diff --git a/libraries/Controllers/AuthController.php b/libraries/Controllers/AuthController.php index 182c58a..c8d56be 100644 --- a/libraries/Controllers/AuthController.php +++ b/libraries/Controllers/AuthController.php @@ -79,6 +79,7 @@ class AuthController extends Controller if (Config::get('lock_authentication')) { $message = 'Logging in is disabled for security checkups! Try again later.'; Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + return Template::render('global/information'); } @@ -97,6 +98,7 @@ class AuthController extends Controller if ($rates > 4) { $message = 'Your have hit the login rate limit, try again later.'; Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + return Template::render('global/information'); } @@ -108,6 +110,7 @@ class AuthController extends Controller $this->touchRateLimit($user->id); $message = 'The user you tried to log into does not exist.'; Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + return Template::render('global/information'); } @@ -118,6 +121,7 @@ class AuthController extends Controller $this->touchRateLimit($user->id); $message = 'Logging into this account is disabled.'; Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + return Template::render('global/information'); // Default hashing method @@ -131,6 +135,7 @@ class AuthController extends Controller $this->touchRateLimit($user->id); $message = 'The password you entered was invalid.'; Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + return Template::render('global/information'); } } @@ -140,6 +145,7 @@ class AuthController extends Controller $this->touchRateLimit($user->id); $message = 'Your account does not have the required permissions to log in.'; Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + return Template::render('global/information'); } @@ -175,4 +181,179 @@ class AuthController extends Controller return Template::render('global/information'); } + + public function registerGet() + { + // Attempt to check if a user has already registered from the current IP + $getUserIP = DB::table('users') + ->where('register_ip', Net::pton(Net::IP())) + ->orWhere('last_ip', Net::pton(Net::IP())) + ->get(); + + Template::vars([ + 'haltRegistration' => count($getUserIP) > 1, + 'haltName' => $getUserIP[array_rand($getUserIP)]->username, + ]); + + return Template::render('main/register'); + } + + public function registerPost() + { + // Preliminarily set login to failed + $success = 0; + $redirect = Router::route('auth.register'); + + // Check if authentication is disallowed + if (Config::get('lock_authentication') || Config::get('disable_registration')) { + $message = 'Registration is disabled for security checkups! Try again later.'; + + Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + + return Template::render('global/information'); + } + + // Check if authentication is disallowed + if (!isset($_POST['session']) || $_POST['session'] != session_id()) { + $message = "Your session expired, refreshing the page will most likely fix this!"; + + Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + + return Template::render('global/information'); + } + + // Grab forms + $username = isset($_POST['username']) ? $_POST['username'] : null; + $password = isset($_POST['password']) ? $_POST['password'] : null; + $email = isset($_POST['email']) ? $_POST['email'] : null; + $captcha = isset($_POST['g-recaptcha-response']) ? $_POST['g-recaptcha-response'] : null; + $terms = isset($_POST['tos']); + + // Append username and email to the redirection url + $redirect .= "?username={$username}&email={$email}"; + + // Check if the user agreed to the ToS + if (!$terms) { + $message = 'You are required to agree to the Terms of Service.'; + + Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + + return Template::render('global/information'); + } + + // Check if we require a captcha + if (Config::get('recaptcha')) { + // Get secret key from the config + $secret = Config::get('recaptcha_private'); + + // Attempt to verify the captcha + $response = Net::fetch("https://google.com/recaptcha/api/siteverify?secret={$secret}&response={$captcha}"); + + // Attempt to decode as json + if ($response) { + $response = json_decode($response); + } + + if (!$response || !$response->success) { + $message = 'Captcha verification failed, please try again.'; + + Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + + return Template::render('global/information'); + } + } + + // Attempt to get account data + $user = User::construct(Utils::cleanString($username, true, true)); + + // Check if the username already exists + if ($user && $user->id !