Merge pull request #61 from DanielnetoDotCom/master

update unstable
WWBN · May 2, 2018 · 9fd79a6 · 9fd79a6
2 parents cff5517 + 4f6c7db
commit 9fd79a6
Show file tree

Hide file tree

Showing 112 changed files with 20,111 additions and 66 deletions.
diff --git a/.htaccess b/.htaccess
@@ -140,7 +140,7 @@
     RewriteRule    ^removePlaylist/?$ objects/playlistRemove.php    [NC,L]
     RewriteRule    ^renamePlaylist/?$ objects/playlistRename.php    [NC,L]
     RewriteRule    ^sortPlaylist/?$ objects/playlistSort.php    [NC,L]
-    RewriteRule    ^channel/([0-9]+)/?$ view/channel.php?user_id=$1    [NC,L]
+    RewriteRule    ^channel/([^/]+)/?$ view/channel.php?channelName=$1    [NC,L]
     RewriteRule    ^channel/?$ view/channel.php    [NC,L]
     RewriteRule    ^channels/?$ view/channels.php    [NC,L]
 

diff --git a/install/checkConfiguration.php b/install/checkConfiguration.php
@@ -1,6 +1,6 @@
 <?php
 
-$installationVersion = "5.2";
+$installationVersion = "5.3";
 
 
 header('Content-Type: application/json');

diff --git a/install/database.sql b/install/database.sql
@@ -24,6 +24,8 @@ CREATE TABLE IF NOT EXISTS `users` (
   `canStream` TINYINT(1) NULL,
   `canUpload` TINYINT(1) NULL,
   `about` TEXT NULL,
+  `channelName` VARCHAR(45) NOT NULL,
+  `emailVerified` TINYINT(1) NOT NULL DEFAULT 0,
   PRIMARY KEY (`id`),
   UNIQUE INDEX `user_UNIQUE` (`user` ASC))
 ENGINE = InnoDB;

diff --git a/objects/comments.json.php b/objects/comments.json.php
@@ -9,7 +9,7 @@
 foreach ($comments as $key => $value) {
     $name = User::getNameIdentificationById($value['users_id']);
     //$comments[$key]['comment'] = " <div class=\"commenterName\"><strong>{$name}</strong><div class=\"date sub-text\">{$value['created']}</div></div><div class=\"commentText\">". nl2br($value['comment'])."</div>";
-    $comments[$key]['comment'] = '<div class="pull-left"><img src="'.User::getPhoto($value['users_id']).'" alt="" class="img img-responsive img-circle" style="max-width: 50px;"/></div><div class="commentDetails"><div class="commenterName"><strong><a href="'.$global['webSiteRootURL'].'channel/'.$value['users_id'].'/">'.$name.'</a></strong> <small>'.humanTiming(strtotime($value['created'])).'</small></div>'. nl2br(textToLink($value['comment'])).'</div>';
+    $comments[$key]['comment'] = '<div class="pull-left"><img src="'.User::getPhoto($value['users_id']).'" alt="" class="img img-responsive img-circle" style="max-width: 50px;"/></div><div class="commentDetails"><div class="commenterName"><strong><a href="'.User::getChannelLink($value['users_id']).'/">'.$name.'</a></strong> <small>'.humanTiming(strtotime($value['created'])).'</small></div>'. nl2br(textToLink($value['comment'])).'</div>';
     $comments[$key]['total_replies'] = Comment::getTotalComments($_GET['video_id'], $comments[$key]['id']);
     $comments[$key]['video'] = Video::getVideo($comments[$key]['videos_id']);
     $comments[$key]['poster'] = Video::getImageFromFilename($comments[$key]['video']['filename']);

diff --git a/objects/configuration.php b/objects/configuration.php
@@ -282,11 +282,15 @@ function setAutoplay($autoplay) {
 
     static function rewriteConfigFile() {
         global $global, $mysqlHost, $mysqlUser, $mysqlPass, $mysqlDatabase;
+        if(empty($global['salt'])){
+            $global['salt'] = uniqid();
+        }
         $content = "<?php
 \$global['disableAdvancedConfigurations'] = 0;
 \$global['videoStorageLimitMinutes'] = 0;
 \$global['webSiteRootURL'] = '{$global['webSiteRootURL']}';
 \$global['systemRootPath'] = '{$global['systemRootPath']}';
+\$global['salt'] = '{$global['salt']}';
 
