diff --git a/index.php b/index.php index 26a2448f..5ff5b109 100644 --- a/index.php +++ b/index.php @@ -37,6 +37,31 @@ spl_autoload_register( } ); +/** + * Session + */ +$sessionLifetime = 2592000; // 1 Month + +session_set_cookie_params($sessionLifetime, '/'); +session_start(); + +/** Refresh lifetime */ +$session = session_get_cookie_params(); + +setcookie( + session_name(), + session_id(), + time() + $sessionLifetime, + $session['path'], + $session['domain'], + $session['secure'], + $session['httponly'] +); + +if (!isset($_SESSION['user'])) { + $_SESSION['user'] = new User(); +} + /** * Config */ @@ -71,34 +96,6 @@ if ( $options = new Options($database); } -/** - * Session - */ -$sessionLifetime = 2592000; // 1 Month - -session_set_cookie_params($sessionLifetime, '/'); -session_start(); - -/** Refresh lifetime */ -$session = session_get_cookie_params(); - -setcookie( - session_name(), - session_id(), - time() + $sessionLifetime, - $session['path'], - $session['domain'], - $session['secure'], - $session['httponly'] -); - -/** - * User - */ -if ($options) { - $user = new User(); -} - /** * Language */ @@ -118,16 +115,8 @@ $locales = array_filter( scandir(ROOT . '/translations') ) ); -$locale = \Locale::lookup($locales, $user->locale, false, DEFAULT_LOCALE); -/** Load Translation */ -$translationFilepath = ROOT . '/translations/' . $locale . '.po'; -$translations = null; - -if (file_exists($translationFilepath)) { - $loader = new \Gettext\Loader\PoLoader(); - $translations = $loader->loadFile($translationFilepath); -} +$locale = isset($_REQUEST['locale']) ? $_REQUEST['locale'] : \Locale::lookup($locales, $_SESSION['user']->getLocale(), false, 'en_GB'); /** * Wish diff --git a/src/api/blog.php b/src/api/blog.php index 15acb2f9..2c0f56a1 100644 --- a/src/api/blog.php +++ b/src/api/blog.php @@ -16,7 +16,7 @@ require '../../index.php'; $response = array(); $dateFormatter = new \IntlDateFormatter( - $user->locale, + $_SESSION['user']->getLocale(), \IntlDateFormatter::MEDIUM, \IntlDateFormatter::NONE ); diff --git a/src/api/wishlists-saved.php b/src/api/wishlists-saved.php index 4d5778d1..dd6bfcd3 100644 --- a/src/api/wishlists-saved.php +++ b/src/api/wishlists-saved.php @@ -18,7 +18,7 @@ switch ($_SERVER['REQUEST_METHOD']) { /** * Get */ - $response['data'] = $user->getSavedWishlists(); + $response['data'] = $_SESSION['user']->getSavedWishlists(); break; case 'POST': @@ -45,7 +45,7 @@ switch ($_SERVER['REQUEST_METHOD']) { `user`, `wishlist` ) VALUES ( - ' . $user->id . ', + ' . $_SESSION['user']->id . ', ' . Sanitiser::getNumber($_POST['wishlist']) . ' ) ;'); diff --git a/src/api/wishlists.php b/src/api/wishlists.php index e6e55b77..9c0f7ba9 100644 --- a/src/api/wishlists.php +++ b/src/api/wishlists.php @@ -17,11 +17,11 @@ require '../../index.php'; switch ($_SERVER['REQUEST_METHOD']) { case 'POST': - if (isset($_POST['wishlist-name'], $_SESSION['user']['id'])) { + if (isset($_POST['wishlist-name'], $_SESSION['user']->id)) { /** * Create */ - $user_id = Sanitiser::getNumber($_SESSION['user']['id']); + $user_id = Sanitiser::getNumber($_SESSION['user']->id); $wish_name = Sanitiser::getTitle($_POST['wishlist-name']); $database->query('INSERT INTO `wishlists` @@ -61,18 +61,18 @@ switch ($_SERVER['REQUEST_METHOD']) { $href = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . Page::PAGE_WISHLISTS . '&id=' . $wishlist['id']; /** Send email */ - $user = new User($wishlist['user']); - $email = new Email($user->email, __('Wish request'), 'default', 'wishlist-request-wishes'); - $email->setPlaceholder('TEXT_HELLO', __('Hello,')); + $user = User::getFromID($wishlist['user']); + $email = new Email($user->email, __('Wish request', null, $user), 'default', 'wishlist-request-wishes'); + $email->setPlaceholder('TEXT_HELLO', __('Hello,', null, $user)); $email->setPlaceholder( 'TEXT_WISHLIST_REQUEST_WISHES', sprintf( /** TRANSLATORS: %s: Wishlist name */ - __('somebody has requested that you add more wishes to your wishlist %s.'), + __('somebody has requested that you add more