PrivateCoffee/wishthis
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix: login not working

Browse source
This commit is contained in:
grandeljay 2023-08-30 14:58:00 +02:00
parent 749f247261
commit cf253bf8c0
24 changed files with 245 additions and 174 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
index.php
View file

@ -48,14 +48,11 @@ if (file_exists($configPath)) {
*/
session_start(
array(
'name' => 'wishthis',
'read_and_close' => true,
'name' => 'wishthis'
)
);
if (!isset($_SESSION['user'])) {
$_SESSION['user'] = new User();
}
$user = User::getCurrent();
/**
* Database
@ -85,7 +82,7 @@ if (
/**
* Persistent (stay logged in)
*/
if (isset($_COOKIE[COOKIE_PERSISTENT]) && $database && !$_SESSION['user']->isLoggedIn()) {
if (isset($_COOKIE[COOKIE_PERSISTENT]) && $database && !$user->isLoggedIn()) {
$sessions = $database
->query(
'SELECT *
@ -102,7 +99,7 @@ if (isset($_COOKIE[COOKIE_PERSISTENT]) && $database && !$_SESSION['user']->isLog
$expires = strtotime($session['expires']);
if (time() < $expires) {
$_SESSION['user'] = User::getFromID($session['user']);
$user = User::getFromID($session['user']);
break;
}
@ -130,7 +127,7 @@ $locales = array_filter(
)
);
$locale = isset($_REQUEST['locale']) ? $_REQUEST['locale'] : \Locale::lookup($locales, $_SESSION['user']->getLocale(), false, 'en_GB');
$locale = isset($_REQUEST['locale']) ? $_REQUEST['locale'] : \Locale::lookup($locales, $user->getLocale(), false, 'en_GB');
/**
* Wish

4
src/api/blog.php
View file

@ -15,8 +15,10 @@ if (!isset($page)) {
die('Direct access to this location is not allowed.');
}
$user = User::getCurrent();
$dateFormatter = new \IntlDateFormatter(
$_SESSION['user']->getLocale(),
$user->getLocale(),
\IntlDateFormatter::MEDIUM,
\IntlDateFormatter::NONE
);

4
src/api/save-preview.php
View file

@ -15,6 +15,8 @@ if (!isset($page)) {
die('Direct access to this location is not allowed.');
}
$user = User::getCurrent();
switch ($_SERVER['REQUEST_METHOD']) {
case 'POST':
if (isset($_POST['preview'], $_POST['page'])) {
@ -36,7 +38,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
$preview_create = true;
}
if ($preview_create && $_SESSION['user']->power >= $page->power) {
if ($preview_create && $user->power >= $page->power) {
file_put_contents($preview_filepath, $preview);
}
}

6
src/api/statistics.php
View file

@ -15,6 +15,8 @@ if (!isset($page)) {
die('Direct access to this location is not allowed.');
}
$user = User::getCurrent();
switch ($_SERVER['REQUEST_METHOD']) {
case 'GET':
if (isset($_GET['table'])) {
@ -41,12 +43,12 @@ switch ($_SERVER['REQUEST_METHOD']) {
/** Get last modified */
$user_time_zome = new \IntlDateFormatter(
$_SESSION['user']->getLocale()
$user->getLocale()
);
$user_time_zome = $user_time_zome->getTimeZoneId();
$datetimeFormatter = new \IntlDateFormatter(
$_SESSION['user']->getLocale(),
$user->getLocale(),
\IntlDateFormatter::RELATIVE_FULL,
\IntlDateFormatter::SHORT,
$user_time_zome

6
src/api/wishlists-saved.php
View file

@ -15,12 +15,14 @@ if (!isset($page)) {
die('Direct access to this location is not allowed.');
}
$user = User::getCurrent();
switch ($_SERVER['REQUEST_METHOD']) {
case 'GET':
/**
* Get
*/
$response['data'] = $_SESSION['user']->getSavedWishlists();
$response['data'] = $user->getSavedWishlists();
break;
case 'POST':
@ -60,7 +62,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
:wishlist_id
);',
array(
'user_id' => $_SESSION['user']->id,
'user_id' => $user->id,
'wishlist_id' => Sanitiser::getNumber($_POST['wishlist']),
)
);

