From 9279173528e6f86daa17b3ea579fcc16e0689dab Mon Sep 17 00:00:00 2001 From: flashwave Date: Sat, 19 Mar 2016 16:29:47 +0100 Subject: [PATCH] rip authenticate.php --- libraries/ActionCode.php | 2 +- libraries/BBcodeDefinitions/User.php | 12 +- libraries/Controllers/AuthController.php | 176 ++++++++++++++ libraries/Controllers/ForumController.php | 5 +- libraries/User.php | 4 +- libraries/Users.php | 218 ++++-------------- public/.htaccess | 20 -- public/authenticate.php | 216 ----------------- public/settings.php | 9 +- sakura.php | 7 +- templates/yuuno/elements/indexPanel.twig | 2 +- templates/yuuno/forum/forumEntry.twig | 6 +- templates/yuuno/main/authenticate.twig | 70 ------ templates/yuuno/main/forgotpassword.twig | 30 --- templates/yuuno/main/news.twig | 2 +- templates/yuuno/settings/account.ranks.twig | 2 +- templates/yuuno/settings/friends.listing.twig | 6 +- .../yuuno/settings/friends.requests.twig | 6 +- 18 files changed, 256 insertions(+), 537 deletions(-) delete mode 100644 public/.htaccess delete mode 100644 public/authenticate.php delete mode 100644 templates/yuuno/main/authenticate.twig delete mode 100644 templates/yuuno/main/forgotpassword.twig diff --git a/libraries/ActionCode.php b/libraries/ActionCode.php index d028406..6fa0c68 100644 --- a/libraries/ActionCode.php +++ b/libraries/ActionCode.php @@ -78,7 +78,7 @@ class ActionCode public static function invalidate($code) { DB::table('actioncodes') - ->where('code_action', $code) + ->where('action_code', $code) ->delete(); } } diff --git a/libraries/BBcodeDefinitions/User.php b/libraries/BBcodeDefinitions/User.php index 4195488..68a2862 100644 --- a/libraries/BBcodeDefinitions/User.php +++ b/libraries/BBcodeDefinitions/User.php @@ -9,6 +9,9 @@ namespace Sakura\BBcodeDefinitions; use JBBCode\CodeDefinition; use JBBCode\ElementNode; +use Sakura\Router; +use Sakura\User; +use Sakura\Utils; /** * Username BBcode for JBBCode. @@ -41,12 +44,13 @@ class User extends CodeDefinition $content = ""; foreach ($el->getChildren() as $child) { - $content .= \Sakura\Utils::cleanString($child->getAsText(), true); + $content .= Utils::cleanString($child->getAsText(), true); } - $user = \Sakura\User::construct($content); - $urls = new \Sakura\Urls(); + $user = User::construct($content); + $profile = Router::route('user.profile', $user->id); - return '' . $user->username . ''; + return "colour}; + text-shadow: 0 0 .3em {$user->colour}; font-weight: bold;'>{$user->username}"; } } diff --git a/libraries/Controllers/AuthController.php b/libraries/Controllers/AuthController.php index f222235..5fe9703 100644 --- a/libraries/Controllers/AuthController.php +++ b/libraries/Controllers/AuthController.php @@ -428,4 +428,180 @@ class AuthController extends Controller { return Template::render('main/reactivate'); } + + public function reactivatePost() + { + // Preliminarily set registration to failed + $success = 0; + $redirect = Router::route('auth.reactivate'); + + // Check if authentication is disallowed + if (Config::get('lock_authentication')) { + $message = "You can't request a reactivation at this time, sorry!"; + + Template::vars(['page' => compact('success', 'redirect', 'message')]); + + return Template::render('global/information'); + } + + // Validate session + if (!isset($_POST['session']) || $_POST['session'] != session_id()) { + $message = "Your session expired, refreshing the page will most likely fix this!"; + + Template::vars(['page' => compact('success', 'redirect', 'message')]); + + return Template::render('global/information'); + } + + // Grab forms + $username = isset($_POST['username']) ? Utils::cleanString($_POST['username'], true) : null; + $email = isset($_POST['email']) ? Utils::cleanString($_POST['email'], true) : null; + + // Do database request + $getUser = DB::table('users') + ->where('username_clean', $username) + ->where('email', $email) + ->get(['user_id']); + + // Check if user exists + if (!