diff --git a/libraries/ActionCode.php b/libraries/ActionCode.php
index d028406..6fa0c68 100644
--- a/libraries/ActionCode.php
+++ b/libraries/ActionCode.php
@@ -78,7 +78,7 @@ class ActionCode
public static function invalidate($code)
{
DB::table('actioncodes')
- ->where('code_action', $code)
+ ->where('action_code', $code)
->delete();
}
}
diff --git a/libraries/BBcodeDefinitions/User.php b/libraries/BBcodeDefinitions/User.php
index 4195488..68a2862 100644
--- a/libraries/BBcodeDefinitions/User.php
+++ b/libraries/BBcodeDefinitions/User.php
@@ -9,6 +9,9 @@ namespace Sakura\BBcodeDefinitions;
use JBBCode\CodeDefinition;
use JBBCode\ElementNode;
+use Sakura\Router;
+use Sakura\User;
+use Sakura\Utils;
/**
* Username BBcode for JBBCode.
@@ -41,12 +44,13 @@ class User extends CodeDefinition
$content = "";
foreach ($el->getChildren() as $child) {
- $content .= \Sakura\Utils::cleanString($child->getAsText(), true);
+ $content .= Utils::cleanString($child->getAsText(), true);
}
- $user = \Sakura\User::construct($content);
- $urls = new \Sakura\Urls();
+ $user = User::construct($content);
+ $profile = Router::route('user.profile', $user->id);
- return '' . $user->username . '';
+ return "colour};
+ text-shadow: 0 0 .3em {$user->colour}; font-weight: bold;'>{$user->username}";
}
}
diff --git a/libraries/Controllers/AuthController.php b/libraries/Controllers/AuthController.php
index f222235..5fe9703 100644
--- a/libraries/Controllers/AuthController.php
+++ b/libraries/Controllers/AuthController.php
@@ -428,4 +428,180 @@ class AuthController extends Controller
{
return Template::render('main/reactivate');
}
+
+ public function reactivatePost()
+ {
+ // Preliminarily set registration to failed
+ $success = 0;
+ $redirect = Router::route('auth.reactivate');
+
+ // Check if authentication is disallowed
+ if (Config::get('lock_authentication')) {
+ $message = "You can't request a reactivation at this time, sorry!";
+
+ Template::vars(['page' => compact('success', 'redirect', 'message')]);
+
+ return Template::render('global/information');
+ }
+
+ // Validate session
+ if (!isset($_POST['session']) || $_POST['session'] != session_id()) {
+ $message = "Your session expired, refreshing the page will most likely fix this!";
+
+ Template::vars(['page' => compact('success', 'redirect', 'message')]);
+
+ return Template::render('global/information');
+ }
+
+ // Grab forms
+ $username = isset($_POST['username']) ? Utils::cleanString($_POST['username'], true) : null;
+ $email = isset($_POST['email']) ? Utils::cleanString($_POST['email'], true) : null;
+
+ // Do database request
+ $getUser = DB::table('users')
+ ->where('username_clean', $username)
+ ->where('email', $email)
+ ->get(['user_id']);
+
+ // Check if user exists
+ if (!$getUser) {
+ $message = "User not found! Double check your username and e-mail address!";
+
+ Template::vars(['page' => compact('success', 'redirect', 'message')]);
+
+ return Template::render('global/information');
+ }
+
+ // Create user object
+ $user = User::construct($getUser[0]->user_id);
+
+ // Check if a user is activated
+ if (!$user->permission(Site::DEACTIVATED)) {
+ $message = "Your account is already activated! Why are you here?";
+
+ Template::vars(['page' => compact('success', 'redirect', 'message')]);
+
+ return Template::render('global/information');
+ }
+
+ // Send activation e-mail to user
+ Users::sendActivationMail($user->id);
+
+ $success = 1;
+ $redirect = Router::route('auth.login');
+ $message = "Sent the e-mail! Make sure to check your spam folder as well!";
+
+ Template::vars(['page' => compact('success', 'redirect', 'message')]);
+
+ return Template::render('global/information');
+ }
+
+ public function resetPasswordGet()
+ {
+ return Template::render('main/resetpassword');
+ }
+
+ public function resetPasswordPost()
+ {
+ // Preliminarily set action to failed
+ $success = 0;
+ $redirect = Router::route('main.index');