12
src/api/wishlists.php
View file

@ -10,13 +10,15 @@ namespace wishthis;
global $page, $database;
$user = User::getCurrent();
switch ($_SERVER['REQUEST_METHOD']) {
case 'POST':
if (isset($_POST['wishlist-name'], $_SESSION['user']->id)) {
if (isset($_POST['wishlist-name'], $user->id)) {
/**
* Create
*/
$user_id = Sanitiser::getNumber($_SESSION['user']->id);
$user_id = Sanitiser::getNumber($user->id);
$wishlist_name = Sanitiser::getTitle($_POST['wishlist-name']);
$wishlist_hash = sha1(time() . $user_id . $wishlist_name);
@ -134,7 +136,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
if ($wishlist->exists) {
/** Determine if user is allowed to access wishlist */
if ($_SESSION['user']->isLoggedIn() && $_SESSION['user']->id === $wishlist->user) {
if ($user->isLoggedIn() && $user->id === $wishlist->user) {
$response['results'] = $wishlist;
} else {
http_response_code(403);
@ -153,11 +155,11 @@ switch ($_SERVER['REQUEST_METHOD']) {
} else {
http_response_code(404);
}
} elseif (isset($_GET['userid']) || isset($_SESSION['user']->id)) {
} elseif (isset($_GET['userid']) || isset($user->id)) {
/**
* Get user wishlists
*/
$user = $_SESSION['user'];
$user = $user;
if (!$user->isLoggedIn()) {
$this->response(403);

2
src/classes/wishthis/Database.php
View file

@ -34,7 +34,7 @@ class Database
$this->pdo = new \PDO($dsn, $this->user, $this->password, $options);
}
public function query(string $query, array $placeholders = array()): \PDOStatement
public function query(string $query, array $placeholders = array()): \PDOStatement|false
{
$statement = $this->pdo->prepare($query, array(\PDO::FETCH_ASSOC));

6
src/classes/wishthis/Page.php
View file

@ -153,7 +153,7 @@ class Page
/**
* Session
*/
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
$user = User::getCurrent();
/**
* Login
@ -279,7 +279,7 @@ class Page
{
global $locales;
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
$user = User::getCurrent();
?>
<!DOCTYPE html>
<html lang="<?= $this->language ?>">
@ -424,7 +424,7 @@ class Page
public function navigation(): void
{
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
$user = User::getCurrent();
$wishlists = Navigation::Wishlists->value;
$blog = Navigation::Blog->value;

