flash/sakura
flash/sakura
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rip authenticate.php

Browse source
This commit is contained in:
flash 2016-03-19 16:29:47 +01:00
parent aabc983611
commit 9279173528
18 changed files with 256 additions and 537 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
libraries/ActionCode.php
View file

@ -78,7 +78,7 @@ class ActionCode
public static function invalidate($code)
{
DB::table('actioncodes')
->where('code_action', $code)
->where('action_code', $code)
->delete();
}
}

12
libraries/BBcodeDefinitions/User.php
View file

@ -9,6 +9,9 @@ namespace Sakura\BBcodeDefinitions;
use JBBCode\CodeDefinition;
use JBBCode\ElementNode;
use Sakura\Router;
use Sakura\User;
use Sakura\Utils;
/**
* Username BBcode for JBBCode.
@ -41,12 +44,13 @@ class User extends CodeDefinition
$content = "";
foreach ($el->getChildren() as $child) {
$content .= \Sakura\Utils::cleanString($child->getAsText(), true);
$content .= Utils::cleanString($child->getAsText(), true);
}
$user = \Sakura\User::construct($content);
$urls = new \Sakura\Urls();
$user = User::construct($content);
$profile = Router::route('user.profile', $user->id);
return '<a class="default username" href="' . $urls->format('USER_PROFILE', [$user->id]) . '" style="color: ' . $user->colour . '; text-shadow: 0 0 .3em ' . $user->colour . '; font-weight: bold;">' . $user->username . '</a>';
return "<a class='default username' href='{$profile} style='color: {$user->colour};
text-shadow: 0 0 .3em {$user->colour}; font-weight: bold;'>{$user->username}</a>";
}
}

176
libraries/Controllers/AuthController.php
View file

@ -428,4 +428,180 @@ class AuthController extends Controller
{
return Template::render('main/reactivate');
}
public function reactivatePost()
{
// Preliminarily set registration to failed
$success = 0;
$redirect = Router::route('auth.reactivate');
// Check if authentication is disallowed
if (Config::get('lock_authentication')) {
$message = "You can't request a reactivation at this time, sorry!";
Template::vars(['page' => compact('success', 'redirect', 'message')]);
return Template::render('global/information');
}
// Validate session
if (!isset($_POST['session']) || $_POST['session'] != session_id()) {
$message = "Your session expired, refreshing the page will most likely fix this!";
Template::vars(['page' => compact('success', 'redirect', 'message')]);
return Template::render('global/information');
}
// Grab forms
$username = isset($_POST['username']) ? Utils::cleanString($_POST['username'], true) : null;
$email = isset($_POST['email']) ? Utils::cleanString($_POST['email'], true) : null;
// Do database request
$getUser = DB::table('users')
->where('username_clean', $username)
->where('email', $email)
->get(['user_id']);
// Check if user exists
if (!$getUser) {
$message = "User not found! Double check your username and e-mail address!";
Template::vars(['page' => compact('success', 'redirect', 'message')]);
return Template::render('global/information');
}
// Create user object
$user = User::construct($getUser[0]->user_id);
// Check if a user is activated
if (!$user->permission(Site::DEACTIVATED)) {
$message = "Your account is already activated! Why are you here?";
Template::vars(['page' => compact('success', 'redirect', 'message')]);
return Template::render('global/information');
}
// Send activation e-mail to user
Users::sendActivationMail($user->id);