$getUser) { + $message = "User not found! Double check your username and e-mail address!"; + + Template::vars(['page' => compact('success', 'redirect', 'message')]); + + return Template::render('global/information'); + } + + // Create user object + $user = User::construct($getUser[0]->user_id); + + // Check if a user is activated + if (!$user->permission(Site::DEACTIVATED)) { + $message = "Your account is already activated! Why are you here?"; + + Template::vars(['page' => compact('success', 'redirect', 'message')]); + + return Template::render('global/information'); + } + + // Send activation e-mail to user + Users::sendActivationMail($user->id); + + $success = 1; + $redirect = Router::route('auth.login'); + $message = "Sent the e-mail! Make sure to check your spam folder as well!"; + + Template::vars(['page' => compact('success', 'redirect', 'message')]); + + return Template::render('global/information'); + } + + public function resetPasswordGet() + { + return Template::render('main/resetpassword'); + } + + public function resetPasswordPost() + { + // Preliminarily set action to failed + $success = 0; + $redirect = Router::route('main.index'); + + // Check if authentication is disallowed + if (Config::get('lock_authentication')) { + $message = "You can't request a reactivation at this time, sorry!"; + + Template::vars(['page' => compact('success', 'redirect', 'message')]); + + return Template::render('global/information'); + } + + // Validate session + if (!isset($_POST['session']) || $_POST['session'] != session_id()) { + $message = "Your session expired, refreshing the page will most likely fix this!"; + + Template::vars(['page' => compact('success', 'redirect', 'message')]); + + return Template::render('global/information'); + } + + // Attempt to get the various required GET parameters + $userId = isset($_POST['user']) ? $_POST['user'] : 0; + $key = isset($_POST['key']) ? $_POST['key'] : ""; + $password = isset($_POST['password']) ? $_POST['password'] : ""; + $userName = isset($_POST['username']) ? Utils::cleanString($_POST['username'], true) : ""; + $email = isset($_POST['email']) ? Utils::cleanString($_POST['email'], true) : null; + + // Create user object + $user = User::construct($userId ? $userId : $userName); + + // Quit if the user ID is 0 + if ($user->id === 0 || ($email !== null ? $email !== $user->email : false)) { + $message = "This user does not exist! Contact us if you think this isn't right."; + + Template::vars(['page' => compact('success', 'redirect', 'message')]); + + return Template::render('global/information'); + } + + // Check if the user is active + if ($user->permission(Site::DEACTIVATED)) { + $message = "Your account is deactivated, go activate it first..."; + + Template::vars(['page' => compact('success', 'redirect', 'message')]); + + return Template::render('global/information'); + } + + if ($key && $password) { + // Check password entropy + if (Utils::pwdEntropy($password) < Config::get('min_entropy')) { + $message = "Your password doesn't meet the strength requirements!"; + + Template::vars(['page' => compact('success', 'redirect', 'message')]); + + return Template::render('global/information'); + } + + // Validate the activation key + $action = ActionCode::validate('LOST_PASS', $key, $user->id); + + if (!$action) { + $message = "Invalid verification code! Contact us if you think this isn't right."; + + Template::vars(['page' => compact('success', 'redirect', 'message')]); + + return Template::render('global/information'); + } + + // Hash the password + $pw = Hashing::createHash($password); + + // Update the user + DB::table('users') + ->where('user_id', $user->id) + ->update([ + 'password_hash' => $pw[3], + 'password_salt' => $pw[2], + 'password_algo' => $pw[0], + 'password_iter' => $pw[1], + 'password_chan' => time(), + ]); + + $success = 1; + $message = "Changed your password! You may now log in."; + $redirect = Router::route('auth.login'); + } else { + // Send e-mail + Users::sendPasswordForgot($user->id, $user->email); + + $success = 1; + $message = "Sent the e-mail, keep an eye on your spam folder as well!"; + $redirect = Router::route('main.index'); + } + + Template::vars(['page' => compact('success', 'redirect', 'message')]); + + return Template::render('global/information'); + } } diff --git a/libraries/Controllers/ForumController.php b/libraries/Controllers/ForumController.php index 963a556..df622ca 100644 --- a/libraries/Controllers/ForumController.php +++ b/libraries/Controllers/ForumController.php @@ -36,7 +36,10 @@ class ForumController extends Controller Template::vars([ 'forum' => (new Forum()), 'stats' => [ - 'userCount' => DB::table('users')->where('password_algo', '!=', 'disabled')->whereNotIn('rank_main', [1, 10])->count(), + 'userCount' => DB::table('users') + ->where('password_algo', '!=', 'disabled') + ->whereNotIn('rank_main', [1, 10]) + ->count(), 'newestUser' => User::construct(Users::getNewestUserId()), 'lastRegDate' => date_diff( date_create(date('Y-m-d', User::construct(Users::getNewestUserId())->registered)), diff --git a/libraries/User.php b/libraries/User.php index 4ca423c..9ece53a 100644 --- a/libraries/User.php +++ b/libraries/User.php @@ -627,7 +627,7 @@ class User ->count(); // And the other user - $user = DB::table('friends') + $friend = DB::table('friends') ->where('user_id', $with) ->where('friend_id', $this->id) ->count(); @@ -935,7 +935,7 @@ class User return [0]; } - $getRecord[0] = $getRecord; + $getRecord = $getRecord[0]; // Check if the Tenshi hasn't expired if ($getRecord->premium_expire < time()) { diff --git a/libraries/Users.php b/libraries/Users.php index 5b32f10..b006698 100644 --- a/libraries/Users.php +++ b/libraries/Users.php @@ -8,6 +8,7 @@ namespace Sakura; use Sakura\Perms\Site; +use Sakura\Router; /** * User management @@ -101,211 +102,86 @@ class Users /** * Send password forgot e-mail * - * @param string $username The username. + * @param string $userId The user id. * @param string $email The e-mail. - * - * @return array The status. */ - public static function sendPasswordForgot($username, $email) + public static function sendPasswordForgot($userId, $email) { - // Check if authentication is disallowed - if (Config::get('lock_authentication')) { - return [0, 'AUTH_LOCKED']; - } + $user = User::construct($userId); - // Clean username string - $usernameClean = Utils::cleanString($username, true); - $emailClean = Utils::cleanString($email, true); - - // Do database request - $user = DB::table('users') - ->where('username_clean', $usernameClean) - ->where(':email', $emailClean) - ->get(['user_id']); - - // Check if user exists - if (count($user) < 1) { - return [0, 'USER_NOT_EXIST']; - } - - $userObj = User::construct($user[0]->user_id); - - // Check if the user has the required privs to log in - if ($userObj->permission(Site::DEACTIVATED)) { - return [0, 'NOT_ALLOWED']; + if (!$user->id || $user->permission(Site::DEACTIVATED)) { + return; } // Generate the verification key - $verk = ActionCode::generate('LOST_PASS', $userObj->id); + $verk = ActionCode::generate('LOST_PASS', $user->id); - // Create new urls object - $urls = new Urls(); + $siteName = Config::get('sitename'); + $baseUrl = "http://" . Config::get('url_main'); + $reactivateLink = Router::route('auth.resetpassword') . "?u={$user->id}&k={$verk}"; + $signature = Config::get('mail_signature'); // Build the e-mail - $message = "Hello " . $user['username'] . ",\r\n\r\n"; - $message .= "You are receiving this notification because you have (or someone pretending to be you has) requested a password reset link to be sent for your account on \"" . Config::get('sitename') . "\". If you did not request this notification then please ignore it, if you keep receiving it please contact the site administrator.\r\n\r\n"; - $message .= "To use this password reset key you need to go to a special page. To do this click the link provided below.\r\n\r\n"; - $message .