== 0) { + $message = "{$user->username} is already a member here! If this is you please use the password reset form instead of making a new account."; + + Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + + return Template::render('global/information'); + } + + // Username too short + if (strlen($username) < Config::get('username_min_length')) { + $message = 'Your name must be at least 3 characters long.'; + + Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + + return Template::render('global/information'); + } + + // Username too long + if (strlen($username) > Config::get('username_max_length')) { + $message = 'Your name can\'t be longer than 16 characters.'; + + Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + + return Template::render('global/information'); + } + + // Check if the given email address is formatted properly + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { + $message = 'Your e-mail address is formatted incorrectly.'; + + Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + + return Template::render('global/information'); + } + + // Check the MX record of the email + if (!Utils::checkMXRecord($email)) { + $message = 'No valid MX-Record found on the e-mail address you supplied.'; + + Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + + return Template::render('global/information'); + } + + // Check if the e-mail has already been used + $emailCheck = DB::table('users') + ->where('email', $email) + ->count(); + if ($emailCheck) { + $message = 'Someone already registered using this email!'; + + Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + + return Template::render('global/information'); + } + + // Check password entropy + if (Utils::pwdEntropy($password) < Config::get('min_entropy')) { + $message = 'Your password is too weak, try adding some special characters.'; + + Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + + return Template::render('global/information'); + } + + // Set a few variables + $requireActive = Config::get('require_activation'); + $ranks = $requireActive ? [1] : [2]; + + // Create the user + $user = User::create($username, $password, $email, $ranks); + + // Check if we require e-mail activation + if ($requireActive) { + // Send activation e-mail to user + Users::sendActivationMail($user->id); + } + + // Return true with a specific message if needed + $success = 1; + $redirect = Router::route('auth.login'); + $message = $requireActive + ? 'Your registration went through! An activation e-mail has been sent.' + : 'Your registration went through! Welcome to ' . Config::get('sitename') . '!'; + + Template::vars(['page' => ['success' => $success, 'redirect' => $redirect, 'message' => $message]]); + + return Template::render('global/information'); + } } diff --git a/libraries/Net.php b/libraries/Net.php index 7cd83e9..69f3d6f 100644 --- a/libraries/Net.php +++ b/libraries/Net.php @@ -210,4 +210,30 @@ class Net // Compare them return ($ip & $mask) === $net; } + + /** + * Fetch a remote file + * + * @param string $url The location of the file + * + * @return mixed The contents of the remote file + */ + public static function fetch($url) + { + // Create a curl instance + $curl = curl_init(); + + // Set options + curl_setopt($curl, CURLOPT_URL, $url); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); + curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2); + curl_setopt($curl, CURLOPT_TIMEOUT, 4); + curl_setopt($curl, CURLOPT_USERAGENT, 'Sakura/' . SAKURA_VERSION); + + // Execute + $curl = curl_exec($curl); + + // Return the data + return $curl; + } } diff --git a/libraries/User.php b/libraries/User.php index 27f6151..806e3de 100644 --- a/libraries/User.php +++ b/libraries/User.php @@ -166,7 +166,7 @@ class User public $background = 0; /** - * The FIle id of the user's header. + * The File id of the user's header. * @var mixed */ public $header = 0; @@ -257,26 +257,23 @@ class User $emailClean = Utils::cleanString($email, true); $password = Hashing::createHash($password); - // Insert the user into the database - DBv2::prepare('INSERT INTO `{prefix}users` (`username`, `username_clean`, `password_hash`, `password_salt`, `password_algo`, `password_iter`, `email`, `rank_main`, `register_ip`, `last_ip`, `user_registered`, `user_last_online`, `user_country`) VALUES (:uname, :uname_clean, :pw_hash, :pw_salt, :pw_algo, :pw_iter, :email, :rank, :r_ip, :l_ip, :registered, :l_online, :country)') - ->execute([ - 'uname' => $username, - 'uname_clean' => $usernameClean, - 'pw_hash' => $password[3], - 'pw_salt' => $password[2], - 'pw_algo' => $password[0], - 'pw_iter' => $password[1], - 'email' => $emailClean, - 'rank' => 0, - 'r_ip' => Net::pton(Net::IP()), - 'l_ip' => Net::pton(Net::IP()), - 'registered' => time(), - 'l_online' => 0, - 'country' => Utils::getCountryCode(), - ]); - - // Get the last id - $userId = DBv2::lastID(); + // Insert the user into the database and get the id + $userId = DB::table('users') + ->insertGetId([ + 'username' => $username, + 'username_clean' => $usernameClean, + 'password_hash' => $password[3], + 'password_salt' => $password[2], + 'password_algo' => $password[0], + 'password_iter' => $password[1], + 'email' => $emailClean, + 'rank_main' => 0, + 'register_ip' => Net::pton(Net::IP()), + 'last_ip' => Net::pton(Net::IP()), + 'user_registered' => time(), + 'user_last_online' => 0, + 'user_country' => Utils::getCountryCode(), + ]); // Create a user object $user = self::construct($userId); @@ -294,20 +291,19 @@ class User /** * The actual constructor * - * @param int|string $uid The user ID or clean username. + * @param int|string $userId The user ID or clean username. */ - private function __construct($uid) + private function __construct($userId) { // Get the user database row - $userRow = DBv2::prepare('SELECT * FROM `{prefix}users` WHERE `user_id` = :id OR `username_clean` = :clean'); - $userRow->execute([ - 'id' => $uid, - 'clean' => Utils::cleanString($uid, true, true), - ]); - $userRow = $userRow->fetch(); + $userRow = DB::table('users') + ->where('user_id', $userId) + ->orWhere('username_clean', Utils::cleanString($userId, true, true)) + ->get(); // Populate the variables if ($userRow) { + $userRow = $userRow[0]; $this->id = $userRow->user_id; $this->username = $userRow->username; $this->usernameClean = $userRow->username_clean; @@ -319,8 +315,8 @@ class User $this->email = $userRow->email; $this->mainRankId = $userRow->rank_main; $this->colour = $userRow->user_colour; - $this->registerIp = $userRow->register_ip; - $this->lastIp = $userRow->last_ip; + $this->registerIp = Net::ntop($userRow->register_ip); + $this->lastIp = Net::ntop($userRow->last_ip); $this->title = $userRow->user_title; $this->registered = $userRow->user_registered; $this->lastOnline = $userRow->user_last_online; @@ -334,11 +330,9 @@ class User } // Get all ranks - $ranks = DBv2::prepare('SELECT * FROM `{prefix}user_ranks` WHERE `user_id` = :id'); - $ranks->execute([ - 'id' => $this->id, - ]); - $ranks = $ranks->fetchAll(); + $ranks = DB::table('user_ranks') + ->where('user_id', $this->id) + ->get(['rank_id']); // Get the rows for all the ranks foreach ($ranks as $rank) { @@ -371,15 +365,6 @@ class User $this->permissions = new Perms(Perms::SITE); } - - /** - * Commit changed to database, doesn't do anything yet. - */ - public function update() - { - // placeholder - } - /** * Get the user's birthday. * @@ -425,14 +410,13 @@ class User */ public function isOnline() { - // Get all sessions - $sessions = DBv2::prepare('SELECT `user_id` FROM `{prefix}sessions` WHERE `user_id` = :id'); - $sessions->execute([ - 'id' => $this->id, - ]); + // Count sessions + $sessions = DB::table('sessions') + ->where('user_id', $this->id) + ->count(); // If there's no entries just straight up return false - if (!$sessions->rowCount()) { + if (!$sessions) { return false; } @@ -447,19 +431,20 @@ class User */ public function forumStats() { - $posts = DBv2::prepare('SELECT * FROM `{prefix}posts` WHERE `poster_id` = :id'); - $posts->execute([ - 'id' => $this->id, - ]); + $posts = DB::table('posts') + ->where('poster_id', $this->id) + ->count(); - $threads = DBv2::prepare('SELECT DISTINCT * FROM `{prefix}posts` WHERE `poster_id` = :id GROUP BY `topic_id` ORDER BY `post_time`'); - $threads->execute([ - 'id' => $this->id, - ]); + $threads = DB::table('posts') + ->where('poster_id', $this->id) + ->distinct() + ->groupBy('topic_id') + ->orderBy('post_time') + ->count(); return [ - 'posts' => $posts->rowCount(), - 'topics' => $threads->rowCount(), + 'posts' => $posts, + 'topics' => $threads, ]; } @@ -482,11 +467,11 @@ class User // Save to the database foreach ($ranks as $rank) { - DBv2::prepare('INSERT INTO `{prefix}ranks` (`rank_id`, `user_id`) VALUES (:rank, :user)') - ->execute([ - 'rank' => $rank, - 'user' => $this->id, - ]); + DB::table('user_ranks') + ->insert([ + 'rank_id' => $rank, + 'user_id' => $this->id, + ]); } } @@ -502,11 +487,10 @@ class User // Iterate over the ranks foreach ($remove as $rank) { - DBv2::prepare('DELETE FROM `{prefix}user_ranks` WHERE `user_id` = :user AND `rank_id` = :rank') - ->execute([ - 'user' => $this->id, - 'rank' => $rank, - ]); + DB::table('ranks') + ->where('user_id', $this->id) + ->where('rank_id', $rank) + ->delete(); } } @@ -520,11 +504,11 @@ class User public function setMainRank($rank) { // If it does exist update their row - DBv2::prepare('UPDATE `{prefix}users` SET `rank_main` = :rank WHERE `user_id` = :id') - ->execute([ - 'rank' => $rank, - 'id' => $this->id, - ]); + DB::table('users') + ->where('user_id', $this->id) + ->update([ + 'rank_main' => $rank, + ]); // Return true if everything was successful return true; @@ -579,12 +563,12 @@ class User } // Add friend - DBv2::prepare('INSERT INTO `{prefix}friends` (`user_id`, `friend_id`, `friend_timestamp`) VALUES (:user, :friend, :time)') - ->execute([ - 'user' => $this->id, - 'friend' => $uid, - 'time' => time(), - ]); + DB::table('friends') + ->insert([ + 'user_id' => $this->id, + 'friend_id' => $uid, + 'friend_timestamp' => time(), + ]); // Return true because yay return [1, $user->isFriends($this->id) ? 'FRIENDS' : 'NOT_MUTUAL']; @@ -873,7 +857,7 @@ class User } // Check if we have additional options as well - if (!$field['field_additional']) { + if ($field['field_additional'] != null) { // Decode the json of the additional stuff $additional = json_decode($field['field_additional'], true); diff --git a/libraries/Users.php b/libraries/Users.php index c30ffcf..e5027c6 100644 --- a/libraries/Users.php +++ b/libraries/Users.php @@ -98,104 +98,6 @@ class Users return [$uid, $sid]; } - /** - * Register a new account. - * - * @param string $username The username. - * @param string $password The password. - * @param string $confirmpass The password, again. - * @param string $email The e-mail. - * @param bool $tos Agreeing to the ToS. - * @param string $captcha Captcha. - * @param string $regkey Registration key (unused). - * - * @return array Status. - */ - public static function register($username, $password, $confirmpass, $email, $tos, $captcha = null, $regkey = null) - { - // Check if authentication is disallowed - if (Config::get('lock_authentication')) { - return [0, 'AUTH_LOCKED']; - } - - // Check if registration is even enabled - if (Config::get('disable_registration')) { - return [0, 'DISABLED']; - } - - // Check if the user agreed to the ToS - if (!$tos) { - return [0, 'TOS']; - } - - // Verify the captcha if it's enabled - if (Config::get('recaptcha')) { - if (!Utils::verifyCaptcha($captcha)['success']) { - return [0, 'CAPTCHA_FAIL']; - } - } - - // Check if the username already exists - if (self::userExists($username, false)) { - return [0, 'USER_EXISTS']; - } - - // Username too short - if (strlen($username) < Config::get('username_min_length')) { - return [0, 'NAME_TOO_SHORT']; - } - - // Username too long - if (strlen($username) > Config::get('username_max_length')) { - return [0, 'NAME_TOO_LONG']; - } - - // Check if the given email address is formatted properly - if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { - return [0, 'INVALID_EMAIL']; - } - - // Check the MX record of the email - if (!Utils::checkMXRecord($email)) { - return [0, 'INVALID_MX']; - } - - // Check if the e-mail has already been used - $emailCheck = DBv2::prepare('SELECT `user_id` FROM `{prefix}users` WHERE `email` = :email'); - $emailCheck->execute([ - 'email' => $email, - ]); - if ($emailCheck->rowCount() > 0) { - return [0, 'EMAIL_EXISTS']; - } - - // Check password entropy - if (Utils::pwdEntropy($password) < Config::get('min_entropy')) { - return [0, 'PASS_TOO_SHIT']; - } - - // Passwords do not match - if ($password != $confirmpass) { - return [0, 'PASS_NOT_MATCH']; - } - - // Set a few variables - $requireActive = Config::get('require_activation'); - $ranks = $requireActive ? [1] : [2]; - - // Create the user - $user = User::create($username, $password, $email, $ranks); - - // Check if we require e-mail activation - if ($requireActive) { - // Send activation e-mail to user - self::sendActivationMail($user->id); - } - - // Return true with a specific message if needed - return [1, ($requireActive ? 