$success = 1;
$redirect = Router::route('auth.login');
$message = "Sent the e-mail! Make sure to check your spam folder as well!";
Template::vars(['page' => compact('success', 'redirect', 'message')]);
return Template::render('global/information');
}
public function resetPasswordGet()
{
return Template::render('main/resetpassword');
}
public function resetPasswordPost()
{
// Preliminarily set action to failed
$success = 0;
$redirect = Router::route('main.index');
// Check if authentication is disallowed
if (Config::get('lock_authentication')) {
$message = "You can't request a reactivation at this time, sorry!";
Template::vars(['page' => compact('success', 'redirect', 'message')]);
return Template::render('global/information');
}
// Validate session
if (!isset($_POST['session']) || $_POST['session'] != session_id()) {
$message = "Your session expired, refreshing the page will most likely fix this!";
Template::vars(['page' => compact('success', 'redirect', 'message')]);
return Template::render('global/information');
}
// Attempt to get the various required GET parameters
$userId = isset($_POST['user']) ? $_POST['user'] : 0;
$key = isset($_POST['key']) ? $_POST['key'] : "";
$password = isset($_POST['password']) ? $_POST['password'] : "";
$userName = isset($_POST['username']) ? Utils::cleanString($_POST['username'], true) : "";
$email = isset($_POST['email']) ? Utils::cleanString($_POST['email'], true) : null;
// Create user object
$user = User::construct($userId ? $userId : $userName);
// Quit if the user ID is 0
if ($user->id === 0 || ($email !== null ? $email !== $user->email : false)) {
$message = "This user does not exist! Contact us if you think this isn't right.";
Template::vars(['page' => compact('success', 'redirect', 'message')]);
return Template::render('global/information');
}
// Check if the user is active
if ($user->permission(Site::DEACTIVATED)) {
$message = "Your account is deactivated, go activate it first...";
Template::vars(['page' => compact('success', 'redirect', 'message')]);
return Template::render('global/information');
}
if ($key && $password) {
// Check password entropy
if (Utils::pwdEntropy($password) < Config::get('min_entropy')) {
$message = "Your password doesn't meet the strength requirements!";
Template::vars(['page' => compact('success', 'redirect', 'message')]);
return Template::render('global/information');
}
// Validate the activation key
$action = ActionCode::validate('LOST_PASS', $key, $user->id);
if (!$action) {
$message = "Invalid verification code! Contact us if you think this isn't right.";
Template::vars(['page' => compact('success', 'redirect', 'message')]);
return Template::render('global/information');
}
// Hash the password
$pw = Hashing::createHash($password);
// Update the user
DB::table('users')
->where('user_id', $user->id)
->update([
'password_hash' => $pw[3],
'password_salt' => $pw[2],
'password_algo' => $pw[0],
'password_iter' => $pw[1],
'password_chan' => time(),
]);
$success = 1;
$message = "Changed your password! You may now log in.";
$redirect = Router::route('auth.login');
} else {
// Send e-mail
Users::sendPasswordForgot($user->id, $user->email);
$success = 1;
$message = "Sent the e-mail, keep an eye on your spam folder as well!";
$redirect = Router::route('main.index');
}
Template::vars(['page' => compact('success', 'redirect', 'message')]);
return Template::render('global/information');
}
}