 \$mysqlHost = '{$mysqlHost}';
 \$mysqlUser = '{$mysqlUser}';

diff --git a/objects/include_config.php b/objects/include_config.php
@@ -22,6 +22,11 @@
     Configuration::rewriteConfigFile();
 }
 
+// for update config to v5.3
+if (empty($global['salt'])) {
+    Configuration::rewriteConfigFile();
+}
+
 $global['dont_show_us_flag'] = false;
 // this is for old versions
 session_write_close ();

diff --git a/objects/login.json.php b/objects/login.json.php
@@ -98,10 +98,15 @@
 }
 if(empty($_POST['user']) || empty($_POST['pass'])){
     $object->error = __("User and Password can not be blank");
-     die(json_encode($object));
+    die(json_encode($object));
 }
 $user = new User(0, $_POST['user'], $_POST['pass']);
-$user->login(false, @$_POST['encodedPass']);
+$resp = $user->login(false, @$_POST['encodedPass']);
+
+if($resp === User::USER_NOT_VERIFIED){
+    $object->error = __("Your user is not verified, we sent you a new e-mail");
+    die(json_encode($object));
+}
 $object->id = User::getId();
 $object->user = User::getUserName();
 $object->pass = User::getUserPass();

diff --git a/objects/playlist.php b/objects/playlist.php
@@ -33,7 +33,7 @@ static function getAllFromUser($userId, $publicOnly = true) {
             $sql .= " AND pl.status = 'public' ";
         }
         if (!empty($userId)) {
-            $sql .= " AND users_id = {$userId} ";
+            $sql .= " AND users_id = '{$userId}' ";
         }
         $sql .= self::getSqlFromPost();
 

diff --git a/objects/subscribe.php b/objects/subscribe.php
@@ -269,7 +269,7 @@ function toogleNotify{$user_id}(){
                 if (!empty($subs)) {
                     // show unsubscribe Button
                     $subscribe = "<div class=\"btn-group\">"
-                . "<button class='btn btn-xs subsB subscribeButton{$user_id} subscribed subs{$user_id}'><span class='fa'></span> <b class='text'>" . __("Subscribed") . "</b></button>"
+                . "<button class='btn btn-xs subsB subscribeButton{$user_id} subscribed subs{$user_id}'><span class='fab fa-youtube'></span> <b class='text'>" . __("Subscribed") . "</b></button>"
                 . "<button class='btn btn-xs subsB subscribed subs{$user_id}'><b class='textTotal{$user_id}'>$total</b></button>"
                 . "</div>";
 

diff --git a/objects/user.php b/objects/user.php
@@ -20,6 +20,8 @@ class User {
     private $backgroundURL;
     private $recoverPass;
     private $about;
+    private $channelName;
+    private $emailVerified;
     private $userGroups = array();
 
     function __construct($id, $user = "", $password = "") {
@@ -52,7 +54,6 @@ function getAbout() {
     function setAbout($about) {
         $this->about = $about;
     }
-
 
     function getPassword() {
         return $this->password;
@@ -70,8 +71,7 @@ function getCanUpload() {
     function setCanUpload($canUpload) {
         $this->canUpload = $canUpload;
     }
-
-
+
     private function load($id) {
         $user = self::getUserDb($id);
         if (empty($user))
@@ -281,19 +281,32 @@ function save($updateUserGroups = false) {
         if (empty($this->status)) {
             $this->status = 'a';
         }
+
+        if (empty($this->channelName)) {
+            $this->channelName = uniqid();
+        }else{
+            $channelOwner = static::getChannelOwner($this->channelName);
+            if(!empty($channelOwner)){ // if the channel name exists and it is not from this user, rename the channel name
+                if(empty($this->id) ||  $channelOwner['id']!=$this->id){
+                    $this->channelName .= uniqid();
+                }
+            }
+        }
 