+
+ // Check if authentication is disallowed
+ if (Config::get('lock_authentication')) {
+ $message = "You can't request a reactivation at this time, sorry!";
+
+ Template::vars(['page' => compact('success', 'redirect', 'message')]);
+
+ return Template::render('global/information');
+ }
+
+ // Validate session
+ if (!isset($_POST['session']) || $_POST['session'] != session_id()) {
+ $message = "Your session expired, refreshing the page will most likely fix this!";
+
+ Template::vars(['page' => compact('success', 'redirect', 'message')]);
+
+ return Template::render('global/information');
+ }
+
+ // Attempt to get the various required GET parameters
+ $userId = isset($_POST['user']) ? $_POST['user'] : 0;
+ $key = isset($_POST['key']) ? $_POST['key'] : "";
+ $password = isset($_POST['password']) ? $_POST['password'] : "";
+ $userName = isset($_POST['username']) ? Utils::cleanString($_POST['username'], true) : "";
+ $email = isset($_POST['email']) ? Utils::cleanString($_POST['email'], true) : null;
+
+ // Create user object
+ $user = User::construct($userId ? $userId : $userName);
+
+ // Quit if the user ID is 0
+ if ($user->id === 0 || ($email !== null ? $email !== $user->email : false)) {
+ $message = "This user does not exist! Contact us if you think this isn't right.";
+
+ Template::vars(['page' => compact('success', 'redirect', 'message')]);
+
+ return Template::render('global/information');
+ }
+
+ // Check if the user is active
+ if ($user->permission(Site::DEACTIVATED)) {
+ $message = "Your account is deactivated, go activate it first...";
+
+ Template::vars(['page' => compact('success', 'redirect', 'message')]);
+
+ return Template::render('global/information');
+ }
+
+ if ($key && $password) {
+ // Check password entropy
+ if (Utils::pwdEntropy($password) < Config::get('min_entropy')) {
+ $message = "Your password doesn't meet the strength requirements!";
+
+ Template::vars(['page' => compact('success', 'redirect', 'message')]);
+
+ return Template::render('global/information');
+ }
+
+ // Validate the activation key
+ $action = ActionCode::validate('LOST_PASS', $key, $user->id);
+
+ if (!$action) {
+ $message = "Invalid verification code! Contact us if you think this isn't right.";
+
+ Template::vars(['page' => compact('success', 'redirect', 'message')]);
+
+ return Template::render('global/information');
+ }
+
+ // Hash the password
+ $pw = Hashing::createHash($password);
+
+ // Update the user
+ DB::table('users')
+ ->where('user_id', $user->id)
+ ->update([
+ 'password_hash' => $pw[3],
+ 'password_salt' => $pw[2],
+ 'password_algo' => $pw[0],
+ 'password_iter' => $pw[1],
+ 'password_chan' => time(),
+ ]);
+
+ $success = 1;
+ $message = "Changed your password! You may now log in.";
+ $redirect = Router::route('auth.login');
+ } else {
+ // Send e-mail
+ Users::sendPasswordForgot($user->id, $user->email);
+
+ $success = 1;
+ $message = "Sent the e-mail, keep an eye on your spam folder as well!";
+ $redirect = Router::route('main.index');
+ }
+
+ Template::vars(['page' => compact('success', 'redirect', 'message')]);
+
+ return Template::render('global/information');
+ }
}
diff --git a/libraries/Controllers/ForumController.php b/libraries/Controllers/ForumController.php
index 963a556..df622ca 100644
--- a/libraries/Controllers/ForumController.php
+++ b/libraries/Controllers/ForumController.php
@@ -36,7 +36,10 @@ class ForumController extends Controller
Template::vars([
'forum' => (new Forum()),
'stats' => [
- 'userCount' => DB::table('users')->where('password_algo', '!=', 'disabled')->whereNotIn('rank_main', [1, 10])->count(),
+ 'userCount' => DB::table('users')
+ ->where('password_algo', '!=', 'disabled')
+ ->whereNotIn('rank_main', [1, 10])
+ ->count(),
'newestUser' => User::construct(Users::getNewestUserId()),
'lastRegDate' => date_diff(
date_create(date('Y-m-d', User::construct(Users::getNewestUserId())->registered)),