= "http://" . Config::get('url_main') . $urls->format('SITE_FORGOT_PASSWORD') . "?pw=true&uid=" . $user['user_id'] . "&key=" . $verk . "\r\n\r\n"; - $message .= "If successful you should be able to change your password here.\r\n\r\n"; - $message .= "Alternatively if the above method fails for some reason you can go to http://" . Config::get('url_main') . $urls->format('SITE_FORGOT_PASSWORD') . "?pw=true&uid=" . $user['user_id'] . " and use the key listed below:\r\n\r\n"; - $message .= "Verification key: " . $verk . "\r\n\r\n"; - $message .= "You can of course change this password yourself via the profile page. If you have any difficulties please contact the site administrator.\r\n\r\n"; - $message .= "--\r\n\r\nThanks\r\n\r\n" . Config::get('mail_signature'); + $message = "Hello {$user->username},\r\n\r\n" + . "You are receiving this notification because you have (or someone pretending to be you has)" + . " requested a password reset link to be sent for your account on \"{$siteName}\"." + . " If you did not request this notification then please ignore it," + . " if you keep receiving it please contact the site administrator.\r\n\r\n" + . "To use this password reset key you need to go to a special page." + . " To do this click the link provided below.\r\n\r\n" + . "{$baseUrl}{$reactivateLink}\r\n\r\n" + . "If successful you should be able to change your password here.\r\n\r\n" + . "You can of course change this password yourself via the settings page." + . " If you have any difficulties please contact the site administrator.\r\n\r\n" + . "--\r\n\r\nThanks\r\n\r\n{$signature}"; // Send the message - Utils::sendMail([$user['email'] => $user['username']], Config::get('sitename') . ' password restoration', $message); - - // Return success - return [1, 'SUCCESS']; - } - - /** - * Reset a password. - * - * @param string $verk The e-mail verification key. - * @param int $uid The user id. - * @param string $newpass New pass. - * @param string $verpass Again. - * - * @return array Status. - */ - public static function resetPassword($verk, $uid, $newpass, $verpass) - { - // Check if authentication is disallowed - if (Config::get('lock_authentication')) { - return [0, 'AUTH_LOCKED']; - } - - // Check password entropy - if (Utils::pwdEntropy($newpass) < Config::get('min_entropy')) { - return [0, 'PASS_TOO_SHIT']; - } - - // Passwords do not match - if ($newpass != $verpass) { - return [0, 'PASS_NOT_MATCH']; - } - - // Check the verification key - $action = ActionCode::validate('LOST_PASS', $verk, $uid); - - // Check if we got a negative return - if (!$action) { - return [0, 'INVALID_CODE']; - } - - // Hash the password - $password = Hashing::createHash($newpass); - - // Update the user - DB::table('users') - ->where('user_id', $uid) - ->update([ - 'password_hash' => $password[3], - 'password_salt' => $password[2], - 'password_algo' => $password[0], - 'password_iter' => $password[1], - 'password_chan' => time(), - ]); - - // Return success - return [1, 'SUCCESS']; - } - - /** - * Resend activation e-mail. - * - * @param string $username Username. - * @param string $email E-mail. - * - * @return array Status - */ - public static function resendActivationMail($username, $email) - { - // Check if authentication is disallowed - if (Config::get('lock_authentication')) { - return [0, 'AUTH_LOCKED']; - } - - // Clean username string - $usernameClean = Utils::cleanString($username, true); - $emailClean = Utils::cleanString($email, true); - - // Do database request - $user = DB::table('users') - ->where('username_clean', $usernameClean) - ->where(':email', $emailClean) - ->get(['user_id']); - - // Check if user exists - if (count($user) < 1) { - return [0, 'USER_NOT_EXIST']; - } - - $userObj = User::construct($user[0]->user_id); - - // Check if a user is activated - if (!