         $this->user = $global['mysqli']->real_escape_string($this->user);
         $this->password = $global['mysqli']->real_escape_string($this->password);
         $this->name = $global['mysqli']->real_escape_string($this->name);
         $this->status = $global['mysqli']->real_escape_string($this->status);
         $this->about = $global['mysqli']->real_escape_string($this->about);
+        $this->channelName = $global['mysqli']->real_escape_string($this->channelName);
 
         if (!empty($this->id)) {
             $sql = "UPDATE users SET user = '{$this->user}', password = '{$this->password}', "
             . "email = '{$this->email}', name = '{$this->name}', isAdmin = {$this->isAdmin},"
             . "canStream = {$this->canStream},canUpload = {$this->canUpload}, status = '{$this->status}', "
             . "photoURL = '{$this->photoURL}', backgroundURL = '{$this->backgroundURL}', "
-            . "recoverPass = '{$this->recoverPass}', about = '{$this->about}' , modified = now() WHERE id = {$this->id}";
+            . "recoverPass = '{$this->recoverPass}', about = '{$this->about}', "
+            . " channelName = '{$this->channelName}', emailVerified = '{$this->emailVerified}' , modified = now() WHERE id = {$this->id}";
         } else {
             $sql = "INSERT INTO users (user, password, email, name, isAdmin, canStream, canUpload, status,photoURL,recoverPass, created, modified) VALUES ('{$this->user}','{$this->password}','{$this->email}','{$this->name}',{$this->isAdmin}, {$this->canStream}, {$this->canUpload}, '{$this->status}', '{$this->photoURL}', '{$this->recoverPass}', now(), now())";
         }
@@ -303,6 +316,10 @@ function save($updateUserGroups = false) {
         if ($insert_row) {
             if (empty($this->id)) {
                 $id = $global['mysqli']->insert_id;
+                $obj = YouPHPTubePlugin::getObjectDataIfEnabled('CustomizeAdvanced');
+                if(!empty($obj->unverifiedEmailsCanNOTLogin)){
+                    self::sendVerificationLink($id);
+                }
             } else {
                 $id = $this->id;
             }
@@ -316,6 +333,19 @@ function save($updateUserGroups = false) {
             die($sql . ' Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
         }
     }
+
+    static function getChannelOwner($channelName){
+        global $global;
+        $channelName = $global['mysqli']->real_escape_string($channelName);
+        $sql = "SELECT * FROM users WHERE channelName = '$channelName' LIMIT 1";
+        $res = $global['mysqli']->query($sql);
+        if ($res) {
+            $user = $res->fetch_assoc();
+        } else {
+            $user = false;
+        }
+        return $user;
+    }
 
     function delete() {
         if (!self::isAdmin()) {
@@ -338,18 +368,29 @@ function delete() {
         }
         return $resp;
     }
-
+
+    const USER_LOGGED = 0;
+    const USER_NOT_VERIFIED = 1;
+    const USER_NOT_FOUND = 2;
     function login($noPass = false, $encodedPass=false) {
+        $obj = YouPHPTubePlugin::getObjectDataIfEnabled('CustomizeAdvanced');
         if ($noPass) {
             $user = $this->find($this->user, false, true);
         } else {
             $user = $this->find($this->user, $this->password, true, $encodedPass);
         }
-        if ($user) {
+        // if user is not verified
+        if(!empty($user) && empty($user['isAmin']) && empty($user['emailVerified']) && !empty($obj->unverifiedEmailsCanNOTLogin)){
+            unset($_SESSION['user']);
+            self::sendVerificationLink($user['id']);
+            return self::USER_NOT_VERIFIED;
+        }else if ($user) {
             $_SESSION['user'] = $user;
             $this->setLastLogin($_SESSION['user']['id']);
+            return self::USER_LOGGED;
         } else {
             unset($_SESSION['user']);
+            return self::USER_NOT_FOUND;
         }
     }
 
@@ -369,6 +410,10 @@ static function logoff() {
     static function isLogged() {
         return !empty($_SESSION['user']['id']);
     }
+
+    static function isVerified() {
+        return !empty($_SESSION['user']['emailVerified']);
+    }
 
