PrivateCoffee/wishthis
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix: login not working

Browse source
This commit is contained in:
grandeljay 2023-08-30 14:58:00 +02:00
parent 749f247261
commit cf253bf8c0
24 changed files with 245 additions and 174 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
index.php
View file

@ -48,14 +48,11 @@ if (file_exists($configPath)) {
*/ */
session_start( session_start(
array( array(
'name' => 'wishthis', 'name' => 'wishthis'
'read_and_close' => true,
) )
); );
if (!isset($_SESSION['user'])) { $user = User::getCurrent();
$_SESSION['user'] = new User();
}
/** /**
* Database * Database
@ -85,7 +82,7 @@ if (
/** /**
* Persistent (stay logged in) * Persistent (stay logged in)
*/ */
if (isset($_COOKIE[COOKIE_PERSISTENT]) && $database && !$_SESSION['user']->isLoggedIn()) { if (isset($_COOKIE[COOKIE_PERSISTENT]) && $database && !$user->isLoggedIn()) {
$sessions = $database $sessions = $database
->query( ->query(
'SELECT * 'SELECT *
@ -102,7 +99,7 @@ if (isset($_COOKIE[COOKIE_PERSISTENT]) && $database && !$_SESSION['user']->isLog
$expires = strtotime($session['expires']); $expires = strtotime($session['expires']);
if (time() < $expires) { if (time() < $expires) {
$_SESSION['user'] = User::getFromID($session['user']); $user = User::getFromID($session['user']);
break; break;
} }
@ -130,7 +127,7 @@ $locales = array_filter(
) )
); );
$locale = isset($_REQUEST['locale']) ? $_REQUEST['locale'] : \Locale::lookup($locales, $_SESSION['user']->getLocale(), false, 'en_GB'); $locale = isset($_REQUEST['locale']) ? $_REQUEST['locale'] : \Locale::lookup($locales, $user->getLocale(), false, 'en_GB');
/** /**
* Wish * Wish

4
src/api/blog.php
View file

@ -15,8 +15,10 @@ if (!isset($page)) {
die('Direct access to this location is not allowed.'); die('Direct access to this location is not allowed.');
} }
$user = User::getCurrent();
$dateFormatter = new \IntlDateFormatter( $dateFormatter = new \IntlDateFormatter(
$_SESSION['user']->getLocale(), $user->getLocale(),
\IntlDateFormatter::MEDIUM, \IntlDateFormatter::MEDIUM,
\IntlDateFormatter::NONE \IntlDateFormatter::NONE
); );

4
src/api/save-preview.php
View file

@ -15,6 +15,8 @@ if (!isset($page)) {
die('Direct access to this location is not allowed.'); die('Direct access to this location is not allowed.');
} }
$user = User::getCurrent();
switch ($_SERVER['REQUEST_METHOD']) { switch ($_SERVER['REQUEST_METHOD']) {
case 'POST': case 'POST':
if (isset($_POST['preview'], $_POST['page'])) { if (isset($_POST['preview'], $_POST['page'])) {
@ -36,7 +38,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
$preview_create = true; $preview_create = true;
} }
if ($preview_create && $_SESSION['user']->power >= $page->power) { if ($preview_create && $user->power >= $page->power) {
file_put_contents($preview_filepath, $preview); file_put_contents($preview_filepath, $preview);
} }
} }

6
src/api/statistics.php
View file

@ -15,6 +15,8 @@ if (!isset($page)) {
die('Direct access to this location is not allowed.'); die('Direct access to this location is not allowed.');
} }
$user = User::getCurrent();
switch ($_SERVER['REQUEST_METHOD']) { switch ($_SERVER['REQUEST_METHOD']) {
case 'GET': case 'GET':
if (isset($_GET['table'])) { if (isset($_GET['table'])) {
@ -41,12 +43,12 @@ switch ($_SERVER['REQUEST_METHOD']) {
/** Get last modified */ /** Get last modified */
$user_time_zome = new \IntlDateFormatter( $user_time_zome = new \IntlDateFormatter(
$_SESSION['user']->getLocale() $user->getLocale()
); );
$user_time_zome = $user_time_zome->getTimeZoneId(); $user_time_zome = $user_time_zome->getTimeZoneId();
$datetimeFormatter = new \IntlDateFormatter( $datetimeFormatter = new \IntlDateFormatter(
$_SESSION['user']->getLocale(), $user->getLocale(),
\IntlDateFormatter::RELATIVE_FULL, \IntlDateFormatter::RELATIVE_FULL,
\IntlDateFormatter::SHORT, \IntlDateFormatter::SHORT,
$user_time_zome $user_time_zome

6
src/api/wishlists-saved.php
View file

@ -15,12 +15,14 @@ if (!isset($page)) {
die('Direct access to this location is not allowed.'); die('Direct access to this location is not allowed.');
} }
$user = User::getCurrent();
switch ($_SERVER['REQUEST_METHOD']) { switch ($_SERVER['REQUEST_METHOD']) {
case 'GET': case 'GET':
/** /**
* Get * Get
*/ */
$response['data'] = $_SESSION['user']->getSavedWishlists(); $response['data'] = $user->getSavedWishlists();
break; break;
case 'POST': case 'POST':
@ -60,7 +62,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
:wishlist_id :wishlist_id
);', );',
array( array(
'user_id' => $_SESSION['user']->id, 'user_id' => $user->id,
'wishlist_id' => Sanitiser::getNumber($_POST['wishlist']), 'wishlist_id' => Sanitiser::getNumber($_POST['wishlist']),
) )
); );