131
src/classes/wishthis/User.php
View file

@ -41,6 +41,16 @@ class User
return sha1($plainPassword);
}
public static function getCurrent(): self {
if (!isset($_SESSION['user'])) {
$_SESSION['user'] = new self();
}
$user = $_SESSION['user'];
return $user;
}
/**
* The users unique ID.
*
@ -235,7 +245,7 @@ class User
*/
public function isLoggedIn(): bool
{
return isset($_SESSION['user']->id) && $_SESSION['user']->id >= 1;
return isset($this->id) && $this->id >= 1;
}
/**
@ -300,6 +310,117 @@ class User
?: $this->email;
}
/**
* Attempts to log in the user. Return whether it was successful or not.
*
* @return bool Whether the log in was successful.
*/
public function logIn(string $email = '', string $password = '', bool $user_login_is_persistent = false): bool {
global $database;
$login_was_successful = false;
if ('' === $email && '' === $password && isset($this->email, $this->password)) {
$email = $this->email;
$password = $this->password;
}
/**
* Update the `last_login` column before fetching the user, so it's up
* to date for the session and later usage.
*
* If this fails, we are assuming the user credentials are wrong or that
* the user does not exist.
*/
$update_last_login = $database
->query(
'UPDATE `users`
SET `last_login` = NOW()
WHERE `email` = :user_email
AND `password` = :user_password;',
array(
'user_email' => $email,
'user_password' => $password,
)
);
/**
* Updating the `last_login` column in the database has failed and we
* are now assuming that the credentials are wrong or that the user does
* not exist.
*/
if (false === $update_last_login) {
return $login_was_successful;
}
/**
* The credentials seem fine, so we are fetching the user fields now.
*/
$user_database_fields = $database
->query(
'SELECT *
FROM `users`
WHERE `email` = :user_email
AND `password` = :user_password;',
array(
'user_email' => $email,
'user_password' => $password,
)
)
->fetch();
/**
* Create a `User` object instance and assign it for later use.
*/
if (\is_array($user_database_fields)) {
$this->__construct($user_database_fields);
$_SESSION['user'] = $this;
$login_was_successful = true;
}
/**
* Make the session persist
*/
if ($user_login_is_persistent) {
/** Cookie options */
$sessionLifetime = 2592000 * 4; // 4 Months
$sessionExpires = time() + $sessionLifetime;
$sessionIsDev = defined('ENV_IS_DEV') && ENV_IS_DEV || '127.0.0.1' === $_SERVER['REMOTE_ADDR'];
$sessionOptions = array (
'domain' => getCookieDomain(),
'expires' => $sessionExpires,
'httponly' => true,
'path' => '/',
'samesite' => 'None',
'secure' => !$sessionIsDev,
);
/** Set cookie */
setcookie(COOKIE_PERSISTENT, session_id(), $sessionOptions);
$database->query(
'INSERT INTO `sessions` (
`user`,
`session`,
`expires`
) VALUES (
:user_id,
:session_id,
:session_expires
);',
array(
'user_id' => $this->id,
'session_id' => session_id(),
'session_expires' => date('Y-m-d H:i:s', $sessionExpires),
)
);
}
return $login_was_successful;
}
public function logOut(): void
{
/** Destroy session */
@ -335,4 +456,12 @@ class User
)
);
}
public function getEmail(): string {
return $this->email;
}
public function getPassword(): string {
return $this->password;
}
}

3
src/classes/wishthis/Wish.php
View file

@ -192,11 +192,12 @@ class Wish
ob_start();
$userCard = User::getFromID($ofUser);
$userCurrent = User::getCurrent();
$numberFormatter = new \NumberFormatter(
$userCard->getLocale() . '@currency=' . $userCard->getCurrency(),
\NumberFormatter::CURRENCY
);
$userIsCurrent = isset($_SESSION['user']->id) && $_SESSION['user']->id === $userCard->id;
$userIsCurrent = isset($userCurrent->id) && $userCurrent->id === $userCard->id;
/**
* Card

6
src/classes/wishthis/Wishlist.php
View file

@ -120,12 +120,14 @@ class Wishlist
)
)';
if ($_SESSION['user']->isLoggedIn()) {
$user = User::getCurrent();
if ($user->isLoggedIn()) {
$wishlist_ids = array_map(
function ($wishlist_data) {
return intval($wishlist_data['id']);
},
$_SESSION['user']->getWishlists()
$user->getWishlists()
);
/** Show all wishes (except fulfilled) */

2
src/functions/getWishlistNameSuggestion.php
View file

@ -10,7 +10,7 @@ namespace wishthis;
function getWishlistNameSuggestion(): string
{
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
$user = User::getCurrent();
$now = time();
$month = date('n');
$name = '';

2
src/functions/gettext.php
View file

@ -9,7 +9,7 @@ namespace wishthis;
function __(string $text, string $context = null, User $user = null): string
{
if (null === $user) {
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
$user = User::getCurrent();
}
if (null !== $user->translations) {

2
src/functions/redirect.php
View file

@ -10,7 +10,7 @@ use wishthis\User;
function redirect(string $target)
{
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
$user = User::getCurrent();
/**
* Redirect user based on channel setting