'EMAILSENT' : 'SUCCESS')]; - } - /** * Send password forgot e-mail * @@ -455,28 +357,6 @@ class Users return [1, 'SUCCESS']; } - /** - * Check if a user exists. - * - * @param mixed $id The Username or ID. - * @param mixed $unused Unused variable. - * - * @return mixed Returns the ID if it exists, false otherwise. - */ - public static function userExists($id, $unused = null) - { - // Do database request - $user = DBv2::prepare('SELECT * FROM `{prefix}users` WHERE `user_id` = :id OR `username_clean` = :clean'); - $user->execute([ - 'id' => $id, - 'clean' => Utils::cleanString($id, true, true), - ]); - $user = $user->fetch(); - - // Return count (which would return 0, aka false, if nothing was found) - return $user ? $user->user_id : false; - } - /** * Get all available profile fields. * @@ -649,51 +529,6 @@ class Users } } - /** - * Get all users that registered from a certain IP. - * - * @param string $ip The IP. - * - * @return array The users. - */ - public static function getUsersByIP($ip) - { - // Get the users - $users = DBv2::prepare('SELECT * FROM `{prefix}users` WHERE `register_ip` = :rip OR `last_ip` = :lip'); - $users->execute([ - 'rip' => $ip, - 'lip' => $ip, - ]); - $users = $users->fetchAll(\PDO::FETCH_ASSOC); - - // Return the array with users - return $users; - } - - /** - * Get all ranks. - * - * @return array All ranks. - */ - public static function getAllRanks() - { - // Execute query - $getRanks = DBv2::prepare('SELECT * FROM `{prefix}ranks`'); - $getRanks->execute(); - $getRanks = $getRanks->fetchAll(); - - // Define variable - $ranks = []; - - // Reorder shit - foreach ($getRanks as $rank) { - $ranks[$rank->rank_id] = Rank::construct($rank->rank_id); - } - - // and return an array with the ranks - return $ranks; - } - /** * Get a user's notifications. * diff --git a/libraries/Utils.php b/libraries/Utils.php index 0737d21..567f8ee 100644 --- a/libraries/Utils.php +++ b/libraries/Utils.php @@ -17,35 +17,6 @@ use PHPMailer; */ class Utils { - /** - * Verify a ReCaptcha - * - * @param string $response The user response. - * - * @return array The response from the ReCaptcha API. - */ - public static function verifyCaptcha($response) - { - // Attempt to get the response - $resp = file_get_contents( - 'https://www.google.com/recaptcha/api/siteverify?secret=' - . Config::get('recaptcha_private') - . '&response=' - . $response - ); - - // In the highly unlikely case that it failed to get anything forge a false - if (!$resp) { - return []; - } - - // Decode the response JSON from the servers - $resp = json_decode($resp, true); - - // Return shit - return $resp; - } - /** * The error handler. * @@ -60,42 +31,6 @@ class Utils $errstr = str_replace(ROOT, '', $errstr); $errfile = str_replace(ROOT, '', $errfile); - // Attempt to log the error to the database - if (DBv2::$db !== null) { - // Encode backtrace data - $backtrace = base64_encode(json_encode(debug_backtrace())); - - // Check if this error has already been logged in the past - $past = DBv2::prepare('SELECT * FROM `{prefix}error_log` WHERE `error_backtrace` = :bc OR (`error_string` = :str AND `error_line` = :li)'); - $past->execute([ - 'bc' => $backtrace, - 'str' => $errstr, - 'li' => $errline, - ]); - $past = $past->fetch(); - - if ($past) { - // If so assign the errid - $errid = $past->error_id; - } else { - // Create an error ID - $errid = substr(md5(microtime()), rand(0, 22), 10); - - // Log the error - DBv2::prepare('INSERT INTO `{prefix}error_log` (`error_id`, `error_timestamp`, `error_revision`, `error_type`, `error_line`, `error_string`, `error_file`, `error_backtrace`) VALUES (:id, :time, :rev, :type, :line, :string, :file, :bc)') - ->execute([ - 'id' => $errid, - 'time' => date("r"), - 'rev' => SAKURA_VERSION, - 'type' => $errno, - 'line' => $errline, - 'string' => $errstr, - 'file' => $errfile, - 'bc' => $backtrace, - ]); - } - } - switch ($errno) { case E_ERROR: case E_USER_ERROR: @@ -121,11 +56,6 @@ class Utils ob_clean(); ob_end_clean(); - // Check if this request was made through the ajax thing - if (isset($_REQUEST['ajax'])) { - die('An error occurred while executing the script.|1|javascript:alert("' . (isset($errid) ? 'Error Log ID: '. $errid : 'Failed to log.') . '");'); - } - // Check for dev mode $detailed = Config::local('dev', 'show_errors'); @@ -176,7 +106,7 @@ class Utils
' . $error . '