diff --git a/libraries/User.php b/libraries/User.php
index 4ca423c..9ece53a 100644
--- a/libraries/User.php
+++ b/libraries/User.php
@@ -627,7 +627,7 @@ class User
->count();
// And the other user
- $user = DB::table('friends')
+ $friend = DB::table('friends')
->where('user_id', $with)
->where('friend_id', $this->id)
->count();
@@ -935,7 +935,7 @@ class User
return [0];
}
- $getRecord[0] = $getRecord;
+ $getRecord = $getRecord[0];
// Check if the Tenshi hasn't expired
if ($getRecord->premium_expire < time()) {
diff --git a/libraries/Users.php b/libraries/Users.php
index 5b32f10..b006698 100644
--- a/libraries/Users.php
+++ b/libraries/Users.php
@@ -8,6 +8,7 @@
namespace Sakura;
use Sakura\Perms\Site;
+use Sakura\Router;
/**
* User management
@@ -101,211 +102,86 @@ class Users
/**
* Send password forgot e-mail
*
- * @param string $username The username.
+ * @param string $userId The user id.
* @param string $email The e-mail.
- *
- * @return array The status.
*/
- public static function sendPasswordForgot($username, $email)
+ public static function sendPasswordForgot($userId, $email)
{
- // Check if authentication is disallowed
- if (Config::get('lock_authentication')) {
- return [0, 'AUTH_LOCKED'];
- }
+ $user = User::construct($userId);
- // Clean username string
- $usernameClean = Utils::cleanString($username, true);
- $emailClean = Utils::cleanString($email, true);
-
- // Do database request
- $user = DB::table('users')
- ->where('username_clean', $usernameClean)
- ->where(':email', $emailClean)
- ->get(['user_id']);
-
- // Check if user exists
- if (count($user) < 1) {
- return [0, 'USER_NOT_EXIST'];
- }
-
- $userObj = User::construct($user[0]->user_id);
-
- // Check if the user has the required privs to log in
- if ($userObj->permission(Site::DEACTIVATED)) {
- return [0, 'NOT_ALLOWED'];
+ if (!$user->id || $user->permission(Site::DEACTIVATED)) {
+ return;
}
// Generate the verification key
- $verk = ActionCode::generate('LOST_PASS', $userObj->id);
+ $verk = ActionCode::generate('LOST_PASS', $user->id);
- // Create new urls object
- $urls = new Urls();
+ $siteName = Config::get('sitename');
+ $baseUrl = "http://" . Config::get('url_main');
+ $reactivateLink = Router::route('auth.resetpassword') . "?u={$user->id}&k={$verk}";
+ $signature = Config::get('mail_signature');
// Build the e-mail
- $message = "Hello " . $user['username'] . ",\r\n\r\n";
- $message .= "You are receiving this notification because you have (or someone pretending to be you has) requested a password reset link to be sent for your account on \"" . Config::get('sitename') . "\". If you did not request this notification then please ignore it, if you keep receiving it please contact the site administrator.\r\n\r\n";
- $message .= "To use this password reset key you need to go to a special page. To do this click the link provided below.\r\n\r\n";
- $message .= "http://" . Config::get('url_main') . $urls->format('SITE_FORGOT_PASSWORD') . "?pw=true&uid=" . $user['user_id'] . "&key=" . $verk . "\r\n\r\n";
- $message .= "If successful you should be able to change your password here.\r\n\r\n";
- $message .= "Alternatively if the above method fails for some reason you can go to http://" . Config::get('url_main') . $urls->format('SITE_FORGOT_PASSWORD') . "?pw=true&uid=" . $user['user_id'] . " and use the key listed below:\r\n\r\n";
- $message .= "Verification key: " . $verk . "\r\n\r\n";
- $message .= "You can of course change this password yourself via the profile page. If you have any difficulties please contact the site administrator.\r\n\r\n";
- $message .= "--\r\n\r\nThanks\r\n\r\n" . Config::get('mail_signature');
+ $message = "Hello {$user->username},\r\n\r\n"
+ . "You are receiving this notification because you have (or someone pretending to be you has)"
+ . " requested a password reset link to be sent for your account on \"{$siteName}\"."