5
src/pages/blog.php
View file

@ -14,8 +14,9 @@ $page->bodyStart();
$page->navigation();
$posts = Blog::getPosts();
$user = User::getCurrent();
if ('en' !== \Locale::getPrimaryLanguage($_SESSION['user']->getLocale())) {
if ('en' !== \Locale::getPrimaryLanguage($user->getLocale())) {
$page->messages[] = Page::warning(
sprintf(
/** TRANSLATORS: %s: Language, most likely English */
@ -37,7 +38,7 @@ if ('en' !== \Locale::getPrimaryLanguage($_SESSION['user']->getLocale())) {
<?php foreach ($posts as $post) { ?>
<?php
$dateFormatter = new \IntlDateFormatter(
$_SESSION['user']->getLocale(),
$user->getLocale(),
\IntlDateFormatter::MEDIUM,
\IntlDateFormatter::NONE
);

12
src/pages/home.php
View file

@ -12,6 +12,8 @@ $page = new Page(__FILE__, __('Home'));
$page->header();
$page->bodyStart();
$page->navigation();
$user = User::getCurrent();
?>
<main>
@ -26,7 +28,7 @@ $page->navigation();
<p><?= __('wishthis is a simple, intuitive and modern wishlist platform to create, manage and view your wishes for any kind of occasion.') ?></p>
<div class="ui two column doubling stackable centered grid actions">
<?php if ($_SESSION['user']->isLoggedIn()) { ?>
<?php if ($user->isLoggedIn()) { ?>
<div class="column">
<a class="ui fluid primary button"
href="<?= Page::PAGE_WISHLISTS ?>"
@ -47,7 +49,7 @@ $page->navigation();
ORDER BY `wishes`.`edited` DESC
LIMIT 1;',
array(
'user_id' => $_SESSION['user']->id,
'user_id' => $user->id,
)
);
@ -209,9 +211,9 @@ $page->navigation();
<?php
$locale_browser = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? \Locale::acceptFromHttp($_SERVER['HTTP_ACCEPT_LANGUAGE']) : DEFAULT_LOCALE;
$locale_user = $_SESSION['user']->getLocale();
$locale_user = $user->getLocale();
if ($_SESSION['user']->isLoggedIn() && $locale_browser !== $locale_user && in_array($locale_browser, $locales, true)) {
if ($user->isLoggedIn() && $locale_browser !== $locale_user && in_array($locale_browser, $locales, true)) {
?>
<div class="ui segment">
<h2 class="ui header"><?= __('Hey, you') ?></h2>
@ -221,7 +223,7 @@ $page->navigation();
printf(
/** TRANSLATORS: %s: the users display name */
__('Yes, I mean you, %s.'),
$_SESSION['user']->getDisplayName()
$user->getDisplayName()
);
?>
</p>

6
src/pages/login-as.php
View file

@ -9,6 +9,7 @@
namespace wishthis;
$page = new Page(__FILE__, __('Login as'), 100);
$user = User::getCurrent();
if (isset($_POST['email'])) {
$email = Sanitiser::getEmail($_POST['email']);
@ -28,7 +29,8 @@ if (isset($_POST['email'])) {
if ($success) {
$fields = $userQuery->fetch();
$_SESSION['user'] = new User($fields);
$user = new User($fields);
$user->logIn();
}
}
@ -55,7 +57,7 @@ $users = $database
<?php
if (isset($success)) {
if ($success) {
echo Page::success(sprintf(__('Successfully logged in as %s.'), $_SESSION['user']->email), __('Success'));
echo Page::success(sprintf(__('Successfully logged in as %s.'), $user->email), __('Success'));
} else {
echo Page::error(__('User not found!'), __('Error'));
}