wishes to your wishlist %s.', null, $user), '' . $wishlist['name'] . '' ) ); - $email->setPlaceholder('TEXT_WISH_ADD', __('Add wish')); + $email->setPlaceholder('TEXT_WISH_ADD', __('Add wish', null, $user)); $email->setPlaceholder('LINK_WISH_ADD', $href . '&wish_add=true'); $success = $email->send(); @@ -118,11 +118,11 @@ switch ($_SERVER['REQUEST_METHOD']) { ); $response['results'] = $wishlist->getCards($options); - } elseif (isset($_GET['userid']) || isset($_SESSION['user']['id'])) { + } elseif (isset($_GET['userid']) || isset($_SESSION['user']->id)) { /** * Get user wishlists */ - $user = isset($_GET['userid']) ? new User($_GET['userid']) : new User(); + $user = isset($_GET['userid']) ? User::getFromID($_GET['userid']) : $_SESSION['user']; $wishlists = $user->getWishlists(); $wishlists = array_map( diff --git a/src/assets/js/wishlist.js b/src/assets/js/wishlist.js index e5fe734f..f268e3e5 100644 --- a/src/assets/js/wishlist.js +++ b/src/assets/js/wishlist.js @@ -144,11 +144,13 @@ $(function() { * Request more wishes */ $(document).on('click', '.ui.button.wishlist-request-wishes', function() { - var buttonRequest = $(this); - var wishlist_id = $('.wishlist-cards[data-wishlist]').attr('data-wishlist'); + var buttonRequest = $(this); + var wishlist_id = $('.wishlist-cards[data-wishlist]').attr('data-wishlist'); + var wishlist_locale = buttonRequest.attr('data-locale'); var formData = new URLSearchParams({ 'wishlist-id' : wishlist_id, + 'locale' : wishlist_locale }); buttonRequest.addClass('disabled loading'); diff --git a/src/classes/email.php b/src/classes/email.php index 7273060e..79ca9469 100644 --- a/src/classes/email.php +++ b/src/classes/email.php @@ -30,6 +30,11 @@ class Email $this->contentsPart = file_get_contents(ROOT . '/src/mjml/parts/' . $this->part . '.mjml'); $this->mjml = str_replace('', $this->contentsPart, $this->contentsTemplate); + + /** Set Locale */ + global $locale; + + $this->mjml = preg_replace('//', '', $this->mjml); } public function setPlaceholder(string $placeholder, string $replacement): void diff --git a/src/classes/page.php b/src/classes/page.php index 0b61e0d7..6052abfe 100644 --- a/src/classes/page.php +++ b/src/classes/page.php @@ -135,8 +135,9 @@ class Page /** * Session */ - global $user, $options; + global $options; + $user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User(); $ignorePower = array( 'home', 'blog', @@ -150,9 +151,9 @@ class Page ); if ( - !isset($_SESSION['user']) + false === $user->isLoggedIn() && isset($_GET['page']) - && !in_array($_GET['page'], $ignorePower) + && false === in_array($_GET['page'], $ignorePower) ) { redirect(Page::PAGE_LOGIN); } @@ -461,7 +462,7 @@ class Page public function navigation(): void { - $user = new User(); + $user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User(); $wishlists = Navigation::Wishlists->value; $blog = Navigation::Blog->value; diff --git a/src/classes/user.php b/src/classes/user.php index 65e7eb64..042f71bd 100644 --- a/src/classes/user.php +++ b/src/classes/user.php @@ -15,45 +15,83 @@ class User /** * Static */ + public static function getFromID(int $user_id): self + { + global $database; + + $userQuery = $database + ->query( + 'SELECT * + FROM `users` + WHERE `id` = ' . $user_id + ); + + if (false !== $userQuery) { + $fields = $userQuery->fetch(); + $user = new User($fields); + + return $user; + } + + throw new Exception('Unable to find user with ID ' . $user_id . '. Does it exist?'); + } + public static function generatePassword(string $plainPassword): string { return sha1($plainPassword); } + /** + * Private + */ + private string $locale; + /** * Non-Static */ - public int $power = 0; + public int $power = 0; + public ?