5
libraries/Controllers/ForumController.php
View file

@ -36,7 +36,10 @@ class ForumController extends Controller
Template::vars([
'forum' => (new Forum()),
'stats' => [
'userCount' => DB::table('users')->where('password_algo', '!=', 'disabled')->whereNotIn('rank_main', [1, 10])->count(),
'userCount' => DB::table('users')
->where('password_algo', '!=', 'disabled')
->whereNotIn('rank_main', [1, 10])
->count(),
'newestUser' => User::construct(Users::getNewestUserId()),
'lastRegDate' => date_diff(
date_create(date('Y-m-d', User::construct(Users::getNewestUserId())->registered)),

4
libraries/User.php
View file

@ -627,7 +627,7 @@ class User
->count();
// And the other user
$user = DB::table('friends')
$friend = DB::table('friends')
->where('user_id', $with)
->where('friend_id', $this->id)
->count();
@ -935,7 +935,7 @@ class User
return [0];
}
$getRecord[0] = $getRecord;
$getRecord = $getRecord[0];
// Check if the Tenshi hasn't expired
if ($getRecord->premium_expire < time()) {

218
libraries/Users.php
View file

@ -8,6 +8,7 @@
namespace Sakura;
use Sakura\Perms\Site;
use Sakura\Router;
/**
* User management
@ -101,211 +102,86 @@ class Users
/**
* Send password forgot e-mail
*
* @param string $username The username.
* @param string $userId The user id.
* @param string $email The e-mail.
*
* @return array The status.
*/
public static function sendPasswordForgot($username, $email)
public static function sendPasswordForgot($userId, $email)
{
// Check if authentication is disallowed
if (Config::get('lock_authentication')) {
return [0, 'AUTH_LOCKED'];
}
$user = User::construct($userId);
// Clean username string
$usernameClean = Utils::cleanString($username, true);
$emailClean = Utils::cleanString($email, true);
// Do database request
$user = DB::table('users')
->where('username_clean', $usernameClean)
->where(':email', $emailClean)
->get(['user_id']);
// Check if user exists
if (count($user) < 1) {
return [0, 'USER_NOT_EXIST'];
}
$userObj = User::construct($user[0]->user_id);
// Check if the user has the required privs to log in
if ($userObj->permission(Site::DEACTIVATED)) {
return [0, 'NOT_ALLOWED'];
if (!$user->id || $user->permission(Site::DEACTIVATED)) {
return;
}
// Generate the verification key
$verk = ActionCode::generate('LOST_PASS', $userObj->id);
$verk = ActionCode::generate('LOST_PASS', $user->id);
// Create new urls object
$urls = new Urls();
$siteName = Config::get('sitename');
$baseUrl = "http://" . Config::get('url_main');
$reactivateLink = Router::route('auth.resetpassword') . "?u={$user->id}&k={$verk}";
$signature = Config::get('mail_signature');
// Build the e-mail
$message = "Hello " . $user['username'] . ",\r\n\r\n";
$message .= "You are receiving this notification because you have (or someone pretending to be you has) requested a password reset link to be sent for your account on \"" . Config::get('sitename') . "\". If you did not request this notification then please ignore it, if you keep receiving it please contact the site administrator.\r\n\r\n";
$message .= "To use this password reset key you need to go to a special page. To do this click the link provided below.\r\n\r\n";
$message .= "http://" . Config::get('url_main') . $urls->format('SITE_FORGOT_PASSWORD') . "?pw=true&uid=" . $user['user_id'] . "&key=" . $verk . "\r\n\r\n";
$message .= "If successful you should be able to change your password here.\r\n\r\n";
$message .= "Alternatively if the above method fails for some reason you can go to http://" . Config::get('url_main') . $urls->format('SITE_FORGOT_PASSWORD') . "?pw=true&uid=" . $user['user_id'] . " and use the key listed below:\r\n\r\n";
$message .= "Verification key: " . $verk . "\r\n\r\n";
$message .= "You can of course change this password yourself via the profile page. If you have any difficulties please contact the site administrator.\r\n\r\n";
$message .= "--\r\n\r\nThanks\r\n\r\n" . Config::get('mail_signature');
$message = "Hello {$user->username},\r\n\r\n"
. "You are receiving this notification because you have (or someone pretending to be you has)"
. " requested a password reset link to be sent for your account on \"{$siteName}\"."
. " If you did not request this notification then please ignore it,"
. " if you keep receiving it please contact the site administrator.\r\n\r\n"
. "To use this password reset key you need to go to a special page."
. " To do this click the link provided below.\r\n\r\n"
. "{$baseUrl}{$reactivateLink}\r\n\r\n"
. "If successful you should be able to change your password here.\r\n\r\n"
. "You can of course change this password yourself via the settings page."
. " If you have any difficulties please contact the site administrator.\r\n\r\n"
. "--\r\n\r\nThanks\r\n\r\n{$signature}";
// Send the message
Utils::sendMail([$user['email'] => $user['username']], Config::get('sitename') . ' password restoration', $message);
// Return success
return [1, 'SUCCESS'];
}
/**
* Reset a password.
*
* @param string $verk The e-mail verification key.
* @param int $uid The user id.