12
src/api/wishlists.php
View file

@ -10,13 +10,15 @@ namespace wishthis;
global $page, $database; global $page, $database;
$user = User::getCurrent();
switch ($_SERVER['REQUEST_METHOD']) { switch ($_SERVER['REQUEST_METHOD']) {
case 'POST': case 'POST':
if (isset($_POST['wishlist-name'], $_SESSION['user']->id)) { if (isset($_POST['wishlist-name'], $user->id)) {
/** /**
* Create * Create
*/ */
$user_id = Sanitiser::getNumber($_SESSION['user']->id); $user_id = Sanitiser::getNumber($user->id);
$wishlist_name = Sanitiser::getTitle($_POST['wishlist-name']); $wishlist_name = Sanitiser::getTitle($_POST['wishlist-name']);
$wishlist_hash = sha1(time() . $user_id . $wishlist_name); $wishlist_hash = sha1(time() . $user_id . $wishlist_name);
@ -134,7 +136,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
if ($wishlist->exists) { if ($wishlist->exists) {
/** Determine if user is allowed to access wishlist */ /** Determine if user is allowed to access wishlist */
if ($_SESSION['user']->isLoggedIn() && $_SESSION['user']->id === $wishlist->user) { if ($user->isLoggedIn() && $user->id === $wishlist->user) {
$response['results'] = $wishlist; $response['results'] = $wishlist;
} else { } else {
http_response_code(403); http_response_code(403);
@ -153,11 +155,11 @@ switch ($_SERVER['REQUEST_METHOD']) {
} else { } else {
http_response_code(404); http_response_code(404);
} }
} elseif (isset($_GET['userid']) || isset($_SESSION['user']->id)) { } elseif (isset($_GET['userid']) || isset($user->id)) {
/** /**
* Get user wishlists * Get user wishlists
*/ */
$user = $_SESSION['user']; $user = $user;
if (!$user->isLoggedIn()) { if (!$user->isLoggedIn()) {
$this->response(403); $this->response(403);

2
src/classes/wishthis/Database.php
View file

@ -34,7 +34,7 @@ class Database
$this->pdo = new \PDO($dsn, $this->user, $this->password, $options); $this->pdo = new \PDO($dsn, $this->user, $this->password, $options);
} }
public function query(string $query, array $placeholders = array()): \PDOStatement public function query(string $query, array $placeholders = array()): \PDOStatement|false
{ {
$statement = $this->pdo->prepare($query, array(\PDO::FETCH_ASSOC)); $statement = $this->pdo->prepare($query, array(\PDO::FETCH_ASSOC));

6
src/classes/wishthis/Page.php
View file

@ -153,7 +153,7 @@ class Page
/** /**
* Session * Session
*/ */
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User(); $user = User::getCurrent();
/** /**
* Login * Login
@ -279,7 +279,7 @@ class Page
{ {
global $locales; global $locales;
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User(); $user = User::getCurrent();
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html lang="<?= $this->language ?>"> <html lang="<?= $this->language ?>">
@ -424,7 +424,7 @@ class Page
public function navigation(): void public function navigation(): void
{ {
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User(); $user = User::getCurrent();
$wishlists = Navigation::Wishlists->value; $wishlists = Navigation::Wishlists->value;
$blog = Navigation::Blog->value; $blog = Navigation::Blog->value;