Backtraces

'; - foreach (debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS) as $num => $trace) { + foreach (debug_backtrace() as $num => $trace) { $errorPage .= '

#' . $num . '

';
 
                 foreach ($trace as $key => $val) {
diff --git a/public/authenticate.php b/public/authenticate.php
index a209172..a92b815 100644
--- a/public/authenticate.php
+++ b/public/authenticate.php
@@ -53,11 +53,9 @@ if (isset($_REQUEST['mode'])) {
 
             // Add page specific things
             $renderData['page'] = [
-
                 'redirect' => $urls->format('SITE_HOME'),
                 'message' => 'You are already authenticated. Redirecting...',
                 'success' => 1,
-
             ];
         }
     }
@@ -84,7 +82,6 @@ if (isset($_REQUEST['mode'])) {
 
                 // Array containing "human understandable" messages
                 $messages = [
-
                     'INVALID_VERK' => 'The verification key supplied was invalid!',
                     'INVALID_CODE' => 'Invalid verification key, if you think this is an error contact the administrator.',
                     'INVALID_USER' => 'The used verification key is not designated for this user.',
@@ -92,7 +89,6 @@ if (isset($_REQUEST['mode'])) {
                     'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.',
                     'PASS_NOT_MATCH' => 'Passwords do not match.',
                     'SUCCESS' => 'Successfully changed your password, you may now log in.',
-
                 ];
 
                 // Add page specific things
@@ -114,22 +110,18 @@ if (isset($_REQUEST['mode'])) {
 
                 // Array containing "human understandable" messages
                 $messages = [
-
                     'USER_NOT_EXIST' => 'The user you tried to activate does not exist.',
                     'USER_ALREADY_ACTIVE' => 'The user you tried to activate is already active.',
                     'INVALID_CODE' => 'Invalid activation code, if you think this is an error contact the administrator.',
                     'INVALID_USER' => 'The used activation code is not designated for this user.',
                     'SUCCESS' => 'Successfully activated your account, you may now log in.',
-
                 ];
 
                 // Add page specific things
                 $renderData['page'] = [
-
                     'redirect' => $urls->format('SITE_LOGIN'),
                     'message' => $messages[$activate[1]],
                     'success' => $activate[0],
-
                 ];
                 break;
 
@@ -140,21 +132,17 @@ if (isset($_REQUEST['mode'])) {
 
                 // Array containing "human understandable" messages
                 $messages = [
-
                     'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.',
                     'USER_NOT_EXIST' => 'The user you tried to activate does not exist (confirm the username/email combination).',
                     'USER_ALREADY_ACTIVE' => 'The user you tried to activate is already active.',
                     'SUCCESS' => 'The activation e-mail has been sent to the address associated with your account.',
-
                 ];
 
                 // Add page specific things
                 $renderData['page'] = [
-
                     'redirect' => $urls->format('SITE_HOME'),
                     'message' => $messages[$resend[1]],
                     'success' => $resend[0],
-
                 ];
                 break;
 
@@ -170,46 +158,11 @@ if (isset($_REQUEST['mode'])) {
 
             // Registration processing
             case 'register':
-                // Attempt registration
-                $register = Users::register(
-                    $_REQUEST['username'],
-                    $_REQUEST['password'],
-                    $_REQUEST['confirmpassword'],
-                    $_REQUEST['email'],
-                    isset($_REQUEST['tos']),
-                    (
-                        Config::get('recaptcha') ?
-                        $_REQUEST['g-recaptcha-response'] :
-                        null
-                    )
-                );
-
-                // Array containing "human understandable" messages
-                $messages = [
-                    'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.',
-                    'DISABLED' => 'Registration is currently disabled.',
-                    'INVALID_REG_KEY' => 'The given registration code was invalid.',
-                    'TOS' => 'You are required to agree to the Terms of Service.',
-                    'CAPTCHA_FAIL' => 'Captcha verification failed, please try again.',
-                    'USER_EXISTS' => 'A user with this username already exists, if you lost your password try using the Lost Password form.',
-                    'NAME_TOO_SHORT' => 'Your name must be at least 3 characters long.',
-                    'NAME_TOO_LONG' => 'Your name can\'t be longer than 16 characters.',
-                    'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.',
-                    'PASS_NOT_MATCH' => 'Passwords do not match.',
-                    'EMAIL_EXISTS' => 'Someone already registered using this email!', // HOW DID I MISS THIS?!
-                    'INVALID_EMAIL' => 'Your e-mail address is formatted incorrectly.',
-                    'INVALID_MX' => 'No valid MX-Record found on the e-mail address you supplied.',
-                    'EMAILSENT' => 'Your registration went through! An activation e-mail has been sent.',
-                    'SUCCESS' => 'Your registration went through! Welcome to ' . Config::get('sitename') . '!',
-                ];
-
                 // Add page specific things
                 $renderData['page'] = [
-
-                    'redirect' => ($register[0] ? $urls->format('SITE_LOGIN') : $urls->format('SITE_REGISTER')),
-                    'message' => $messages[$register[1]],
-                    'success' => $register[0],
-
+                    'redirect' => Router::route('auth.register'),
+                    'message' => 'Wrong registration page.',
+                    'success' => 0,
                 ];
                 break;
 