93
src/pages/login.php
View file

@ -14,94 +14,13 @@ $page = new Page(__FILE__, __('Login'));
* Login
*/
if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
$email = Sanitiser::getEmail($_POST['email']);
$password = User::passwordToHash($_POST['password']);
$user_email = \filter_input(\INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$user_password = User::passwordToHash($_POST['password']);
$user_login_is_persistent = isset($_POST['persistent']);
$database
->query(
'UPDATE `users`
SET `last_login` = NOW()
WHERE `email` = :user_email
AND `password` = :user_password;',
array(
'user_email' => $email,
'user_password' => $password,
)
);
$user->login($user_email, $user_password, $user_login_is_persistent);
$fields = $database
->query(
'SELECT *
FROM `users`
WHERE `email` = :user_email
AND `password` = :user_password;',
array(
'user_email' => $email,
'user_password' => $password,
)
)
->fetch();
$success = is_array($fields);
if ($success) {
$_SESSION['user'] = new User($fields);
/**
* Persisent session
*/
if (isset($_POST['persistent'])) {
/** Cookie options */
$sessionLifetime = 2592000 * 4; // 4 Months
$sessionExpires = time() + $sessionLifetime;
$sessionIsDev = defined('ENV_IS_DEV') && ENV_IS_DEV || '127.0.0.1' === $_SERVER['REMOTE_ADDR'];
$sessionOptions = array (
'domain' => getCookieDomain(),
'expires' => $sessionExpires,
'httponly' => true,
'path' => '/',
'samesite' => 'None',
'secure' => !$sessionIsDev,
);
/** Set cookie */
setcookie(COOKIE_PERSISTENT, session_id(), $sessionOptions);
/** Column sessions.expires was added in v0.7.1. */
if ($database->columnExists('sessions', 'expires')) {
$database->query(
'INSERT INTO `sessions` (
`user`,
`session`,
`expires`
) VALUES (
:user_id,
:session_id,
:session_expires
);',
array(
'user_id' => $_SESSION['user']->id,
'session_id' => session_id(),
'session_expires' => date('Y-m-d H:i:s', $sessionExpires),
)
);
} else {
$database->query(
'INSERT INTO `sessions` (
`user`,
`session`
) VALUES (
:user_id,
:session_id
);',
array(
'user_id' => $_SESSION['user']->id,
'session_id' => session_id(),
)
);
}
}
} else {
if (!$user->isLoggedIn()) {
$page->messages[] = Page::error(
__('No user could be found with the credentials you provided.'),
__('Invalid credentials'),
@ -109,7 +28,7 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
}
}
if ($_SESSION['user']->isLoggedIn()) {
if ($user->isLoggedIn()) {
if (isset($_SESSION['REDIRECT_URL'])) {
redirect($_SESSION['REDIRECT_URL']);
} else {

4
src/pages/logout.php
View file

@ -9,8 +9,8 @@
namespace wishthis;
$page = new Page(__FILE__, __('Logout'));
$_SESSION['user']->logOut();
$user = User::getCurrent();
$user->logOut();
$page->header();
$page->bodyStart();

5
src/pages/parts/wishlist.php
View file

@ -6,10 +6,11 @@
namespace wishthis;
$user = User::getCurrent();
?>
<?php if ($_SESSION['user']->isLoggedIn()) { ?>
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
<?php if ($user->isLoggedIn()) { ?>
<input type="hidden" name="user-id" value="<?= $user->id ?>" />
<?php } ?>
<div class="wishlist-filter-wrapper">

4
src/pages/power.php
View file

@ -12,6 +12,8 @@ $page = new Page(__FILE__, __('Insufficient power'));
$page->header();
$page->bodyStart();
$page->navigation();
$user = User::getCurrent();
?>
<main>
@ -20,7 +22,7 @@ $page->navigation();
<div class="ui segment">
<h2 class="ui header"><?= __('Restricted access') ?></h2>
<p><?= sprintf(__('You do not have enough power to view this page. You need %s to see this page, but only have %s.'), '<strong>' . $_GET['required'] . '</strong>', '<strong>' . $_SESSION['user']->power . '</strong>') ?></p>
<p><?= sprintf(__('You do not have enough power to view this page. You need %s to see this page, but only have %s.'), '<strong>' . $_GET['required'] . '</strong>', '<strong>' . $user->power . '</strong>') ?></p>
</div>
</div>
</main>