+ . " If you did not request this notification then please ignore it,"
+ . " if you keep receiving it please contact the site administrator.\r\n\r\n"
+ . "To use this password reset key you need to go to a special page."
+ . " To do this click the link provided below.\r\n\r\n"
+ . "{$baseUrl}{$reactivateLink}\r\n\r\n"
+ . "If successful you should be able to change your password here.\r\n\r\n"
+ . "You can of course change this password yourself via the settings page."
+ . " If you have any difficulties please contact the site administrator.\r\n\r\n"
+ . "--\r\n\r\nThanks\r\n\r\n{$signature}";
// Send the message
- Utils::sendMail([$user['email'] => $user['username']], Config::get('sitename') . ' password restoration', $message);
-
- // Return success
- return [1, 'SUCCESS'];
- }
-
- /**
- * Reset a password.
- *
- * @param string $verk The e-mail verification key.
- * @param int $uid The user id.
- * @param string $newpass New pass.
- * @param string $verpass Again.
- *
- * @return array Status.
- */
- public static function resetPassword($verk, $uid, $newpass, $verpass)
- {
- // Check if authentication is disallowed
- if (Config::get('lock_authentication')) {
- return [0, 'AUTH_LOCKED'];
- }
-
- // Check password entropy
- if (Utils::pwdEntropy($newpass) < Config::get('min_entropy')) {
- return [0, 'PASS_TOO_SHIT'];
- }
-
- // Passwords do not match
- if ($newpass != $verpass) {
- return [0, 'PASS_NOT_MATCH'];
- }
-
- // Check the verification key
- $action = ActionCode::validate('LOST_PASS', $verk, $uid);
-
- // Check if we got a negative return
- if (!$action) {
- return [0, 'INVALID_CODE'];
- }
-
- // Hash the password
- $password = Hashing::createHash($newpass);
-
- // Update the user
- DB::table('users')
- ->where('user_id', $uid)
- ->update([
- 'password_hash' => $password[3],
- 'password_salt' => $password[2],
- 'password_algo' => $password[0],
- 'password_iter' => $password[1],
- 'password_chan' => time(),
- ]);
-
- // Return success
- return [1, 'SUCCESS'];
- }
-
- /**
- * Resend activation e-mail.
- *
- * @param string $username Username.
- * @param string $email E-mail.
- *
- * @return array Status
- */
- public static function resendActivationMail($username, $email)
- {
- // Check if authentication is disallowed
- if (Config::get('lock_authentication')) {
- return [0, 'AUTH_LOCKED'];
- }
-
- // Clean username string
- $usernameClean = Utils::cleanString($username, true);
- $emailClean = Utils::cleanString($email, true);
-
- // Do database request
- $user = DB::table('users')
- ->where('username_clean', $usernameClean)
- ->where(':email', $emailClean)
- ->get(['user_id']);
-
- // Check if user exists
- if (count($user) < 1) {
- return [0, 'USER_NOT_EXIST'];
- }
-
- $userObj = User::construct($user[0]->user_id);
-
- // Check if a user is activated
- if (!$userObj->permission(Site::DEACTIVATED)) {
- return [0, 'USER_ALREADY_ACTIVE'];
- }
-
- // Send activation e-mail
- self::sendActivationMail($userObj->id);
-
- // Return success
- return [1, 'SUCCESS'];
+ Utils::sendMail([$user->email => $user->username], "{$siteName} password restoration", $message);
}
/**
* Send activation e-mail.