131
src/classes/wishthis/User.php
View file

@ -41,6 +41,16 @@ class User
return sha1($plainPassword); return sha1($plainPassword);
} }
public static function getCurrent(): self {
if (!isset($_SESSION['user'])) {
$_SESSION['user'] = new self();
}
$user = $_SESSION['user'];
return $user;
}
/** /**
* The users unique ID. * The users unique ID.
* *
@ -235,7 +245,7 @@ class User
*/ */
public function isLoggedIn(): bool public function isLoggedIn(): bool
{ {
return isset($_SESSION['user']->id) && $_SESSION['user']->id >= 1; return isset($this->id) && $this->id >= 1;
} }
/** /**
@ -300,6 +310,117 @@ class User
?: $this->email; ?: $this->email;
} }
/**
* Attempts to log in the user. Return whether it was successful or not.
*
* @return bool Whether the log in was successful.
*/
public function logIn(string $email = '', string $password = '', bool $user_login_is_persistent = false): bool {
global $database;
$login_was_successful = false;
if ('' === $email && '' === $password && isset($this->email, $this->password)) {
$email = $this->email;
$password = $this->password;
}
/**
* Update the `last_login` column before fetching the user, so it's up
* to date for the session and later usage.
*
* If this fails, we are assuming the user credentials are wrong or that
* the user does not exist.
*/
$update_last_login = $database
->query(
'UPDATE `users`
SET `last_login` = NOW()
WHERE `email` = :user_email
AND `password` = :user_password;',
array(
'user_email' => $email,
'user_password' => $password,
)
);
/**
* Updating the `last_login` column in the database has failed and we
* are now assuming that the credentials are wrong or that the user does
* not exist.
*/
if (false === $update_last_login) {
return $login_was_successful;
}
/**
* The credentials seem fine, so we are fetching the user fields now.
*/
$user_database_fields = $database
->query(
'SELECT *
FROM `users`
WHERE `email` = :user_email
AND `password` = :user_password;',
array(
'user_email' => $email,
'user_password' => $password,
)
)
->fetch();
/**
* Create a `User` object instance and assign it for later use.
*/
if (\is_array($user_database_fields)) {
$this->__construct($user_database_fields);
$_SESSION['user'] = $this;
$login_was_successful = true;
}
/**
* Make the session persist
*/
if ($user_login_is_persistent) {
/** Cookie options */
$sessionLifetime = 2592000 * 4; // 4 Months
$sessionExpires = time() + $sessionLifetime;
$sessionIsDev = defined('ENV_IS_DEV') && ENV_IS_DEV || '127.0.0.1' === $_SERVER['REMOTE_ADDR'];
$sessionOptions = array (
'domain' => getCookieDomain(),
'expires' => $sessionExpires,
'httponly' => true,
'path' => '/',
'samesite' => 'None',
'secure' => !$sessionIsDev,
);
/** Set cookie */
setcookie(COOKIE_PERSISTENT, session_id(), $sessionOptions);
$database->query(
'INSERT INTO `sessions` (
`user`,
`session`,
`expires`
) VALUES (
:user_id,
:session_id,
:session_expires
);',
array(
'user_id' => $this->id,
'session_id' => session_id(),
'session_expires' => date('Y-m-d H:i:s', $sessionExpires),
)
);
}
return $login_was_successful;
}
public function logOut(): void public function logOut(): void
{ {
/** Destroy session */ /** Destroy session */
@ -335,4 +456,12 @@ class User
) )
); );
} }
public function getEmail(): string {
return $this->email;
}
public function getPassword(): string {
return $this->password;
}
} }

3
src/classes/wishthis/Wish.php
View file

@ -192,11 +192,12 @@ class Wish
ob_start(); ob_start();
$userCard = User::getFromID($ofUser); $userCard = User::getFromID($ofUser);
$userCurrent = User::getCurrent();
$numberFormatter = new \NumberFormatter( $numberFormatter = new \NumberFormatter(
$userCard->getLocale() . '@currency=' . $userCard->getCurrency(), $userCard->getLocale() . '@currency=' . $userCard->getCurrency(),
\NumberFormatter::CURRENCY \NumberFormatter::CURRENCY
); );
$userIsCurrent = isset($_SESSION['user']->id) && $_SESSION['user']->id === $userCard->id; $userIsCurrent = isset($userCurrent->id) && $userCurrent->id === $userCard->id;
/** /**
* Card * Card

6
src/classes/wishthis/Wishlist.php
View file

@ -120,12 +120,14 @@ class Wishlist
) )
)'; )';
if ($_SESSION['user']->isLoggedIn()) { $user = User::getCurrent();
if ($user->isLoggedIn()) {
$wishlist_ids = array_map( $wishlist_ids = array_map(
function ($wishlist_data) { function ($wishlist_data) {
return intval($wishlist_data['id']); return intval($wishlist_data['id']);
}, },
$_SESSION['user']->getWishlists() $user->getWishlists()
); );
/** Show all wishes (except fulfilled) */ /** Show all wishes (except fulfilled) */

2
src/functions/getWishlistNameSuggestion.php
View file

@ -10,7 +10,7 @@ namespace wishthis;
function getWishlistNameSuggestion(): string function getWishlistNameSuggestion(): string
{ {
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User(); $user = User::getCurrent();
$now = time(); $now = time();
$month = date('n'); $month = date('n');
$name = ''; $name = '';

2
src/functions/gettext.php
View file

@ -9,7 +9,7 @@ namespace wishthis;
function __(string $text, string $context = null, User $user = null): string function __(string $text, string $context = null, User $user = null): string
{ {
if (null === $user) { if (null === $user) {
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User(); $user = User::getCurrent();
} }
if (null !== $user->translations) { if (null !== $user->translations) {

2
src/functions/redirect.php
View file

@ -10,7 +10,7 @@ use wishthis\User;
function redirect(string $target) function redirect(string $target)
{ {
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User(); $user = User::getCurrent();
/** /**
* Redirect user based on channel setting * Redirect user based on channel setting