81
src/pages/profile.php
View file

@ -9,6 +9,7 @@
namespace wishthis;
$page = new Page(__FILE__, __('Profile'), 1);
$user = User::getCurrent();
if (isset($_POST['user-id'], $_POST['section'])) {
$set = array();
@ -37,10 +38,10 @@ if (isset($_POST['user-id'], $_POST['section'])) {
$loginRequired = false;
foreach ($formFieldsString as $field) {
if (!empty($_POST[$field['key']]) && $_POST[$field['key']] !== $_SESSION['user']->{$field['column']}) {
if (!empty($_POST[$field['key']]) && $_POST[$field['key']] !== $user->{$field['column']}) {
$set[] = '`' . $field['column'] . '` = "' . $_POST[$field['key']] . '"';
$_SESSION['user']->{$field['column']} = $_POST[$field['key']];
$user->{$field['column']} = $_POST[$field['key']];
$page->messages[] = Page::success(
sprintf(
@ -52,7 +53,7 @@ if (isset($_POST['user-id'], $_POST['section'])) {
}
}
if (!empty($_POST['user-email']) && $_POST['user-email'] !== $_SESSION['user']->email) {
if (!empty($_POST['user-email']) && $_POST['user-email'] !== $user->email) {
$loginRequired = true;
}
@ -61,13 +62,13 @@ if (isset($_POST['user-id'], $_POST['section'])) {
*/
if (isset($_POST['user-birthdate'])) {
if (empty($_POST['user-birthdate'])) {
$_SESSION['user']->birthdate = null;
$user->birthdate = null;
$set[] = '`birthdate` = NULL';
} else {
$_SESSION['user']->birthdate = date('Y-m-d', strtotime($_POST['user-birthdate']));
$user->birthdate = date('Y-m-d', strtotime($_POST['user-birthdate']));
$set[] = '`birthdate` = "' . $_SESSION['user']->birthdate . '"';
$set[] = '`birthdate` = "' . $user->birthdate . '"';
}
}
@ -89,57 +90,57 @@ if (isset($_POST['user-id'], $_POST['section'])) {
*/
/** Language */
if (isset($_POST['user-language']) && $_POST['user-language'] !== $_SESSION['user']->getLocale()) {
$_SESSION['user']->setLocale($_POST['user-language']);
if (isset($_POST['user-language']) && $_POST['user-language'] !== $user->getLocale()) {
$user->setLocale($_POST['user-language']);
$set[] = '`language` = "' . $_SESSION['user']->getLocale() . '"';
$set[] = '`language` = "' . $user->getLocale() . '"';
$page->messages[] = Page::success(
sprintf(
/** TRANSLATORS: %s: The new locale */
__('Language set to %s.'),
'<strong>' . $_SESSION['user']->getLocale() . '</strong>'
'<strong>' . $user->getLocale() . '</strong>'
),
__('Success')
);
}
/** Currency */
if (isset($_POST['user-currency']) && $_POST['user-currency'] !== $_SESSION['user']->getLocale() && $_POST['user-currency'] !== $_SESSION['user']->getCurrency()) {
$_SESSION['user']->setCurrency($_POST['user-currency']);
if (isset($_POST['user-currency']) && $_POST['user-currency'] !== $user->getLocale() && $_POST['user-currency'] !== $user->getCurrency()) {
$user->setCurrency($_POST['user-currency']);
$set[] = '`currency` = "' . $_SESSION['user']->getCurrency() . '"';
$set[] = '`currency` = "' . $user->getCurrency() . '"';
$page->messages[] = Page::success(
sprintf(
/** TRANSLATORS: %s: The new locale */
__('Currency set to %s.'),
'<strong>' . $_SESSION['user']->getCurrency() . '</strong>'
'<strong>' . $user->getCurrency() . '</strong>'
),
__('Success')
);
}
/** Channel */
if (isset($_POST['user-channel']) && $_POST['user-channel'] !== $_SESSION['user']->channel) {
if (isset($_POST['user-channel']) && $_POST['user-channel'] !== $user->channel) {
if (empty($_POST['user-channel'])) {
$_SESSION['user']->channel = null;
$user->channel = null;
$set[] = '`channel` = NULL';
} else {
$_SESSION['user']->channel = $_POST['user-channel'];
$user->channel = $_POST['user-channel'];
$set[] = '`channel` = "' . $_SESSION['user']->channel . '"';
$set[] = '`channel` = "' . $user->channel . '"';
}
}
/** Advertisements */
if (isset($_POST['enable-advertisements'])) {
$_SESSION['user']->advertisements = true;
$user->advertisements = true;
$set[] = '`advertisements` = TRUE';
} else {
$_SESSION['user']->advertisements = false;
$user->advertisements = false;
$set[] = '`advertisements` = FALSE';
}
@ -171,8 +172,8 @@ if (isset($_POST['user-id'], $_POST['section'])) {
* Account
*/
if (isset($_POST['account-delete'])) {
$_SESSION['user']->delete();
$_SESSION['user']->logOut();
$user->delete();
$user->logOut();
redirect(Page::PAGE_HOME);
}
@ -217,26 +218,26 @@ $page->navigation();
<div class="ui segment">
<form class="ui form" method="POST">
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
<input type="hidden" name="user-id" value="<?= $user->id ?>" />
<input type="hidden" name="section" value="personal" />
<div class="three fields">
<div class="field">
<label><?= __('First name') ?></label>
<input type="text" name="user-name-first" value="<?= $_SESSION['user']->name_first ?>" />
<input type="text" name="user-name-first" value="<?= $user->name_first ?>" />