$userObj->permission(Site::DEACTIVATED)) { - return [0, 'USER_ALREADY_ACTIVE']; - } - - // Send activation e-mail - self::sendActivationMail($userObj->id); - - // Return success - return [1, 'SUCCESS']; + Utils::sendMail([$user->email => $user->username], "{$siteName} password restoration", $message); } /** * Send activation e-mail. * - * @param mixed $uid User ID. + * @param mixed $userId User ID. * @param mixed $customKey Key. - * - * @return bool Always true. */ - public static function sendActivationMail($uid, $customKey = null) + public static function sendActivationMail($userId, $customKey = null) { // Get the user data - $user = User::construct($uid); + $user = User::construct($userId); // User is already activated or doesn't even exist if (!$user->id || !$user->permission(Site::DEACTIVATED)) { - return false; + return; } // Generate activation key $activate = ActionCode::generate('ACTIVATE', $user->id); - // Create new urls object - $urls = new Urls(); + $siteName = Config::get('sitename'); + $baseUrl = "http://" . Config::get('url_main'); + $activateLink = Router::route('auth.activate') . "?u={$user->id}&k={$activate}"; + $profileLink = Router::route('user.profile', $user->id); + $signature = Config::get('mail_signature'); // Build the e-mail - $message = "Welcome to " . Config::get('sitename') . "!\r\n\r\n"; - $message .= "Please keep this e-mail for your records. Your account intormation is as follows:\r\n\r\n"; - $message .= "----------------------------\r\n\r\n"; - $message .= "Username: " . $user->username . "\r\n\r\n"; - $message .= "Your profile: http://" . Config::get('url_main') . $urls->format('USER_PROFILE', [$user->id]) . "\r\n\r\n"; - $message .= "----------------------------\r\n\r\n"; - $message .= "Please visit the following link in order to activate your account:\r\n\r\n"; - $message .= "http://" . Config::get('url_main') . $urls->format('SITE_ACTIVATE') . "?mode=activate&u=" . $user->id . "&k=" . $activate . "\r\n\r\n"; - $message .= "Your password has been securely stored in our database and cannot be retrieved. "; - $message .= "In the event that it is forgotten, you will be able to reset it using the email address associated with your account.\r\n\r\n"; - $message .= "Thank you for registering.\r\n\r\n"; - $message .= "--\r\n\r\nThanks\r\n\r\n" . Config::get('mail_signature'); + $message = "Welcome to {$siteName}!\r\n\r\n" + . "Please keep this e-mail for your records. Your account intormation is as follows:\r\n\r\n" + . "----------------------------\r\n\r\n" + . "Username: {$user->username}\r\n\r\n" + . "Your profile: {$baseUrl}{$profileLink}\r\n\r\n" + . "----------------------------\r\n\r\n" + . "Please visit the following link in order to activate your account:\r\n\r\n" + . "{$baseUrl}{$activateLink}\r\n\r\n" + . "Your password has been securely stored in our database and cannot be retrieved. " + . "In the event that it is forgotten," + . " you will be able to reset it using the email address associated with your account.\r\n\r\n" + . "Thank you for registering.\r\n\r\n" + . "--\r\n\r\nThanks\r\n\r\n{$signature}"; // Send the message - Utils::sendMail( - [ - $user->email => $user->username, - ], - Config::get('sitename') . ' Activation Mail', - $message - ); - - // Return true indicating that the things have been sent - return true; + Utils::sendMail([$user->email => $user->username], "{$siteName} activation mail", $message); } /** diff --git a/public/.htaccess b/public/.htaccess deleted file mode 100644 index 903f639..0000000 --- a/public/.htaccess +++ /dev/null @@ -1,20 +0,0 @@ - - - Options -MultiViews - - - RewriteEngine On - - # Redirect Trailing Slashes If Not A Folder... - RewriteCond %{REQUEST_FILENAME} !-d - RewriteRule ^(.*)/$ /$1 [L,R=301] - - # Handle Front Controller... - RewriteCond %{REQUEST_FILENAME} !