* @param string $newpass New pass.
* @param string $verpass Again.
*
* @return array Status.
*/
public static function resetPassword($verk, $uid, $newpass, $verpass)
{
// Check if authentication is disallowed
if (Config::get('lock_authentication')) {
return [0, 'AUTH_LOCKED'];
}
// Check password entropy
if (Utils::pwdEntropy($newpass) < Config::get('min_entropy')) {
return [0, 'PASS_TOO_SHIT'];
}
// Passwords do not match
if ($newpass != $verpass) {
return [0, 'PASS_NOT_MATCH'];
}
// Check the verification key
$action = ActionCode::validate('LOST_PASS', $verk, $uid);
// Check if we got a negative return
if (!$action) {
return [0, 'INVALID_CODE'];
}
// Hash the password
$password = Hashing::createHash($newpass);
// Update the user
DB::table('users')
->where('user_id', $uid)
->update([
'password_hash' => $password[3],
'password_salt' => $password[2],
'password_algo' => $password[0],
'password_iter' => $password[1],
'password_chan' => time(),
]);
// Return success
return [1, 'SUCCESS'];
}
/**
* Resend activation e-mail.
*
* @param string $username Username.
* @param string $email E-mail.
*
* @return array Status
*/
public static function resendActivationMail($username, $email)
{
// Check if authentication is disallowed
if (Config::get('lock_authentication')) {
return [0, 'AUTH_LOCKED'];
}
// Clean username string
$usernameClean = Utils::cleanString($username, true);
$emailClean = Utils::cleanString($email, true);
// Do database request
$user = DB::table('users')
->where('username_clean', $usernameClean)
->where(':email', $emailClean)
->get(['user_id']);
// Check if user exists
if (count($user) < 1) {
return [0, 'USER_NOT_EXIST'];
}
$userObj = User::construct($user[0]->user_id);
// Check if a user is activated
if (!$userObj->permission(Site::DEACTIVATED)) {
return [0, 'USER_ALREADY_ACTIVE'];
}
// Send activation e-mail
self::sendActivationMail($userObj->id);
// Return success
return [1, 'SUCCESS'];
Utils::sendMail([$user->email => $user->username], "{$siteName} password restoration", $message);
}
/**
* Send activation e-mail.
*
* @param mixed $uid User ID.
* @param mixed $userId User ID.
* @param mixed $customKey Key.
*
* @return bool Always true.
*/
public static function sendActivationMail($uid, $customKey = null)
public static function sendActivationMail($userId, $customKey = null)
{
// Get the user data
$user = User::construct($uid);
$user = User::construct($userId);
// User is already activated or doesn't even exist
if (!$user->id || !$user->permission(Site::DEACTIVATED)) {
return false;
return;
}
// Generate activation key
$activate = ActionCode::generate('ACTIVATE', $user->id);
// Create new urls object
$urls = new Urls();
$siteName = Config::get('sitename');
$baseUrl = "http://" . Config::get('url_main');
$activateLink = Router::route('auth.activate') . "?u={$user->id}&k={$activate}";
$profileLink = Router::route('user.profile', $user->id);
$signature = Config::get('mail_signature');
// Build the e-mail
$message = "Welcome to " . Config::get('sitename') . "!\r\n\r\n";
$message .= "Please keep this e-mail for your records. Your account intormation is as follows:\r\n\r\n";
$message .= "----------------------------\r\n\r\n";
$message .= "Username: " . $user->username . "\r\n\r\n";
$message .= "Your profile: http://" . Config::get('url_main') . $urls->format('USER_PROFILE', [$user->id]) . "\r\n\r\n";
$message .= "----------------------------\r\n\r\n";
$message .= "Please visit the following link in order to activate your account:\r\n\r\n";
$message .= "http://" . Config::get('url_main') . $urls->format('SITE_ACTIVATE') . "?mode=activate&u=" . $user->id . "&k=" . $activate . "\r\n\r\n";
$message .= "Your password has been securely stored in our database and cannot be retrieved. ";
$message .= "In the event that it is forgotten, you will be able to reset it using the email address associated with your account.\r\n\r\n";
$message .= "Thank you for registering.\r\n\r\n";
$message .= "--\r\n\r\nThanks\r\n\r\n" . Config::get('mail_signature');
$message = "Welcome to {$siteName}!\r\n\r\n"
. "Please keep this e-mail for your records. Your account intormation is as follows:\r\n\r\n"
. "----------------------------\r\n\r\n"
. "Username: {$user->username}\r\n\r\n"
. "Your profile: {$baseUrl}{$profileLink}\r\n\r\n"
. "----------------------------\r\n\r\n"
. "Please visit the following link in order to activate your account:\r\n\r\n"
. "{$baseUrl}{$activateLink}\r\n\r\n"
. "Your password has been securely stored in our database and cannot be retrieved. "
. "In the event that it is forgotten,"
. " you will be able to reset it using the email address associated with your account.\r\n\r\n"
. "Thank you for registering.\r\n\r\n"
. "--\r\n\r\nThanks\r\n\r\n{$signature}";
// Send the message
Utils::sendMail(
[
$user->email => $user->username,
],
Config::get('sitename') . ' Activation Mail',
$message
);
// Return true indicating that the things have been sent
return true;
Utils::sendMail([$user->email => $user->username], "{$siteName} activation mail", $message);
}
/**