</div>
<div class="field">
<label><?= __('Last name') ?></label>
<input type="text" name="user-name-last" value="<?= $_SESSION['user']->name_last ?>" />
<input type="text" name="user-name-last" value="<?= $user->name_last ?>" />
</div>
<div class="field">
<label><?= __('Nickname') ?></label>
<input type="text" name="user-name-nick" value="<?= $_SESSION['user']->name_nick ?>" />
<input type="text" name="user-name-nick" value="<?= $user->name_nick ?>" />
</div>
</div>
@ -244,7 +245,7 @@ $page->navigation();
<div class="field">
<label><?= __('Email') ?></label>
<input type="email" name="user-email" value="<?= $_SESSION['user']->email ?>" />
<input type="email" name="user-email" value="<?= $user->email ?>" />
</div>
<div class="field" data-content="<?= __('Used to suggest a wishlist called "Birthday", if it\'s coming up.') ?>">
@ -259,7 +260,7 @@ $page->navigation();
<input type="text"
name="user-birthdate"
placeholder="<?= __('Pick a date') ?>"
value="<?= $_SESSION['user']->birthdate ?>"
value="<?= $user->birthdate ?>"
/>
</div>
</div>
@ -283,7 +284,7 @@ $page->navigation();
<div class="ui segment">
<form class="ui form" method="POST">
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
<input type="hidden" name="user-id" value="<?= $user->id ?>" />
<input type="hidden" name="section" value="password" />
<div class="two fields">
@ -346,7 +347,7 @@ $page->navigation();
<div class="ui segment">
<form class="ui form" method="POST">
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
<input type="hidden" name="user-id" value="<?= $user->id ?>" />
<input type="hidden" name="section" value="preferences" />
<div class="two fields">
@ -355,14 +356,14 @@ $page->navigation();
<select class="ui search dropdown language" name="user-language">
<?php if (!in_array('en_GB', $locales)) { ?>
<option value="<?= 'en_GB' ?>"><?= \Locale::getDisplayName('en_GB', $_SESSION['user']->getLocale()) ?></option>
<option value="<?= 'en_GB' ?>"><?= \Locale::getDisplayName('en_GB', $user->getLocale()) ?></option>
<?php } ?>
<?php foreach ($locales as $locale) { ?>
<?php if ($locale === $_SESSION['user']->getLocale()) { ?>
<option value="<?= $locale ?>" selected><?= \Locale::getDisplayName($locale, $_SESSION['user']->getLocale()) ?></option>
<?php if ($locale === $user->getLocale()) { ?>
<option value="<?= $locale ?>" selected><?= \Locale::getDisplayName($locale, $user->getLocale()) ?></option>
<?php } else { ?>
<option value="<?= $locale ?>"><?= \Locale::getDisplayName($locale, $_SESSION['user']->getLocale()) ?></option>
<option value="<?= $locale ?>"><?= \Locale::getDisplayName($locale, $user->getLocale()) ?></option>
<?php } ?>
<?php } ?>
</select>
@ -390,7 +391,7 @@ $page->navigation();
}
?>
<?php if ($currencyISO === $_SESSION['user']->getCurrency()) { ?>
<?php if ($currencyISO === $user->getCurrency()) { ?>
<option value="<?= $currencyISO ?>" selected><?= $currencyValue ?></option>
<?php } else { ?>
<option value="<?= $currencyISO ?>"><?= $currencyValue ?></option>
@ -446,7 +447,7 @@ $page->navigation();
<div class="ui segment">
<form class="ui form" method="POST">
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
<input type="hidden" name="user-id" value="<?= $user->id ?>" />
<input type="hidden" name="section" value="preferences" />
<?php if (defined('CHANNELS') && is_array(CHANNELS)) { ?>
@ -461,7 +462,7 @@ $page->navigation();
<option value=""><?= __('Select channel') ?></option>
<?php foreach (CHANNELS as $channel) { ?>
<?php if ($channel['branch'] === $_SESSION['user']->channel) { ?>
<?php if ($channel['branch'] === $user->channel) { ?>
<option value="<?= $channel['branch'] ?>" selected><?= $channel['label'] ?></option>
<?php } else { ?>
<option value="<?= $channel['branch'] ?>"><?= $channel['label'] ?></option>
@ -511,7 +512,7 @@ $page->navigation();
<div class="ui segment">
<form class="ui form" method="POST">
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
<input type="hidden" name="user-id" value="<?= $user->id ?>" />
<input type="hidden" name="section" value="preferences" />
<div class="field">
@ -519,7 +520,7 @@ $page->navigation();
<div class="ui toggle checkbox advertisements">
<?php
$user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
$user = isset($user->id) ? $user : new User();
?>
<?php if (true === $user->advertisements) { ?>
@ -562,7 +563,7 @@ $page->navigation();
<div class="ui segment">
<form class="ui form" method="POST">
<input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
<input type="hidden" name="user-id" value="<?= $user->id ?>" />
<input type="hidden" name="section" value="account" />
<div class="field">