-d - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^ index.php [L] - - # Handle Authorization Header - RewriteCond %{HTTP:Authorization} . - RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] - diff --git a/public/authenticate.php b/public/authenticate.php deleted file mode 100644 index 710b88e..0000000 --- a/public/authenticate.php +++ /dev/null @@ -1,216 +0,0 @@ - $urls->format('AUTH_ACTION'), - 'message' => 'Timestamps differ too much, refresh the page and try again.', - 'success' => 0, - ]; - - // Prevent - $continue = false; - } - - // Match session ids for the same reason - if (!isset($_REQUEST['session']) || $_REQUEST['session'] != session_id()) { - $renderData['page'] = [ - 'redirect' => $urls->format('AUTH_ACTION'), - 'message' => 'Invalid session, please try again.', - 'success' => 0, - ]; - - // Prevent - $continue = false; - } - } - - // Login check - if (Users::checkLogin()) { - if (!in_array($_REQUEST['mode'], ['logout'])) { - $continue = false; - - // Add page specific things - $renderData['page'] = [ - 'redirect' => $urls->format('SITE_HOME'), - 'message' => 'You are already authenticated. Redirecting...', - 'success' => 1, - ]; - } - } - - if ($continue) { - switch ($_REQUEST['mode']) { - case 'changepassword': - // Attempt change - $passforget = Users::resetPassword( - $_REQUEST['verk'], - $_REQUEST['uid'], - $_REQUEST['newpw'], - $_REQUEST['verpw'] - ); - - // Array containing "human understandable" messages - $messages = [ - 'INVALID_VERK' => 'The verification key supplied was invalid!', - 'INVALID_CODE' => 'Invalid verification key, if you think this is an error contact the administrator.', - 'INVALID_USER' => 'The used verification key is not designated for this user.', - 'VERK_TOO_SHIT' => 'Your verification code is too weak, try adding some special characters.', - 'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.', - 'PASS_NOT_MATCH' => 'Passwords do not match.', - 'SUCCESS' => 'Successfully changed your password, you may now log in.', - ]; - - // Add page specific things - $renderData['page'] = [ - 'redirect' => ( - $passforget[0] ? - $urls->format('SITE_LOGIN') : - $_SERVER['PHP_SELF'] . '?pw=true&uid=' . $_REQUEST['uid'] . '&verk=' . $_REQUEST['verk'] - ), - 'message' => $messages[$passforget[1]], - 'success' => $passforget[0], - ]; - break; - - // Resending the activation e-mail - case 'resendactivemail': - // Attempt send - $resend = Users::resendActivationMail($_REQUEST['username'], $_REQUEST['email']); - - // Array containing "human understandable" messages - $messages = [ - 'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.', - 'USER_NOT_EXIST' => 'The user you tried to activate does not exist (confirm the username/email combination).', - 'USER_ALREADY_ACTIVE' => 'The user you tried to activate is already active.', - 'SUCCESS' => 'The activation e-mail has been sent to the address associated with your account.', - ]; - - // Add page specific things - $renderData['page'] = [ - 'redirect' => $urls->format('SITE_HOME'), - 'message' => $messages[$resend[1]], - 'success' => $resend[0], - ]; - break; - - // Unforgetting passwords - case 'forgotpassword': - // Attempt send - $passforgot = Users::sendPasswordForgot($_REQUEST['username'], $_REQUEST['email']); - - // Array containing "human understandable" messages - $messages = [ - 'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.', - 'USER_NOT_EXIST' => 'The requested user does not exist (confirm the username/email combination).', - 'NOT_ALLOWED' => 'Your account does not have the required permissions to change your password.', - 'SUCCESS' => 'The password reset e-mail has been sent to the address associated with your account.', - ]; - - // Add page specific things - $renderData['page'] = [ - 'redirect' => $urls->format('SITE_FORGOT_PASSWORD'), - 'message' => $messages[$passforgot[1]], - 'success' => $passforgot[0], - ]; - break; - - case 'logout': - $renderData['page'] = [ - 'redirect' => Router::route('main.index'), - 'message' => 'Wrong logout page.', - 'success' => 0, - ]; - break; - - case 'login': - $renderData['page'] = [ - 'redirect' => Router::route('auth.login'), - 'message' => 'Wrong login page.', - 'success' => 0, - ]; - break; - - case 'register': - $renderData['page'] = [ - 