@@ -220,21 +173,17 @@ if (isset($_REQUEST['mode'])) {
 
                 // Array containing "human understandable" messages
                 $messages = [
-
                     'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.',
                     'USER_NOT_EXIST' => 'The requested user does not exist (confirm the username/email combination).',
                     'NOT_ALLOWED' => 'Your account does not have the required permissions to change your password.',
                     'SUCCESS' => 'The password reset e-mail has been sent to the address associated with your account.',
-
                 ];
 
                 // Add page specific things
                 $renderData['page'] = [
-
                     'redirect' => $urls->format('SITE_FORGOT_PASSWORD'),
                     'message' => $messages[$passforgot[1]],
                     'success' => $passforgot[0],
-
                 ];
                 break;
 
@@ -255,24 +204,15 @@ if (isset($_REQUEST['mode'])) {
 
 // Add page specific things
 $renderData['auth'] = [
-
     'redirect' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('SITE_HOME'),
-    'blockRegister' => [
-
-        'do' => false,
-
-    ],
-
 ];
 
 // Check if the user is already logged in
 if (Users::checkLogin()) {
     // Add page specific things
     $renderData['page'] = [
-
         'redirect' => $urls->format('SITE_HOME'),
         'message' => 'You are already logged in, log out to access this page.',
-
     ];
 
     Template::vars($renderData);
@@ -280,16 +220,6 @@ if (Users::checkLogin()) {
     exit;
 }
 
-// Check if a user has already registered from the current IP address
-if (count($regUserIP = Users::getUsersByIP(Net::pton(Net::IP())))) {
-    $renderData['auth']['blockRegister'] = [
-
-        'do' => true,
-        'username' => $regUserIP[array_rand($regUserIP)]['username'],
-
-    ];
-}
-
 // If password forgot things are set display password forget thing
 if (isset($_REQUEST['pw']) && $_REQUEST['pw']) {
     $renderData['auth']['changingPass'] = true;
diff --git a/public/content/data/yuuno/css/yuuno.css b/public/content/data/yuuno/css/yuuno.css
index 09d4f38..f7094fb 100644
--- a/public/content/data/yuuno/css/yuuno.css
+++ b/public/content/data/yuuno/css/yuuno.css
@@ -411,7 +411,7 @@ a.default:active {
 
 }
 
-#headerLoginForm {
+.headerLoginContainer {
     background: rgba(211, 191, 255, .8);
     border: 1px solid #9475B2;
     box-shadow: 0 0 3px #8364A1;
@@ -422,14 +422,15 @@ a.default:active {
     border-radius: 3px;
 }
 
-#headerLoginForm > div {
+.headerLoginContainer form,
+.headerLoginContainer div {
     display: inline-block;
 }
 
-#headerLoginForm input[type="submit"],
-#headerLoginForm input[type="button"] {
-    display: inline-block;
-    border-radius: 3px;
+.headerLoginContainer input[type="submit"],
+.headerLoginContainer button {
+    display: inline-block !important;
+    border-radius: 3px !important;
 }
 
 @media (max-width: 640px) {
diff --git a/routes.php b/routes.php
index 2527cb5..677816b 100644
--- a/routes.php
+++ b/routes.php
@@ -16,6 +16,8 @@ Router::get('/p/{id}', 'MetaController@infoPage', 'main.infopage');
 Router::get('/login', 'AuthController@loginGet', 'auth.login');
 Router::post('/login', 'AuthController@loginPost', 'auth.login');
 Router::get('/logout', 'AuthController@logout', 'auth.logout');
+Router::get('/register', 'AuthController@registerGet', 'auth.register');
+Router::post('/register', 'AuthController@registerPost', 'auth.register');
 