6
src/pages/wishlist.php
View file

@ -24,6 +24,8 @@ if (!$wishlist->exists) {
$page->header();
$page->bodyStart();
$page->navigation();
$user = User::getCurrent();
?>
<main>
@ -33,7 +35,7 @@ $page->navigation();
<div class="ui stackable grid">
<div class="column">
<?php if ($_SESSION['user']->isLoggedIn() && $_SESSION['user']->id !== $wishlist->user) { ?>
<?php if ($user->isLoggedIn() && $user->id !== $wishlist->user) { ?>
<button class="ui white small basic labeled icon button save disabled loading">
<i class="heart icon"></i>
<span><?= __('Remember list') ?></span>
@ -47,7 +49,7 @@ $page->navigation();
/**
* Warn the wishlist creator
*/
if ($_SESSION['user']->isLoggedIn() && $_SESSION['user']->id === $wishlist->user) { ?>
if ($user->isLoggedIn() && $user->id === $wishlist->user) { ?>
<div class="ui icon warning message wishlist-own">
<i class="exclamation triangle icon"></i>
<div class="content">

4
src/pages/wishlists-saved.php
View file

@ -13,7 +13,9 @@ $page->header();
$page->bodyStart();
$page->navigation();
$wishlists = $_SESSION['user']->getSavedWishlists();
$user = User::getCurrent();
$wishlists = $user->getSavedWishlists();
$wishlists_by_user = array();
foreach ($wishlists as $wishlist_saved) {