20
public/.htaccess
View file

@ -1,20 +0,0 @@
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

216
public/authenticate.php
View file

@ -1,216 +0,0 @@
<?php
/*
* Sakura Authentication Page
*/
// Declare Namespace
namespace Sakura;
// Include components
require_once str_replace(basename(__DIR__), '', dirname(__FILE__)) . 'sakura.php';
// Page actions
if (isset($_REQUEST['mode'])) {
// Continue
$continue = true;
// Make sure we're not in activate mode since adding a timestamp
// and accessing the PHP session id is kind of hard when you're in an e-mail client
if (!isset($_REQUEST['mode']) || $_REQUEST['mode'] != 'activate') {
// Compare time and session so we know the link isn't forged
if (!isset($_REQUEST['time']) || $_REQUEST['time'] < time() - 1000) {
$renderData['page'] = [
'redirect' => $urls->format('AUTH_ACTION'),
'message' => 'Timestamps differ too much, refresh the page and try again.',
'success' => 0,
];
// Prevent
$continue = false;
}
// Match session ids for the same reason
if (!isset($_REQUEST['session']) || $_REQUEST['session'] != session_id()) {
$renderData['page'] = [
'redirect' => $urls->format('AUTH_ACTION'),
'message' => 'Invalid session, please try again.',
'success' => 0,
];
// Prevent
$continue = false;
}
}
// Login check
if (Users::checkLogin()) {
if (!in_array($_REQUEST['mode'], ['logout'])) {
$continue = false;
// Add page specific things
$renderData['page'] = [
'redirect' => $urls->format('SITE_HOME'),
'message' => 'You are already authenticated. Redirecting...',
'success' => 1,
];
}
}
if ($continue) {
switch ($_REQUEST['mode']) {
case 'changepassword':
// Attempt change
$passforget = Users::resetPassword(
$_REQUEST['verk'],
$_REQUEST['uid'],
$_REQUEST['newpw'],
$_REQUEST['verpw']
);
// Array containing "human understandable" messages
$messages = [
'INVALID_VERK' => 'The verification key supplied was invalid!',
'INVALID_CODE' => 'Invalid verification key, if you think this is an error contact the administrator.',
'INVALID_USER' => 'The used verification key is not designated for this user.',
'VERK_TOO_SHIT' => 'Your verification code is too weak, try adding some special characters.',
'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.',
'PASS_NOT_MATCH' => 'Passwords do not match.',
'SUCCESS' => 'Successfully changed your password, you may now log in.',
];
// Add page specific things
$renderData['page'] = [
'redirect' => (
$passforget[0] ?
$urls->format('SITE_LOGIN') :
$_SERVER['PHP_SELF'] . '?pw=true&uid=' . $_REQUEST['uid'] . '&verk=' . $_REQUEST['verk']
),
'message' => $messages[$passforget[1]],
'success' => $passforget[0],
];
break;
// Resending the activation e-mail
case 'resendactivemail':
// Attempt send
$resend = Users::resendActivationMail($_REQUEST['username'], $_REQUEST['email']);
// Array containing "human understandable" messages
$messages = [
'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.',
'USER_NOT_EXIST' => 'The user you tried to activate does not exist (confirm the username/email combination).',
'USER_ALREADY_ACTIVE' => 'The user you tried to activate is already active.',
'SUCCESS' => 'The activation e-mail has been sent to the address associated with your account.',
];
// Add page specific things
$renderData['page'] = [
'redirect' => $urls->format('SITE_HOME'),
'message' => $messages[$resend[1]],
'success' => $resend[0],
];
break;
// Unforgetting passwords
case 'forgotpassword':
// Attempt send
$passforgot = Users::sendPasswordForgot($_REQUEST['username'], $_REQUEST['email']);
// Array containing "human understandable" messages
$messages = [
'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.',
'USER_NOT_EXIST' => 'The requested user does not exist (confirm the username/email combination).',
'NOT_ALLOWED' => 'Your account does not have the required permissions to change your password.',
'SUCCESS' => 'The password reset e-mail has been sent to the address associated with your account.',
];
// Add page specific things
$renderData['page'] = [
'redirect' => $urls->format('SITE_FORGOT_PASSWORD'),
'message' => $messages[$passforgot[1]],
'success' => $passforgot[0],
];
break;
case 'logout':
$renderData['page'] = [
'redirect' => Router::route('main.index'),
'message' => 'Wrong logout page.',
'success' => 0,
];
break;
case 'login':
$renderData['page'] = [
'redirect' => Router::route('auth.login'),
'message' => 'Wrong login page.',
'success' => 0,
];
break;
case 'register':
$renderData['page'] = [
'redirect' => Router::route('auth.register'),
'message' => 'Wrong registration page.',
'success' => 0,
];
break;
case 'activate':
$renderData['page'] = [
'redirect' => Router::route('auth.activate'),
'message' => 'Wrong activation page.',
'success' => 0,
];
break;
}
}
// Print page contents or if the AJAX request is set only display the render data
if (isset($_REQUEST['ajax'])) {
echo $renderData['page']['message'] . '|' .
$renderData['page']['success'] . '|' .
$renderData['page']['redirect'];
} else {
Template::vars($renderData);
echo Template::render('global/information');
}
exit;
}
// Add page specific things
$renderData['auth'] = [
'redirect' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('SITE_HOME'),
];
// Check if the user is already logged in
if (Users::checkLogin()) {
// Add page specific things
$renderData['page'] = [
'redirect' => $urls->format('SITE_HOME'),
'message' => 'You are already logged in, log out to access this page.',
];
Template::vars($renderData);
echo Template::render('global/information');
exit;
}
// If password forgot things are set display password forget thing
if (isset($_REQUEST['pw']) && $_REQUEST['pw']) {
$renderData['auth']['changingPass'] = true;
$renderData['auth']['userId'] = $_REQUEST['uid'];
if (isset($_REQUEST['key'])) {
$renderData['auth']['forgotKey'] = $_REQUEST['key'];
}
Template::vars($renderData);
echo Template::render('main/forgotpassword');
exit;
}
// Print page contents
Template::vars($renderData);
echo Template::render('main/authenticate');