5
src/pages/blog.php
View file

@ -14,8 +14,9 @@ $page->bodyStart();
$page->navigation(); $page->navigation();
$posts = Blog::getPosts(); $posts = Blog::getPosts();
$user = User::getCurrent();
if ('en' !== \Locale::getPrimaryLanguage($_SESSION['user']->getLocale())) { if ('en' !== \Locale::getPrimaryLanguage($user->getLocale())) {
$page->messages[] = Page::warning( $page->messages[] = Page::warning(
sprintf( sprintf(
/** TRANSLATORS: %s: Language, most likely English */ /** TRANSLATORS: %s: Language, most likely English */
@ -37,7 +38,7 @@ if ('en' !== \Locale::getPrimaryLanguage($_SESSION['user']->getLocale())) {
<?php foreach ($posts as $post) { ?> <?php foreach ($posts as $post) { ?>
<?php <?php
$dateFormatter = new \IntlDateFormatter( $dateFormatter = new \IntlDateFormatter(
$_SESSION['user']->getLocale(), $user->getLocale(),
\IntlDateFormatter::MEDIUM, \IntlDateFormatter::MEDIUM,
\IntlDateFormatter::NONE \IntlDateFormatter::NONE
); );

12
src/pages/home.php
View file

@ -12,6 +12,8 @@ $page = new Page(__FILE__, __('Home'));
$page->header(); $page->header();
$page->bodyStart(); $page->bodyStart();
$page->navigation(); $page->navigation();
$user = User::getCurrent();
?> ?>
<main> <main>
@ -26,7 +28,7 @@ $page->navigation();
<p><?= __('wishthis is a simple, intuitive and modern wishlist platform to create, manage and view your wishes for any kind of occasion.') ?></p> <p><?= __('wishthis is a simple, intuitive and modern wishlist platform to create, manage and view your wishes for any kind of occasion.') ?></p>
<div class="ui two column doubling stackable centered grid actions"> <div class="ui two column doubling stackable centered grid actions">
<?php if ($_SESSION['user']->isLoggedIn()) { ?> <?php if ($user->isLoggedIn()) { ?>
<div class="column"> <div class="column">
<a class="ui fluid primary button" <a class="ui fluid primary button"
href="<?= Page::PAGE_WISHLISTS ?>" href="<?= Page::PAGE_WISHLISTS ?>"
@ -47,7 +49,7 @@ $page->navigation();
ORDER BY `wishes`.`edited` DESC ORDER BY `wishes`.`edited` DESC
LIMIT 1;', LIMIT 1;',
array( array(
'user_id' => $_SESSION['user']->id, 'user_id' => $user->id,
) )
); );
@ -209,9 +211,9 @@ $page->navigation();
<?php <?php
$locale_browser = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? \Locale::acceptFromHttp($_SERVER['HTTP_ACCEPT_LANGUAGE']) : DEFAULT_LOCALE; $locale_browser = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? \Locale::acceptFromHttp($_SERVER['HTTP_ACCEPT_LANGUAGE']) : DEFAULT_LOCALE;
$locale_user = $_SESSION['user']->getLocale(); $locale_user = $user->getLocale();
if ($_SESSION['user']->isLoggedIn() && $locale_browser !== $locale_user && in_array($locale_browser, $locales, true)) { if ($user->isLoggedIn() && $locale_browser !== $locale_user && in_array($locale_browser, $locales, true)) {
?> ?>
<div class="ui segment"> <div class="ui segment">
<h2 class="ui header"><?= __('Hey, you') ?></h2> <h2 class="ui header"><?= __('Hey, you') ?></h2>
@ -221,7 +223,7 @@ $page->navigation();
printf( printf(
/** TRANSLATORS: %s: the users display name */ /** TRANSLATORS: %s: the users display name */
__('Yes, I mean you, %s.'), __('Yes, I mean you, %s.'),
$_SESSION['user']->getDisplayName() $user->getDisplayName()
); );
?> ?>
</p> </p>

6
src/pages/login-as.php
View file

@ -9,6 +9,7 @@
namespace wishthis; namespace wishthis;
$page = new Page(__FILE__, __('Login as'), 100); $page = new Page(__FILE__, __('Login as'), 100);
$user = User::getCurrent();
if (isset($_POST['email'])) { if (isset($_POST['email'])) {
$email = Sanitiser::getEmail($_POST['email']); $email = Sanitiser::getEmail($_POST['email']);
@ -28,7 +29,8 @@ if (isset($_POST['email'])) {
if ($success) { if ($success) {
$fields = $userQuery->fetch(); $fields = $userQuery->fetch();
$_SESSION['user'] = new User($fields); $user = new User($fields);
$user->logIn();
} }
} }
@ -55,7 +57,7 @@ $users = $database
<?php <?php
if (isset($success)) { if (isset($success)) {
if ($success) { if ($success) {
echo Page::success(sprintf(__('Successfully logged in as %s.'), $_SESSION['user']->email), __('Success')); echo Page::success(sprintf(__('Successfully logged in as %s.'), $user->email), __('Success'));
} else { } else {
echo Page::error(__('User not found!'), __('Error')); echo Page::error(__('User not found!'), __('Error'));
} }