 // News
 Router::get('/news', 'MetaController@news', 'news.index');
diff --git a/sakura.php b/sakura.php
index 8eb2152..de97c09 100644
--- a/sakura.php
+++ b/sakura.php
@@ -8,7 +8,7 @@
 namespace Sakura;
 
 // Define Sakura version
-define('SAKURA_VERSION', '20160227');
+define('SAKURA_VERSION', '20160228');
 
 // Define Sakura Path
 define('ROOT', __DIR__ . '/');
diff --git a/templates/yuuno/global/master.twig b/templates/yuuno/global/master.twig
index 8825512..22b180f 100644
--- a/templates/yuuno/global/master.twig
+++ b/templates/yuuno/global/master.twig
@@ -101,7 +101,7 @@
                             {% if sakura.lockAuth %}
                                 
                             {% else %}
-                                
+                                
                                 
                             {% endif %}
                         {% endif %}
@@ -114,6 +114,7 @@
                     
{% endif %} {% if not session.checkLogin and sakura.currentPage != route('auth.login') %} +
@@ -135,6 +136,10 @@
+
+ +
+ {% endif %} {% if user.permission(constant('Sakura\\Perms\\Site::RESTRICTED')) %}
diff --git a/templates/yuuno/main/authenticate.twig b/templates/yuuno/main/authenticate.twig index d5fb1e8..bc8f67d 100644 --- a/templates/yuuno/main/authenticate.twig +++ b/templates/yuuno/main/authenticate.twig @@ -35,86 +35,6 @@
-
-
- Register on {{ sakura.siteName }} -
- {% if not sakura.disableRegistration %} -
- - - -
- -
-
- -
-
- -
-
- -
-
- -
-
- -
-
- -
-
- -
- {% if sakura.requireRegCodes %} -
- -
-
- -
- {% endif %} - {% if sakura.recaptchaEnabled %} -
- -
-
- {% include 'elements/captcha.twig' %} -
- {% endif %} - -
- -
-
- {% if auth.blockRegister.do %} -
-
-
-

Are you {{ auth.blockRegister.username }}?

-

Making more than one account is not permitted.

-

If you lost your password please use the form on the bottom left but if you don't already have an account you can go ahead and click the link below to show the registration form this check is based on your IP so in some cases someone may have registered/used the site on this IP already.

-

If we find out that you already have an account we may question you about it, if you can give a good reason we'll let it slide otherwise we may issue a temporary ban.

-
- -
- {% endif %} - {% else %} -
-
-
-

Registration is disabled.

-

Please try again later.

-
-
- {% endif %} -
{% if sakura.requireActivation %}
diff --git a/templates/yuuno/main/login.twig b/templates/yuuno/main/login.twig index ea2ab0c..e6bdcad 100644 --- a/templates/yuuno/main/login.twig +++ b/templates/yuuno/main/login.twig @@ -14,8 +14,6 @@
- -
diff --git a/templates/yuuno/main/register.twig b/templates/yuuno/main/register.twig new file mode 100644 index 0000000..5024ad5 --- /dev/null +++ b/templates/yuuno/main/register.twig @@ -0,0 +1,72 @@ +{% extends 'global/master.twig' %} + +{% block title %}Register{% endblock %} + +{% block content %} + {% if sakura.lockAuth or sakura.disableRegistration %} +
+
+
+
+

Registration is disabled.

+

Please try again later.

+
+
+
+ {% else %} +
+
+
+ Register +
+ + +
+ +
+
+ +
+
+ +
+
+ +
+
+ +
+
+ +
+ {% if sakura.recaptchaEnabled %} +
+ +
+
+ {% include 'elements/captcha.twig' %} +
+ {% endif %} + +
+ +
+ +
+
+

+

Are you {{ haltName }}?

+

Making more than one account is not permitted.

+

If you lost your password please use the reset password form but if you don't already have an account you can go ahead and click the link below to show the registration form this check is based on your IP so in some cases someone may have registered/used the site on this IP already.

+

If we find out that you already have an account we may question you about it, if you can give a good reason we'll let it slide otherwise we may issue a temporary ban.

+
+ +
+
+
+ {% endif %} +{% endblock %}