9
public/settings.php
View file

@ -7,6 +7,7 @@
namespace Sakura;
use Sakura\Perms\Site;
use Sakura\Router;
// If this we're requesting notifications this page won't require templating
if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notifications']) {
@ -99,7 +100,7 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
exit;
} elseif (isset($_REQUEST['comment-action']) && $_REQUEST['comment-action']) {
// Referrer
$redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('SITE_INDEX'));
$redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : Router::route('main.index'));
// Continue
$continue = true;
@ -278,7 +279,7 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
$continue = true;
// Referrer
$redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('SITE_INDEX'));
$redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : Router::route('main.index'));
// Compare time and session so we know the link isn't forged
if (!isset($_REQUEST['add']) && !isset($_REQUEST['remove'])) {
@ -382,8 +383,8 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
sprintf($notifStrings[$action[1]][0], $user->username),
$notifStrings[$action[1]][1],
60000,
$urls->format('IMAGE_AVATAR', [$user->id]),
$urls->format('USER_PROFILE', [$user->id]),
Router::route('file.avatar', $user->id),
Router::route('user.profile', $user->id),
'1'
);
}

7
sakura.php
View file

@ -8,7 +8,7 @@
namespace Sakura;
// Define Sakura version
define('SAKURA_VERSION', '20160317');
define('SAKURA_VERSION', '20160319');
// Define Sakura Path
define('ROOT', __DIR__ . '/');
@ -51,11 +51,6 @@ spl_autoload_register(function ($className) {
require_once ROOT . $className . '.php';
});
// Include database extensions
foreach (glob(ROOT . 'libraries/DBWrapper/*.php') as $driver) {
require_once $driver;
}
// Set Error handler
set_error_handler(['Sakura\Utils', 'errorHandler']);

2
templates/yuuno/elements/indexPanel.twig
View file

@ -18,7 +18,7 @@
<div class="head">Welcome!</div>
Welcome to Flashii! This is a site for a bunch of friends to hang out, nothing special. Anyone is pretty much welcome to register so why not have a go?
<div class="indexSidePanelLinks">
<a class="fa fa-magic" href="{{ urls.format('SITE_REGISTER') }}" title="Register" id="indexSidePanelRegister"></a>
<a class="fa fa-magic" href="{{ route('auth.register') }}" title="Register" id="indexSidePanelRegister"></a>
<a class="fa fa-sign-in" href="{{ route('auth.login') }}" title="Login" id="indexSidePanelLogin"></a>
</div>
{% endif %}

6
templates/yuuno/forum/forumEntry.twig
View file

@ -9,7 +9,7 @@
<div class="subforums">
Subforums:
{% for forum in forum.forums %}
{% if forum.unread(user.id) %}<span style="font-variant: small-caps; color: #6C5D7B; text-shadow: 0px 0px 5px #9475B2;">[!]</span>{% endif %} <a href="{% if forum.type == 2 %}{{ forum.link }}{% else %}{{ urls.format('FORUM_SUB', [forum.id]) }}{% endif %}" class="default">{{ forum.name }}</a>
{% if forum.unread(user.id) %}<span style="font-variant: small-caps; color: #6C5D7B; text-shadow: 0px 0px 5px #9475B2;">[!]</span>{% endif %} <a href="{% if forum.type == 2 %}{{ forum.link }}{% else %}{{ route('forums.forum', forum.id) }}{% endif %}" class="default">{{ forum.name }}</a>
{% endfor %}
</div>
{% endif %}
@ -23,8 +23,8 @@
<div class="forumLastPost">
<div>
{% if forum.lastPost.id %}
<a href="{{ urls.format('FORUM_THREAD', [forum.lastPost.thread]) }}" class="default">{{ forum.lastPost.subject|slice(0, 30) }}{% if forum.lastPost.subject|length > 30 %}...{% endif %}</a><br />
<time>{{ forum.lastPost.time|date(sakura.dateFormat) }}</time> by {% if forum.lastPost.poster.id %}<a href="{{ urls.format('USER_PROFILE', [forum.lastPost.poster.id]) }}" class="default" style="color: {{ forum.lastPost.poster.colour }}; text-shadow: 0 0 5px {% if forumlastPost.poster.colour != 'inherit' %}{{ forum.lastPost.poster.colour }}{% else %}#222{% endif %};">{{ forum.lastPost.poster.username }}</a>{% else %}[deleted user]{% endif %} <a href="{{ urls.format('FORUM_POST', [forum.lastPost.id]) }}#p{{ forum.lastPost.id }}" class="default fa fa-tag"></a>
<a href="{{ route('forums.thread', forum.lastPost.thread) }}" class="default">{{ forum.lastPost.subject|slice(0, 30) }}{% if forum.lastPost.subject|length > 30 %}...{% endif %}</a><br />
<time>{{ forum.lastPost.time|date(sakura.dateFormat) }}</time> by {% if forum.lastPost.poster.id %}<a href="{{ route('user.profile', forum.lastPost.poster.id) }}" class="default" style="color: {{ forum.lastPost.poster.colour }}; text-shadow: 0 0 5px {% if forumlastPost.poster.colour != 'inherit' %}{{ forum.lastPost.poster.colour }}{% else %}#222{% endif %};">{{ forum.lastPost.poster.username }}</a>{% else %}[deleted user]{% endif %} <a href="{{ urls.format('FORUM_POST', [forum.lastPost.id]) }}#p{{ forum.lastPost.id }}" class="default fa fa-tag"></a>
{% else %}
There are no posts in this forum.<br />&nbsp;
{% endif %}