93
src/pages/login.php
View file

@ -14,94 +14,13 @@ $page = new Page(__FILE__, __('Login'));
* Login * Login
*/ */
if (isset($_POST['login'], $_POST['email'], $_POST['password'])) { if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
$email = Sanitiser::getEmail($_POST['email']); $user_email = \filter_input(\INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$password = User::passwordToHash($_POST['password']); $user_password = User::passwordToHash($_POST['password']);
$user_login_is_persistent = isset($_POST['persistent']);
$database $user->login($user_email, $user_password, $user_login_is_persistent);
->query(
'UPDATE `users`
SET `last_login` = NOW()
WHERE `email` = :user_email
AND `password` = :user_password;',
array(
'user_email' => $email,
'user_password' => $password,
)
);
$fields = $database if (!$user->isLoggedIn()) {
->query(
'SELECT *
FROM `users`
WHERE `email` = :user_email
AND `password` = :user_password;',
array(
'user_email' => $email,
'user_password' => $password,
)
)
->fetch();
$success = is_array($fields);
if ($success) {
$_SESSION['user'] = new User($fields);
/**
* Persisent session
*/
if (isset($_POST['persistent'])) {
/** Cookie options */
$sessionLifetime = 2592000 * 4; // 4 Months
$sessionExpires = time() + $sessionLifetime;
$sessionIsDev = defined('ENV_IS_DEV') && ENV_IS_DEV || '127.0.0.1' === $_SERVER['REMOTE_ADDR'];
$sessionOptions = array (
'domain' => getCookieDomain(),
'expires' => $sessionExpires,
'httponly' => true,
'path' => '/',
'samesite' => 'None',
'secure' => !$sessionIsDev,
);
/** Set cookie */
setcookie(COOKIE_PERSISTENT, session_id(), $sessionOptions);
/** Column sessions.expires was added in v0.7.1. */
if ($database->columnExists('sessions', 'expires')) {
$database->query(
'INSERT INTO `sessions` (
`user`,
`session`,
`expires`
) VALUES (
:user_id,
:session_id,
:session_expires
);',
array(
'user_id' => $_SESSION['user']->id,
'session_id' => session_id(),
'session_expires' => date('Y-m-d H:i:s', $sessionExpires),
)
);
} else {
$database->query(
'INSERT INTO `sessions` (
`user`,
`session`
) VALUES (
:user_id,
:session_id
);',
array(
'user_id' => $_SESSION['user']->id,
'session_id' => session_id(),
)
);
}
}
} else {
$page->messages[] = Page::error( $page->messages[] = Page::error(
__('No user could be found with the credentials you provided.'), __('No user could be found with the credentials you provided.'),
__('Invalid credentials'), __('Invalid credentials'),
@ -109,7 +28,7 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
} }
} }
if ($_SESSION['user']->isLoggedIn()) { if ($user->isLoggedIn()) {
if (isset($_SESSION['REDIRECT_URL'])) { if (isset($_SESSION['REDIRECT_URL'])) {
redirect($_SESSION['REDIRECT_URL']); redirect($_SESSION['REDIRECT_URL']);
} else { } else {

4
src/pages/logout.php
View file

@ -9,8 +9,8 @@
namespace wishthis; namespace wishthis;
$page = new Page(__FILE__, __('Logout')); $page = new Page(__FILE__, __('Logout'));
$user = User::getCurrent();
$_SESSION['user']->logOut(); $user->logOut();
$page->header(); $page->header();
$page->bodyStart(); $page->bodyStart();

5
src/pages/parts/wishlist.php
View file

@ -6,10 +6,11 @@
namespace wishthis; namespace wishthis;
$user = User::getCurrent();
?> ?>
<?php if ($_SESSION['user']->isLoggedIn()) { ?> <?php if ($user->isLoggedIn()) { ?>
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" /> <input type="hidden" name="user-id" value="<?= $user->id ?>" />
<?php } ?> <?php } ?>
<div class="wishlist-filter-wrapper"> <div class="wishlist-filter-wrapper">

4
src/pages/power.php
View file

@ -12,6 +12,8 @@ $page = new Page(__FILE__, __('Insufficient power'));
$page->header(); $page->header();
$page->bodyStart(); $page->bodyStart();
$page->navigation(); $page->navigation();
$user = User::getCurrent();
?> ?>
<main> <main>
@ -20,7 +22,7 @@ $page->navigation();
<div class="ui segment"> <div class="ui segment">
<h2 class="ui header"><?= __('Restricted access') ?></h2> <h2 class="ui header"><?= __('Restricted access') ?></h2>
<p><?= sprintf(__('You do not have enough power to view this page. You need %s to see this page, but only have %s.'), '<strong>' . $_GET['required'] . '</strong>', '<strong>' . $_SESSION['user']->power . '</strong>') ?></p> <p><?= sprintf(__('You do not have enough power to view this page. You need %s to see this page, but only have %s.'), '<strong>' . $_GET['required'] . '</strong>', '<strong>' . $user->power . '</strong>') ?></p>
</div> </div>
</div> </div>
</main> </main>