'redirect' => Router::route('auth.register'), - 'message' => 'Wrong registration page.', - 'success' => 0, - ]; - break; - - case 'activate': - $renderData['page'] = [ - 'redirect' => Router::route('auth.activate'), - 'message' => 'Wrong activation page.', - 'success' => 0, - ]; - break; - - } - } - - // Print page contents or if the AJAX request is set only display the render data - if (isset($_REQUEST['ajax'])) { - echo $renderData['page']['message'] . '|' . - $renderData['page']['success'] . '|' . - $renderData['page']['redirect']; - } else { - Template::vars($renderData); - echo Template::render('global/information'); - } - exit; -} - -// Add page specific things -$renderData['auth'] = [ - 'redirect' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('SITE_HOME'), -]; - -// Check if the user is already logged in -if (Users::checkLogin()) { - // Add page specific things - $renderData['page'] = [ - 'redirect' => $urls->format('SITE_HOME'), - 'message' => 'You are already logged in, log out to access this page.', - ]; - - Template::vars($renderData); - echo Template::render('global/information'); - exit; -} - -// If password forgot things are set display password forget thing -if (isset($_REQUEST['pw']) && $_REQUEST['pw']) { - $renderData['auth']['changingPass'] = true; - $renderData['auth']['userId'] = $_REQUEST['uid']; - - if (isset($_REQUEST['key'])) { - $renderData['auth']['forgotKey'] = $_REQUEST['key']; - } - - Template::vars($renderData); - echo Template::render('main/forgotpassword'); - exit; -} - -// Print page contents -Template::vars($renderData); -echo Template::render('main/authenticate'); diff --git a/public/settings.php b/public/settings.php index dceed1f..103c89a 100644 --- a/public/settings.php +++ b/public/settings.php @@ -7,6 +7,7 @@ namespace Sakura; use Sakura\Perms\Site; +use Sakura\Router; // If this we're requesting notifications this page won't require templating if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notifications']) { @@ -99,7 +100,7 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification exit; } elseif (isset($_REQUEST['comment-action']) && $_REQUEST['comment-action']) { // Referrer - $redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('SITE_INDEX')); + $redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : Router::route('main.index')); // Continue $continue = true; @@ -278,7 +279,7 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification $continue = true; // Referrer - $redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('SITE_INDEX')); + $redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : Router::route('main.index')); // Compare time and session so we know the link isn't forged if (!isset($_REQUEST['add']) && !isset($_REQUEST['remove'])) { @@ -382,8 +383,8 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification sprintf($notifStrings[$action[1]][0], $user->username), $notifStrings[$action[1]][1], 60000, - $urls->format('IMAGE_AVATAR', [$user->id]), - $urls->format('USER_PROFILE', [$user->id]), + Router::route('file.avatar', $user->id), + Router::route('user.profile', $user->id), '1' ); } diff --git a/sakura.php b/sakura.php index 2da3e6e..363ec62 100644 --- a/sakura.php +++ b/sakura.php @@ -8,7 +8,7 @@ namespace Sakura; // Define Sakura version -define('SAKURA_VERSION', '20160317'); +define('SAKURA_VERSION', '20160319'); // Define Sakura Path define('ROOT', __DIR__ . '/'); @@ -51,11 +51,6 @@ spl_autoload_register(function ($className) { require_once ROOT . $className . '.php'; }); -// Include database extensions -foreach (glob(ROOT . 'libraries/DBWrapper/*.php') as $driver) { - require_once $driver; -} - // Set Error handler set_error_handler(['Sakura\Utils', 'errorHandler']); diff --git a/templates/yuuno/elements/indexPanel.twig b/templates/yuuno/elements/indexPanel.twig index 1aaef0b..1f2c221 100644 --- a/templates/yuuno/elements/indexPanel.twig +++ b/templates/yuuno/elements/indexPanel.twig @@ -18,7 +18,7 @@
Welcome!