\Gettext\Translations $translations = null; - public function __construct(int $id = -1) + public function __construct(array $fields = array()) { - if (-1 === $id) { - if (isset($_SESSION['user']['id'])) { - $this->id = $_SESSION['user']['id']; + if (!empty($fields)) { + foreach ($fields as $key => $value) { + $this->$key = $value; } - } else { - $this->id = $id; } - $this->locale = \Locale::acceptFromHttp( - isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : DEFAULT_LOCALE - ); - - if (!isset($this->id)) { - return null; + /** Set Locale */ + if (!isset($this->locale)) { + $this->locale = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? \Locale::acceptFromHttp($_SERVER['HTTP_ACCEPT_LANGUAGE']) : DEFAULT_LOCALE; } - global $database; + $this->setLocale($this->locale); + } - $user = $database - ->query('SELECT * - FROM `users` - WHERE `id` = ' . $this->id . ';') - ->fetch(); + /** + * Set the users locale + * + * @param string $locale + * + * @return void + */ + public function setLocale(string $locale): void + { + /** Load Translation */ + $translationFilepath = ROOT . '/translations/' . $locale . '.po'; - foreach ($user as $key => $value) { - $this->$key = $value; + if (file_exists($translationFilepath)) { + $loader = new \Gettext\Loader\PoLoader(); + $this->translations = $loader->loadFile($translationFilepath); } + + /** Set locale */ + $this->locale = $locale; + } + + public function getLocale(): string + { + return $this->locale; } /** @@ -63,7 +101,7 @@ class User */ public function isLoggedIn(): bool { - return isset($_SESSION['user']); + return isset($_SESSION['user']->id) && $_SESSION['user']->id >= 1; } /** diff --git a/src/classes/wish.php b/src/classes/wish.php index c834045a..3bebee90 100644 --- a/src/classes/wish.php +++ b/src/classes/wish.php @@ -115,13 +115,13 @@ class Wish { ob_start(); - $userCard = new User($ofUser); + $userCard = User::getFromID($ofUser); $numberFormatter = new \NumberFormatter( - $userCard->locale, + $userCard->getLocale(), \NumberFormatter::CURRENCY ); - $userIsCurrent = isset($_SESSION['user']['id']) && intval($_SESSION['user']['id']) === $userCard->id; + $userIsCurrent = isset($_SESSION['user']->id) && $_SESSION['user']->id === $userCard->id; /** * Card diff --git a/src/functions/getWishlistNameSuggestion.php b/src/functions/getWishlistNameSuggestion.php index 21b60cb3..92a64604 100644 --- a/src/functions/getWishlistNameSuggestion.php +++ b/src/functions/getWishlistNameSuggestion.php @@ -8,8 +8,7 @@ function getWishlistNameSuggestion(): string { - global $user; - + $user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User(); $now = time(); $month = date('n'); $name = ''; diff --git a/src/functions/gettext.php b/src/functions/gettext.php index d922db03..780c8254 100644 --- a/src/functions/gettext.php +++ b/src/functions/gettext.php @@ -6,14 +6,16 @@ * @author Jay Trees */ -function __(string $text, string $context = null): string +use wishthis\User; + +function __(string $text, string $context = null, User $user = null): string { - global $translations; + if (null === $user) { + $user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User(); + } - $translation = null; - - if ($translations) { - $translation = $translations->find($context, $text); + if (null !== $user->translations) { + $translation = $user->translations->find($context, $text); if ($translation) { $translationText = $translation->getTranslation(); diff --git a/src/functions/redirect.php b/src/functions/redirect.php index eb12c4c6..c8656f84 100644 --- a/src/functions/redirect.php +++ b/src/functions/redirect.php @@ -6,9 +6,11 @@ * @author Jay Trees */ +use wishthis\User; + function redirect(string $target) { - global $user; + $user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User(); /** * Redirect user based on channel setting diff --git a/src/mjml/default.mjml b/src/mjml/default.mjml index 500f5645..55e234f2 100644 --- a/src/mjml/default.mjml +++ b/src/mjml/default.mjml @@ -1,4 +1,4 @@ - + navigation(); $posts = Blog::getPosts(); -if ('en' !== \Locale::getPrimaryLanguage($user->locale)) { +if ('en' !== \Locale::getPrimaryLanguage($_SESSION['user']->getLocale())) { $page->messages[] = Page::warning( sprintf( /** TRANSLATORS: %s: Language, most likely English */ @@ -37,7 +37,7 @@ if ('en' !== \Locale::getPrimaryLanguage($user->locale)) { locale, + $_SESSION['user']->getLocale(), \IntlDateFormatter::MEDIUM, \IntlDateFormatter::NONE ); diff --git a/src/pages/home.php b/src/pages/home.php index 32165598..2dd793cf 100644 --- a/src/pages/home.php +++ b/src/pages/home.php @@ -26,7 +26,7 @@ $page->navigation();

