_all_users($status='active') { $users = $this->db->get_where('users', array('status' => $status)); - if ( $users->num_rows() > 0 ) { - return $users->result_array(); - } - - return false; + return ($user->num_rows() > 0) ? $user->row_array() : false; } function check_user_credentials() { // Turn XSS filter on email address and password - $emailaddress = $this->input->post('emailaddress', TRUE); - $password = $this->input->post('password', TRUE); + $this->load->helper('hash_helper'); + $email = $this->input->post('emailaddress', true); + $password = $this->input->post('password', true); + $hash = generateHash($password); - // Select user from database - $user = $this->db->get_where('users', array('emailaddress' => $emailaddress, 'password' => md5($password))); - - if ($user->num_rows() > 0) { - return $user->row_array(); - } + if ($hash === false) { + return false; + } - return false; + // Select user from database + // Have to look for both hash types + // so we can be backwards compatible with older versions + $user = $this->db->query(" + SELECT * FROM `users` + WHERE email = '" . $email . "' AND + (password = '" . md5($password) . "' OR password = '" . $hash . "') + "); + + return ($user->num_rows() > 0) ? $user->row_array() : false; } - + } \ No newline at end of file diff --git a/application/views/changelog.php b/application/views/changelog.php index f3434891..2d9e45cc 100644 --- a/application/views/changelog.php +++ b/application/views/changelog.php @@ -5,11 +5,22 @@

Changelog

A quick list of what's new. Posted immediately upon update.

+

0.3.8 - 14 January 2014

+ +

0.3.7 - 9 January 2014

- +

0.3.6 - 9 January 2014