     static function isAdmin() {
         return !empty($_SESSION['user']['isAdmin']);
@@ -733,5 +778,119 @@ function getBackgroundURL() {
     function setBackgroundURL($backgroundURL) {
         $this->backgroundURL = strip_tags($backgroundURL);
     }
+
+    function getChannelName() {
+        return $this->channelName;
+    }
+
+    function getEmailVerified() {
+        return $this->emailVerified;
+    }
+
+    /**
+     * 
+     * @param type $channelName
+     * @return boolean return true is is unique 
+     */
+    function setChannelName($channelName) {
+        $user = static::getChannelOwner($channelName);
+        if(!empty($user)){ // if the channel name exists and it is not from this user, rename the channel name
+            if(empty($this->id) ||  $user['id']!=$this->id){
+                return false;
+            }
+        }
+        $this->channelName = $channelName;
+        return true;
+    }
+
+    function setEmailVerified($emailVerified) {
+        $this->emailVerified = $emailVerified;
+    }
+
+    static function getChannelLink($users_id=0){
+        global $global;
+        if(empty($users_id)){
+            $users_id = self::getId();
+        }
+        $user = new User($users_id);
+        if(empty($user)){
+            return false;
+        }      
+        if(empty($user->getChannelName())){
+            $name = $user->getBdId();
+        }else{
+            $name = $user->getChannelName();
+        }
+        $link = "{$global['webSiteRootURL']}channel/{$name}";
+        return $link;
+
+    }
+
+    static function sendVerificationLink($users_id){       
+        global $global, $config;
+        $user = new User($users_id);
+        $code = urlencode(static::createVerificationCode($users_id));
+        require_once $global['systemRootPath'] . 'objects/PHPMailer/PHPMailerAutoload.php';
+        //Create a new PHPMailer instance
+        $mail = new PHPMailer;
+        setSiteSendMessage($mail);
+        //Set who the message is to be sent from
+        $mail->setFrom($config->getContactEmail(), $config->getWebSiteTitle());
+        //Set who the message is to be sent to
+        $mail->addAddress($user->getEmail());
+        //Set the subject line
+        $mail->Subject = 'Please Verify Your E-mail ' . $config->getWebSiteTitle();
+
+        $msg = sprintf(__("Hi %s"), $user->getNameIdentificationBd());
+        $msg .= "<br><br>".__("Just a quick note to say a big welcome and an even bigger thank you for registering.");
+
+        $msg .= "<br><br>".sprintf(__("Cheers, %s Team."), $config->getWebSiteTitle());
+
+        $msg .= "<br><br>".sprintf(__("You are just one click away from starting your journey with %s!"), $config->getWebSiteTitle());
+        $msg .= "<br><br>".sprintf(__("All you need to do is to verify your e-mail by clicking the link below"));
+        $msg .= "<br><br>"." <a href='{$global['webSiteRootURL']}objects/userVerifyEmail.php?code={$code}'>" . __("Verify") . "</a>";
+
+        $mail->msgHTML($msg);
+
+        return $mail->send();
+
+    }
+
+    static function verifyCode($code){
+        global $global;
+        $obj = static::decodeVerificationCode($code);
+        $salt = hash('sha256', $global['salt']);   
+        if($salt!==$obj->salt){
+            return false;
+        }
+        $user = new User($obj->users_id);
+        $recoverPass = $user->getRecoverPass();
+        if($recoverPass == $obj->recoverPass){
+            $user->setEmailVerified(1);
+            return $user->save();
+        }
+        return false;        
+    }
+
+    static function createVerificationCode($users_id){
+        global $global;
+        $obj = new stdClass();
+        $obj->users_id = $users_id;
+        $obj->recoverPass = uniqid();
+        $obj->salt = hash('sha256', $global['salt']);   
+
+        $user = new User($users_id);
+        $user->setRecoverPass($obj->recoverPass);
+        $user->save();
+
+        return base64_encode(json_encode($obj));
+    }
+
+    static function decodeVerificationCode($code){
+        $obj = json_decode(base64_decode($code));
+        return $obj;
+    }
+
+
 
 }
diff --git a/objects/userAddNew.json.php b/objects/userAddNew.json.php
@@ -17,5 +17,10 @@
 $user->setCanStream($_POST['canStream']);
 $user->setCanUpload($_POST['canUpload']);
 $user->setStatus($_POST['status']);
+$unique = $user->setChannelName($_POST['channelName']);
+if(!$unique){
+    echo '{"error":"'.__("Channel name already exists").'"}';
+    exit;
+}
 $user->setUserGroups(@$_POST['userGroups']);
 echo '{"status":"'.$user->save(true).'"}';
diff --git a/objects/userUpdate.json.php b/objects/userUpdate.json.php
@@ -12,6 +12,12 @@
 $user->setEmail($_POST['email']);
 $user->setName($_POST['name']);
 $user->setAbout($_POST['about']);
+$unique = $user->setChannelName($_POST['channelName']);
+if(!$unique){
+    echo '{"error":"'.__("Channel name already exists").'"}';
+    exit;
+}
+
 if (User::isAdmin() && !empty($_POST['status'])) {
     $user->setStatus($_POST['status']);
 }