Welcome to Flashii! This is a site for a bunch of friends to hang out, nothing special. Anyone is pretty much welcome to register so why not have a go? {% endif %} diff --git a/templates/yuuno/forum/forumEntry.twig b/templates/yuuno/forum/forumEntry.twig index 7a8e15b..d384e2e 100644 --- a/templates/yuuno/forum/forumEntry.twig +++ b/templates/yuuno/forum/forumEntry.twig @@ -9,7 +9,7 @@
Subforums: {% for forum in forum.forums %} - {% if forum.unread(user.id) %}[!]{% endif %} {{ forum.name }} + {% if forum.unread(user.id) %}[!]{% endif %} {{ forum.name }} {% endfor %}
{% endif %} @@ -23,8 +23,8 @@
{% if forum.lastPost.id %} - {{ forum.lastPost.subject|slice(0, 30) }}{% if forum.lastPost.subject|length > 30 %}...{% endif %}
- by {% if forum.lastPost.poster.id %}{{ forum.lastPost.poster.username }}{% else %}[deleted user]{% endif %} + {{ forum.lastPost.subject|slice(0, 30) }}{% if forum.lastPost.subject|length > 30 %}...{% endif %}
+ by {% if forum.lastPost.poster.id %}{{ forum.lastPost.poster.username }}{% else %}[deleted user]{% endif %} {% else %} There are no posts in this forum.
  {% endif %} diff --git a/templates/yuuno/main/authenticate.twig b/templates/yuuno/main/authenticate.twig deleted file mode 100644 index bc8f67d..0000000 --- a/templates/yuuno/main/authenticate.twig +++ /dev/null @@ -1,70 +0,0 @@ -{% extends 'global/master.twig' %} - -{% block title %}Authentication{% endblock %} - -{% block content %} - {% if sakura.lockAuth %} -

Authentication is currently disallowed, try again later.

- {% else %} -
-
-
- Lost Password -
-
- - - -
- -
-
- -
-
- -
-
- -
-
- -
- -
-
- {% if sakura.requireActivation %} -
-
- Resend Activation E-mail -
-
- - - -
- -
-
- -
-
- -
-
- -
-
- -
- -
-
- {% endif %} -
- {% endif %} -{% endblock %} diff --git a/templates/yuuno/main/forgotpassword.twig b/templates/yuuno/main/forgotpassword.twig deleted file mode 100644 index 6b4fdac..0000000 --- a/templates/yuuno/main/forgotpassword.twig +++ /dev/null @@ -1,30 +0,0 @@ -{% extends 'global/master.twig' %} - -{% block title %}Forgot Password{% endblock %} - -{% block content %} -
-
Forgot Password
-
- - - - -
-

Verification Key

-
-
-
-

New Password

-
-
-
-

Verify Password

-
-
-
- -
-
-
-{% endblock %} diff --git a/templates/yuuno/main/news.twig b/templates/yuuno/main/news.twig index 2bf619e..8853576 100644 --- a/templates/yuuno/main/news.twig +++ b/templates/yuuno/main/news.twig @@ -7,7 +7,7 @@ {% set comments = newsPosts[0].news_comments.comments %} {% else %} {% set paginationPages = news.posts|batch(postsPerPage) %} - {% set paginationUrl %}{{ urls.format('SITE_NEWS') }}{% endset %} + {% set paginationUrl %}{{ route('news.index') }}{% endset %} {% endif %} {% set title %} diff --git a/templates/yuuno/settings/account.ranks.twig b/templates/yuuno/settings/account.ranks.twig index 12d9c7d..74ac3cd 100644 --- a/templates/yuuno/settings/account.ranks.twig +++ b/templates/yuuno/settings/account.ranks.twig @@ -3,7 +3,7 @@ {% for rank in user.ranks %} - {{ rank.name }} + {{ rank.name }}
diff --git a/templates/yuuno/settings/friends.listing.twig b/templates/yuuno/settings/friends.listing.twig index 0974be6..4cda2b4 100644 --- a/templates/yuuno/settings/friends.listing.twig +++ b/templates/yuuno/settings/friends.listing.twig @@ -27,11 +27,11 @@ window.addEventListener("load", function() {
{% for friend in friends[get.page|default(1) - 1] %}
- - {{ friend.username }} + + {{ friend.username }}
{{ friend.username }}
-
+
diff --git a/templates/yuuno/settings/friends.requests.twig b/templates/yuuno/settings/friends.requests.twig index ff146fc..69a0ef6 100644 --- a/templates/yuuno/settings/friends.requests.twig +++ b/templates/yuuno/settings/friends.requests.twig @@ -27,11 +27,11 @@ window.addEventListener("load", function() {
{% for friend in friends[get.page|default(1) - 1] %}