*
- * @param mixed $uid User ID.
+ * @param mixed $userId User ID.
* @param mixed $customKey Key.
- *
- * @return bool Always true.
*/
- public static function sendActivationMail($uid, $customKey = null)
+ public static function sendActivationMail($userId, $customKey = null)
{
// Get the user data
- $user = User::construct($uid);
+ $user = User::construct($userId);
// User is already activated or doesn't even exist
if (!$user->id || !$user->permission(Site::DEACTIVATED)) {
- return false;
+ return;
}
// Generate activation key
$activate = ActionCode::generate('ACTIVATE', $user->id);
- // Create new urls object
- $urls = new Urls();
+ $siteName = Config::get('sitename');
+ $baseUrl = "http://" . Config::get('url_main');
+ $activateLink = Router::route('auth.activate') . "?u={$user->id}&k={$activate}";
+ $profileLink = Router::route('user.profile', $user->id);
+ $signature = Config::get('mail_signature');
// Build the e-mail
- $message = "Welcome to " . Config::get('sitename') . "!\r\n\r\n";
- $message .= "Please keep this e-mail for your records. Your account intormation is as follows:\r\n\r\n";
- $message .= "----------------------------\r\n\r\n";
- $message .= "Username: " . $user->username . "\r\n\r\n";
- $message .= "Your profile: http://" . Config::get('url_main') . $urls->format('USER_PROFILE', [$user->id]) . "\r\n\r\n";
- $message .= "----------------------------\r\n\r\n";
- $message .= "Please visit the following link in order to activate your account:\r\n\r\n";
- $message .= "http://" . Config::get('url_main') . $urls->format('SITE_ACTIVATE') . "?mode=activate&u=" . $user->id . "&k=" . $activate . "\r\n\r\n";
- $message .= "Your password has been securely stored in our database and cannot be retrieved. ";
- $message .= "In the event that it is forgotten, you will be able to reset it using the email address associated with your account.\r\n\r\n";
- $message .= "Thank you for registering.\r\n\r\n";
- $message .= "--\r\n\r\nThanks\r\n\r\n" . Config::get('mail_signature');
+ $message = "Welcome to {$siteName}!\r\n\r\n"
+ . "Please keep this e-mail for your records. Your account intormation is as follows:\r\n\r\n"
+ . "----------------------------\r\n\r\n"
+ . "Username: {$user->username}\r\n\r\n"
+ . "Your profile: {$baseUrl}{$profileLink}\r\n\r\n"
+ . "----------------------------\r\n\r\n"
+ . "Please visit the following link in order to activate your account:\r\n\r\n"
+ . "{$baseUrl}{$activateLink}\r\n\r\n"
+ . "Your password has been securely stored in our database and cannot be retrieved. "
+ . "In the event that it is forgotten,"
+ . " you will be able to reset it using the email address associated with your account.\r\n\r\n"
+ . "Thank you for registering.\r\n\r\n"
+ . "--\r\n\r\nThanks\r\n\r\n{$signature}";
// Send the message
- Utils::sendMail(
- [
- $user->email => $user->username,
- ],
- Config::get('sitename') . ' Activation Mail',
- $message
- );
-
- // Return true indicating that the things have been sent
- return true;
+ Utils::sendMail([$user->email => $user->username], "{$siteName} activation mail", $message);
}
/**
diff --git a/public/.htaccess b/public/.htaccess
deleted file mode 100644
index 903f639..0000000
--- a/public/.htaccess
+++ /dev/null
@@ -1,20 +0,0 @@
-