70
templates/yuuno/main/authenticate.twig
View file

@ -1,70 +0,0 @@
{% extends 'global/master.twig' %}
{% block title %}Authentication{% endblock %}
{% block content %}
{% if sakura.lockAuth %}
<h1 class="stylised" style="line-height: 1.8em; text-align: center;">Authentication is currently disallowed, try again later.</h1>
{% else %}
<div class="loginPage">
<div class="passwordForm">
<div class="head">
Lost Password
</div>
<form method="post" action="{{ urls.format('AUTH_ACTION') }}" id="passwordForm">
<input type="hidden" name="mode" value="forgotpassword" />
<input type="hidden" name="session" value="{{ php.sessionid }}" />
<input type="hidden" name="time" value="{{ php.time }}" />
<div class="leftAlign">
<label for="forgotUserName">Username:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="text" id="forgotUserName" name="username" />
</div>
<div class="leftAlign">
<label for="forgotEmail">E-mail:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="text" id="forgotEmail" name="email" />
</div>
<div class="centreAlign">
<input class="inputStyling" type="submit" name="submit" value="Request Password" id="requestPassBtn" />
</div>
<div class="subLinks centreAlign">
Contact us if you lost access to your e-mail address!
</div>
</form>
</div>
{% if sakura.requireActivation %}
<div class="resendForm">
<div class="head">
Resend Activation E-mail
</div>
<form method="post" action="{{ urls.format('AUTH_ACTION') }}" id="resendForm">
<input type="hidden" name="mode" value="resendactivemail" />
<input type="hidden" name="session" value="{{ php.sessionid }}" />
<input type="hidden" name="time" value="{{ php.time }}" />
<div class="leftAlign">
<label for="activeUserName">Username:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="text" id="activeUserName" name="username" />
</div>
<div class="leftAlign">
<label for="activeEmail">E-mail:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="text" id="activeEmail" name="email" />
</div>
<div class="centreAlign">
<input class="inputStyling" type="submit" name="submit" value="Request Activation" id="requestActiveBtn" />
</div>
<div class="subLinks centreAlign">
Read the footnote on the Lost Password form.
</div>
</form>
</div>
{% endif %}
</div>
{% endif %}
{% endblock %}

30
templates/yuuno/main/forgotpassword.twig
View file

@ -1,30 +0,0 @@
{% extends 'global/master.twig' %}
{% block title %}Forgot Password{% endblock %}
{% block content %}
<div class="content news settings">
<div class="head">Forgot Password</div>
<form method="post" action="{{ urls.format('AUTH_ACTION') }}" id="passwordForm">
<input type="hidden" name="session" value="{{ php.sessionid }}" />
<input type="hidden" name="time" value="{{ php.time }}" />
<input type="hidden" name="uid" value="{{ auth.userId }}" />
<input type="hidden" name="mode" value="changepassword" />
<div class="profile-field{% if auth.forgotKey %} hidden{% endif %}">
<div><h2>Verification Key</h2></div>
<div style="text-align: center;"><input type="text" name="verk" placeholder="The key that was sent to you in the e-mail" class="inputStyling"{% if auth.forgotKey %} value="{{ auth.forgotKey }}"{% endif %} /></div>
</div>
<div class="profile-field">
<div><h2>New Password</h2></div>
<div style="text-align: center;"><input type="password" name="newpw" placeholder="Your new password, using special characters is recommended" class="inputStyling" /></div>
</div>
<div class="profile-field">
<div><h2>Verify Password</h2></div>
<div style="text-align: center;"><input type="password" name="verpw" placeholder="Your new password again to make sure you didn't typo anything" class="inputStyling" /></div>
</div>
<div class="profile-save">
<input type="submit" value="Save" name="submit" class="inputStyling" /> <input type="reset" value="Reset" name="reset" class="inputStyling" />
</div>
</form>
</div>
{% endblock %}