81
src/pages/profile.php
View file

@ -9,6 +9,7 @@
namespace wishthis; namespace wishthis;
$page = new Page(__FILE__, __('Profile'), 1); $page = new Page(__FILE__, __('Profile'), 1);
$user = User::getCurrent();
if (isset($_POST['user-id'], $_POST['section'])) { if (isset($_POST['user-id'], $_POST['section'])) {
$set = array(); $set = array();
@ -37,10 +38,10 @@ if (isset($_POST['user-id'], $_POST['section'])) {
$loginRequired = false; $loginRequired = false;
foreach ($formFieldsString as $field) { foreach ($formFieldsString as $field) {
if (!empty($_POST[$field['key']]) && $_POST[$field['key']] !== $_SESSION['user']->{$field['column']}) { if (!empty($_POST[$field['key']]) && $_POST[$field['key']] !== $user->{$field['column']}) {
$set[] = '`' . $field['column'] . '` = "' . $_POST[$field['key']] . '"'; $set[] = '`' . $field['column'] . '` = "' . $_POST[$field['key']] . '"';
$_SESSION['user']->{$field['column']} = $_POST[$field['key']]; $user->{$field['column']} = $_POST[$field['key']];
$page->messages[] = Page::success( $page->messages[] = Page::success(
sprintf( sprintf(
@ -52,7 +53,7 @@ if (isset($_POST['user-id'], $_POST['section'])) {
} }
} }
if (!empty($_POST['user-email']) && $_POST['user-email'] !== $_SESSION['user']->email) { if (!empty($_POST['user-email']) && $_POST['user-email'] !== $user->email) {
$loginRequired = true; $loginRequired = true;
} }
@ -61,13 +62,13 @@ if (isset($_POST['user-id'], $_POST['section'])) {
*/ */
if (isset($_POST['user-birthdate'])) { if (isset($_POST['user-birthdate'])) {
if (empty($_POST['user-birthdate'])) { if (empty($_POST['user-birthdate'])) {
$_SESSION['user']->birthdate = null; $user->birthdate = null;
$set[] = '`birthdate` = NULL'; $set[] = '`birthdate` = NULL';
} else { } else {
$_SESSION['user']->birthdate = date('Y-m-d', strtotime($_POST['user-birthdate'])); $user->birthdate = date('Y-m-d', strtotime($_POST['user-birthdate']));
$set[] = '`birthdate` = "' . $_SESSION['user']->birthdate . '"'; $set[] = '`birthdate` = "' . $user->birthdate . '"';
} }
} }
@ -89,57 +90,57 @@ if (isset($_POST['user-id'], $_POST['section'])) {
*/ */
/** Language */ /** Language */
if (isset($_POST['user-language']) && $_POST['user-language'] !== $_SESSION['user']->getLocale()) { if (isset($_POST['user-language']) && $_POST['user-language'] !== $user->getLocale()) {
$_SESSION['user']->setLocale($_POST['user-language']); $user->setLocale($_POST['user-language']);
$set[] = '`language` = "' . $_SESSION['user']->getLocale() . '"'; $set[] = '`language` = "' . $user->getLocale() . '"';
$page->messages[] = Page::success( $page->messages[] = Page::success(
sprintf( sprintf(
/** TRANSLATORS: %s: The new locale */ /** TRANSLATORS: %s: The new locale */
__('Language set to %s.'), __('Language set to %s.'),
'<strong>' . $_SESSION['user']->getLocale() . '</strong>' '<strong>' . $user->getLocale() . '</strong>'
), ),
__('Success') __('Success')
); );
} }
/** Currency */ /** Currency */
if (isset($_POST['user-currency']) && $_POST['user-currency'] !== $_SESSION['user']->getLocale() && $_POST['user-currency'] !== $_SESSION['user']->getCurrency()) { if (isset($_POST['user-currency']) && $_POST['user-currency'] !== $user->getLocale() && $_POST['user-currency'] !== $user->getCurrency()) {
$_SESSION['user']->setCurrency($_POST['user-currency']); $user->setCurrency($_POST['user-currency']);
$set[] = '`currency` = "' . $_SESSION['user']->getCurrency() . '"'; $set[] = '`currency` = "' . $user->getCurrency() . '"';
$page->messages[] = Page::success( $page->messages[] = Page::success(
sprintf( sprintf(
/** TRANSLATORS: %s: The new locale */ /** TRANSLATORS: %s: The new locale */
__('Currency set to %s.'), __('Currency set to %s.'),
'<strong>' . $_SESSION['user']->getCurrency() . '</strong>' '<strong>' . $user->getCurrency() . '</strong>'
), ),
__('Success') __('Success')
); );
} }
/** Channel */ /** Channel */
if (isset($_POST['user-channel']) && $_POST['user-channel'] !== $_SESSION['user']->channel) { if (isset($_POST['user-channel']) && $_POST['user-channel'] !== $user->channel) {
if (empty($_POST['user-channel'])) { if (empty($_POST['user-channel'])) {
$_SESSION['user']->channel = null; $user->channel = null;
$set[] = '`channel` = NULL'; $set[] = '`channel` = NULL';
} else { } else {
$_SESSION['user']->channel = $_POST['user-channel']; $user->channel = $_POST['user-channel'];
$set[] = '`channel` = "' . $_SESSION['user']->channel . '"'; $set[] = '`channel` = "' . $user->channel . '"';
} }
} }
/** Advertisements */ /** Advertisements */
if (isset($_POST['enable-advertisements'])) { if (isset($_POST['enable-advertisements'])) {
$_SESSION['user']->advertisements = true; $user->advertisements = true;
$set[] = '`advertisements` = TRUE'; $set[] = '`advertisements` = TRUE';
} else { } else {
$_SESSION['user']->advertisements = false; $user->advertisements = false;
$set[] = '`advertisements` = FALSE'; $set[] = '`advertisements` = FALSE';
} }
@ -171,8 +172,8 @@ if (isset($_POST['user-id'], $_POST['section'])) {
* Account * Account
*/ */
if (isset($_POST['account-delete'])) { if (isset($_POST['account-delete'])) {
$_SESSION['user']->delete(); $user->delete();
$_SESSION['user']->logOut(); $user->logOut();
redirect(Page::PAGE_HOME); redirect(Page::PAGE_HOME);
} }
@ -217,26 +218,26 @@ $page->navigation();
<div class="ui segment"> <div class="ui segment">
<form class="ui form" method="POST"> <form class="ui form" method="POST">
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" /> <input type="hidden" name="user-id" value="<?= $user->id ?>" />
<input type="hidden" name="section" value="personal" /> <input type="hidden" name="section" value="personal" />
<div class="three fields"> <div class="three fields">
<div class="field"> <div class="field">
<label><?= __('First name') ?></label> <label><?= __('First name') ?></label>
<input type="text" name="user-name-first" value="<?= $_SESSION['user']->name_first ?>" /> <input type="text" name="user-name-first" value="<?= $user->name_first ?>" />
</div> </div>
<div class="field"> <div class="field">
<label><?= __('Last name') ?></label> <label><?= __('Last name') ?></label>
<input type="text" name="user-name-last" value="<?= $_SESSION['user']->name_last ?>" /> <input type="text" name="user-name-last" value="<?= $user->name_last ?>" />