- isLoggedIn()) { ?> + isLoggedIn()) { ?>
navigation(); $lastWishlist = null; $lastWishlistQuery = $database->query( ' SELECT `wishlists`.* - FROM `wishes` - JOIN `wishlists` ON `wishes`.`wishlist` = `wishlists`.`id` - JOIN `users` ON `wishlists`.`user` = `users`.`id` - WHERE `users`.`id` = ' . $user->id . ' - ORDER BY `wishes`.`edited` DESC + FROM `wishes` + JOIN `wishlists` ON `wishes`.`wishlist` = `wishlists`.`id` + JOIN `users` ON `wishlists`.`user` = `users`.`id` + WHERE `users`.`id` = ' . $_SESSION['user']->id . ' + ORDER BY `wishes`.`edited` DESC LIMIT 1;' ); diff --git a/src/pages/login-as.php b/src/pages/login-as.php index d8f21731..13eb43f5 100644 --- a/src/pages/login-as.php +++ b/src/pages/login-as.php @@ -13,18 +13,19 @@ $page = new Page(__FILE__, __('Login as'), 100); if (isset($_POST['email'])) { $email = Sanitiser::getEmail($_POST['email']); - $user = $database + $userQuery = $database ->query( 'SELECT * FROM `users` - WHERE `email` = "' . $email . '";' - ) - ->fetch(); + WHERE `email` = "' . $email . '";' + ); - $success = false !== $user; + $success = false !== $userQuery; if ($success) { - $_SESSION['user'] = $user; + $fields = $userQuery->fetch(); + + $_SESSION['user'] = new User($fields); } } diff --git a/src/pages/login.php b/src/pages/login.php index 80c8f080..fbc0e991 100644 --- a/src/pages/login.php +++ b/src/pages/login.php @@ -17,20 +17,28 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) { $email = Sanitiser::getEmail($_POST['email']); $password = User::generatePassword($_POST['password']); - $database->query('UPDATE `users` - SET `last_login` = NOW() - WHERE `email` = "' . $email . '" - AND `password` = "' . $password . '" - ;'); - $user = $database->query('SELECT * FROM `users` - WHERE `email` = "' . $email . '" - AND `password` = "' . $password . '";') - ->fetch(); + $database + ->query( + 'UPDATE `users` + SET `last_login` = NOW() + WHERE `email` = "' . $email . '" + AND `password` = "' . $password . '";' + ); - $success = false !== $user; + $userQuery = $database + ->query( + 'SELECT * + FROM `users` + WHERE `email` = "' . $email . '" + AND `password` = "' . $password . '";' + ); + + $success = false !== $userQuery; if ($success) { - $_SESSION['user'] = $user; + $fields = $userQuery->fetch(); + + $_SESSION['user'] = new User($fields); } else { $page->messages[] = Page::error( __('No user could be found with the credentials you provided.'), @@ -39,7 +47,7 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) { } } -if (isset($_SESSION['user'])) { +if ($_SESSION['user']->isLoggedIn()) { if (isset($_SESSION['REDIRECT_URL'])) { redirect($_SESSION['REDIRECT_URL']); } else { @@ -51,40 +59,44 @@ if (isset($_SESSION['user'])) { * Reset */ if (isset($_POST['reset'], $_POST['email'])) { - $user = $database - ->query('SELECT * - FROM `users` - WHERE `email` = "' . Sanitiser::getEmail($_POST['email']) . '";') - ->fetch(); + $userQuery = $database + ->query( + 'SELECT * + FROM `users` + WHERE `email` = "' . Sanitiser::getEmail($_POST['email']) . '";' + ); - if ($user) { + $user = false !== $userQuery ? new User($userQuery->fetch()) : new User(); + + if (isset($user->id)) { $token = sha1(time() . rand(0, 999999)); $validUntil = time() + 3600; $database - ->query('UPDATE `users` - SET `password_reset_token` = "' . $token . '", - `password_reset_valid_until` = "' . date('Y-m-d H:i:s', $validUntil) . '" - WHERE `id` = ' . $user['id'] . ' - ;'); + ->query( + 'UPDATE `users` + SET `password_reset_token` = "' . $token . '", + `password_reset_valid_until` = "' . date('Y-m-d H:i:s', $validUntil) . '" + WHERE `id` = ' . $user->id . ';' + ); - $emailReset = new Email($user['email'], __('Password reset link'), 'default', 'password-reset'); - $emailReset->setPlaceholder('TEXT_HELLO', __('Hello,')); + $emailReset = new Email($_POST['email'], __('Password reset link', null, $user), 'default', 'password-reset'); + $emailReset->setPlaceholder('TEXT_HELLO', __('Hello,', null, $user)); $emailReset->setPlaceholder( 'TEXT_PASSWORD_RESET', sprintf( /** TRANSLATORS: %s: The wishthis domain */ - __('somebody has requested a password reset for this email address from %s. If this was you, click the button below to invalidate your current password and set a new one.'), + __('somebody has requested a password reset for this email address from %s. If this was you, click the button below to invalidate your current password and set a new one.', null, $user), 'wishthis.online' ) ); - $emailReset->setPlaceholder('TEXT_SET_NEW_PASSWORD', __('Set new password')); + $emailReset->setPlaceholder('TEXT_SET_NEW_PASSWORD', __('Set new password', null, $user)); $emailReset->setPlaceholder('wishthis.online', $_SERVER['HTTP_HOST']); $emailReset->setPlaceholder( 'password-reset-link', $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . - Page::PAGE_REGISTER . '&password-reset=' . $user['email'] . '&token=' . $token + Page::PAGE_REGISTER . '&password-reset=' . $user->email . '&token=' . $token ); $emailReset->send(); diff --git a/src/pages/power.php b/src/pages/power.php index e4e69bf3..93256348 100644 --- a/src/pages/power.php +++ b/src/pages/power.php @@ -20,7 +20,7 @@ $page->navigation();

-

' . $_GET['required'] . '', '' . $user->power . '') ?>

+

' . $_GET['required'] . '', '' . $_SESSION['user']->power . '') ?>

diff --git a/src/pages/profile.php b/src/pages/profile.php index 242573cd..6a7c5a93 100644 --- a/src/pages/profile.php +++ b/src/pages/profile.php @@ -39,13 +39,13 @@ if (isset($_POST['user-id'], $_POST['section'])) { 'label' => __('Language'), ), ); - $loginRequired = false; + $loginRequired = false; foreach ($formFieldsString as $field) { - if (!empty($_POST[$field['key']]) && $_POST[$field['key']] !== $user->{$field['column']}) { + if (!empty($_POST[$field['key']]) && $_POST[$field['key']] !== $_SESSION['user']->{$field['column']}) { $set[] = '`' . $field['column'] . '` = "' . $_POST[$field['key']] . '"'; - $user->{$field['column']} = $_POST[$field['key']]; + $_SESSION['user']->{$field['column']} = $_POST[$field['key']]; $page->messages[] = Page::success( sprintf( @@ -57,7 +57,7 @@ if (isset($_POST['user-id'], $_POST['section'])) { } } - if (!empty($_POST['user-email']) && $_POST['user-email'] !== $user->email) { + if (!empty($_POST['user-email']) && $_POST['user-email'] !== $_SESSION['user']->email) { $loginRequired = true; } @@ -66,13 +66,13 @@ if (isset($_POST['user-id'], $_POST['section'])) { */ if (isset($_POST['user-birthdate'])) { if (empty($_POST['user-birthdate'])) { - $user->birthdate = null; + $_SESSION['user']->birthdate = null; $set[] = '`birthdate` = NULL'; } else { - $user->birthdate = date('Y-m-d', strtotime($_POST['user-birthdate'])); + $_SESSION['user']->birthdate = date('Y-m-d', strtotime($_POST['user-birthdate'])); - $set[] = '`birthdate` = "' . $user->birthdate . '"'; + $set[] = '`birthdate` = "' . $_SESSION['user']->birthdate . '"'; } } @@ -92,15 +92,15 @@ if (isset($_POST['user-id'], $_POST['section'])) { /** * Preferences */ - if (isset($_POST['user-channel']) && $_POST['user-channel'] !== $user->channel) { + if (isset($_POST['user-channel']) && $_POST['user-channel'] !== $_SESSION['user']->channel) { if (empty($_POST['user-channel'])) { - $user->channel = null; + $_SESSION['user']->channel = null; $set[] = '`channel` = NULL'; } else { - $user->channel = $_POST['user-channel']; + $_SESSION['user']->channel = $_POST['user-channel']; - $set[] = '`channel` = "' . $user->channel . '"'; + $set[] = '`channel` = "' . $_SESSION['user']->channel . '"'; } } @@ -156,26 +156,26 @@ $page->navigation();
- +
- +
- +
- +
@@ -183,7 +183,7 @@ $page->navigation();
- +
@@ -195,7 +195,7 @@ $page->navigation();
@@ -219,7 +219,7 @@ $page->navigation();
- +
@@ -282,7 +282,7 @@ $page->navigation();
- +
@@ -291,15 +291,15 @@ $page->navigation();