2
templates/yuuno/main/news.twig
View file

@ -7,7 +7,7 @@
{% set comments = newsPosts[0].news_comments.comments %}
{% else %}
{% set paginationPages = news.posts|batch(postsPerPage) %}
{% set paginationUrl %}{{ urls.format('SITE_NEWS') }}{% endset %}
{% set paginationUrl %}{{ route('news.index') }}{% endset %}
{% endif %}
{% set title %}

2
templates/yuuno/settings/account.ranks.twig
View file

@ -3,7 +3,7 @@
{% for rank in user.ranks %}
<tr {% if rank.id == user.mainRankId %} class="current-session" {% endif %}>
<td style="font-weight: bold; color: {{ rank.colour }}; text-shadow: 0 0 7px {{ rank.colour }}; text-align: left;">
<a href="{{ urls.format('MEMBERLIST_RANK', [rank.id]) }}" class="clean">{{ rank.name }}</a>
<a href="{{ route('members.rank', rank.id) }}" class="clean">{{ rank.name }}</a>
</td>
<td style="width: 90px;">
<form method="post" action="{{ sakura.currentPage }}">

6
templates/yuuno/settings/friends.listing.twig
View file

@ -27,11 +27,11 @@ window.addEventListener("load", function() {
<div class="friends-list">
{% for friend in friends[get.page|default(1) - 1] %}
<div class="friend-container" id="friendslist-friend-{{ friend.id }}">
<a class="friends-list-data clean" href="{{ urls.format('USER_PROFILE', [friend.id]) }}">
<img src="/a/{{ friend.id }}" alt="{{ friend.username }}" class="friends-list-avatar default-avatar-setting" style="width: 150px; height: 150px;" />
<a class="friends-list-data clean" href="{{ route('user.profile', friend.id) }}">
<img src="{{ route('file.avatar', friend.id) }}" alt="{{ friend.username }}" class="friends-list-avatar default-avatar-setting" style="width: 150px; height: 150px;" />
<div class="friends-list-name" style="color: {{ friend.colour }};">{{ friend.username }}</div>
</a>
<div class="friends-list-actions">
<div class="friends-list-actions"><!-- urls -->
<a class="remove fill fa fa-remove" title="Remove friend" href="/friends?remove={{ friend.id }}&amp;session={{ php.sessionid }}&amp;time={{ php.time }}" id="friendslist-friend-action-remove-{{ friend.id }}"></a>
<div class="clear"></div>
</div>

6
templates/yuuno/settings/friends.requests.twig
View file

@ -27,11 +27,11 @@ window.addEventListener("load", function() {
<div class="friends-list">
{% for friend in friends[get.page|default(1) - 1] %}
<div class="friend-container" id="friend-{{ friend.id }}">
<a class="friends-list-data clean" href="{{ urls.format('USER_PROFILE', [friend.id]) }}">
<img src="/a/{{ friend.id }}" alt="{{ friend.username }}" class="friends-list-avatar default-avatar-setting" style="width: 150px; height: 150px;" />
<a class="friends-list-data clean" href="{{ route('user.profile', friend.id) }}">
<img src="{{ route('file.avatar', friend.id) }}" alt="{{ friend.username }}" class="friends-list-avatar default-avatar-setting" style="width: 150px; height: 150px;" />
<div class="friends-list-name" style="color: {{ friend.colour }};">{{ friend.username }}</div>
</a>
<div class="friends-list-actions">
<div class="friends-list-actions"><!-- urls -->
<a class="add fa fa-check" title="Add friend" href="/friends?add={{ friend.id }}&amp;session={{ php.sessionid }}&amp;time={{ php.time }}" id="friendslist-friend-action-add-{{ friend.id }}"></a>
<a class="remove fa fa-remove" title="Remove friend" href="/friends?remove={{ friend.id }}&amp;session={{ php.sessionid }}&amp;time={{ php.time }}" id="friendslist-friend-action-remove-{{ friend.id }}"></a>
<div class="clear"></div>