</div> </div>
<div class="field"> <div class="field">
<label><?= __('Nickname') ?></label> <label><?= __('Nickname') ?></label>
<input type="text" name="user-name-nick" value="<?= $_SESSION['user']->name_nick ?>" /> <input type="text" name="user-name-nick" value="<?= $user->name_nick ?>" />
</div> </div>
</div> </div>
@ -244,7 +245,7 @@ $page->navigation();
<div class="field"> <div class="field">
<label><?= __('Email') ?></label> <label><?= __('Email') ?></label>
<input type="email" name="user-email" value="<?= $_SESSION['user']->email ?>" /> <input type="email" name="user-email" value="<?= $user->email ?>" />
</div> </div>
<div class="field" data-content="<?= __('Used to suggest a wishlist called "Birthday", if it\'s coming up.') ?>"> <div class="field" data-content="<?= __('Used to suggest a wishlist called "Birthday", if it\'s coming up.') ?>">
@ -259,7 +260,7 @@ $page->navigation();
<input type="text" <input type="text"
name="user-birthdate" name="user-birthdate"
placeholder="<?= __('Pick a date') ?>" placeholder="<?= __('Pick a date') ?>"
value="<?= $_SESSION['user']->birthdate ?>" value="<?= $user->birthdate ?>"
/> />
</div> </div>
</div> </div>
@ -283,7 +284,7 @@ $page->navigation();
<div class="ui segment"> <div class="ui segment">
<form class="ui form" method="POST"> <form class="ui form" method="POST">
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" /> <input type="hidden" name="user-id" value="<?= $user->id ?>" />
<input type="hidden" name="section" value="password" /> <input type="hidden" name="section" value="password" />
<div class="two fields"> <div class="two fields">
@ -346,7 +347,7 @@ $page->navigation();
<div class="ui segment"> <div class="ui segment">
<form class="ui form" method="POST"> <form class="ui form" method="POST">
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" /> <input type="hidden" name="user-id" value="<?= $user->id ?>" />
<input type="hidden" name="section" value="preferences" /> <input type="hidden" name="section" value="preferences" />
<div class="two fields"> <div class="two fields">
@ -355,14 +356,14 @@ $page->navigation();
<select class="ui search dropdown language" name="user-language"> <select class="ui search dropdown language" name="user-language">
<?php if (!in_array('en_GB', $locales)) { ?> <?php if (!in_array('en_GB', $locales)) { ?>
<option value="<?= 'en_GB' ?>"><?= \Locale::getDisplayName('en_GB', $_SESSION['user']->getLocale()) ?></option> <option value="<?= 'en_GB' ?>"><?= \Locale::getDisplayName('en_GB', $user->getLocale()) ?></option>
<?php } ?> <?php } ?>
<?php foreach ($locales as $locale) { ?> <?php foreach ($locales as $locale) { ?>
<?php if ($locale === $_SESSION['user']->getLocale()) { ?> <?php if ($locale === $user->getLocale()) { ?>
<option value="<?= $locale ?>" selected><?= \Locale::getDisplayName($locale, $_SESSION['user']->getLocale()) ?></option> <option value="<?= $locale ?>" selected><?= \Locale::getDisplayName($locale, $user->getLocale()) ?></option>
<?php } else { ?> <?php } else { ?>
<option value="<?= $locale ?>"><?= \Locale::getDisplayName($locale, $_SESSION['user']->getLocale()) ?></option> <option value="<?= $locale ?>"><?= \Locale::getDisplayName($locale, $user->getLocale()) ?></option>
<?php } ?> <?php } ?>
<?php } ?> <?php } ?>
</select> </select>
@ -390,7 +391,7 @@ $page->navigation();
} }
?> ?>
<?php if ($currencyISO === $_SESSION['user']->getCurrency()) { ?> <?php if ($currencyISO === $user->getCurrency()) { ?>
<option value="<?= $currencyISO ?>" selected><?= $currencyValue ?></option> <option value="<?= $currencyISO ?>" selected><?= $currencyValue ?></option>
<?php } else { ?> <?php } else { ?>
<option value="<?= $currencyISO ?>"><?= $currencyValue ?></option> <option value="<?= $currencyISO ?>"><?= $currencyValue ?></option>
@ -446,7 +447,7 @@ $page->navigation();
<div class="ui segment"> <div class="ui segment">
<form class="ui form" method="POST"> <form class="ui form" method="POST">
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" /> <input type="hidden" name="user-id" value="<?= $user->id ?>" />
<input type="hidden" name="section" value="preferences" /> <input type="hidden" name="section" value="preferences" />
<?php if (defined('CHANNELS') && is_array(CHANNELS)) { ?> <?php if (defined('CHANNELS') && is_array(CHANNELS)) { ?>
@ -461,7 +462,7 @@ $page->navigation();
<option value=""><?= __('Select channel') ?></option> <option value=""><?= __('Select channel') ?></option>
<?php foreach (CHANNELS as $channel) { ?> <?php foreach (CHANNELS as $channel) { ?>
<?php if ($channel['branch'] === $_SESSION['user']->channel) { ?> <?php if ($channel['branch'] === $user->channel) { ?>
<option value="<?= $channel['branch'] ?>" selected><?= $channel['label'] ?></option> <option value="<?= $channel['branch'] ?>" selected><?= $channel['label'] ?></option>
<?php } else { ?> <?php } else { ?>
<option value="<?= $channel['branch'] ?>"><?= $channel['label'] ?></option> <option value="<?= $channel['branch'] ?>"><?= $channel['label'] ?></option>
@ -511,7 +512,7 @@ $page->navigation();
<div class="ui segment"> <div class="ui segment">
<form class="ui form" method="POST"> <form class="ui form" method="POST">
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" /> <input type="hidden" name="user-id" value="<?= $user->id ?>" />
<input type="hidden" name="section" value="preferences" /> <input type="hidden" name="section" value="preferences" />
<div class="field"> <div class="field">
@ -519,7 +520,7 @@ $page->navigation();
<div class="ui toggle checkbox advertisements"> <div class="ui toggle checkbox advertisements">
<?php <?php
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User(); $user = isset($user->id) ? $user : new User();
?> ?>
<?php if (true === $user->advertisements) { ?> <?php if (true === $user->advertisements) { ?>
@ -562,7 +563,7 @@ $page->navigation();
<div class="ui segment"> <div class="ui segment">
<form class="ui form" method="POST"> <form class="ui form" method="POST">
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" /> <input type="hidden" name="user-id" value="<?= $user->id ?>" />
<input type="hidden" name="section" value="account" /> <input type="hidden" name="section" value="account" />
<div class="field"> <div class="field">

6
src/pages/wishlist.php
View file

@ -24,6 +24,8 @@ if (!$wishlist->exists) {
$page->header(); $page->header();
$page->bodyStart(); $page->bodyStart();
$page->navigation(); $page->navigation();
$user = User::getCurrent();
?> ?>
<main> <main>
@ -33,7 +35,7 @@ $page->navigation();
<div class="ui stackable grid"> <div class="ui stackable grid">
<div class="column"> <div class="column">
<?php if ($_SESSION['user']->isLoggedIn() && $_SESSION['user']->id !== $wishlist->user) { ?> <?php if ($user->isLoggedIn() && $user->id !== $wishlist->user) { ?>
<button class="ui white small basic labeled icon button save disabled loading"> <button class="ui white small basic labeled icon button save disabled loading">
<i class="heart icon"></i> <i class="heart icon"></i>
<span><?= __('Remember list') ?></span> <span><?= __('Remember list') ?></span>
@ -47,7 +49,7 @@ $page->navigation();
/** /**
* Warn the wishlist creator * Warn the wishlist creator
*/ */
if ($_SESSION['user']->isLoggedIn() && $_SESSION['user']->id === $wishlist->user) { ?> if ($user->isLoggedIn() && $user->id === $wishlist->user) { ?>
<div class="ui icon warning message wishlist-own"> <div class="ui icon warning message wishlist-own">
<i class="exclamation triangle icon"></i> <i class="exclamation triangle icon"></i>
<div class="content"> <div class="content">

4
src/pages/wishlists-saved.php
View file

@ -13,7 +13,9 @@ $page->header();
$page->bodyStart(); $page->bodyStart();
$page->navigation(); $page->navigation();
$wishlists = $_SESSION['user']->getSavedWishlists(); $user = User::getCurrent();
$wishlists = $user->getSavedWishlists();
$wishlists_by_user = array(); $wishlists_by_user = array();
foreach ($wishlists as $wishlist_saved) { foreach ($wishlists as $wishlist_saved) {