Auth is fucking FINISHED

This commit is contained in:
flash 2015-04-25 20:08:44 +00:00
parent 4742b4322e
commit 3c4846fd0a
16 changed files with 321 additions and 917 deletions

3
.gitignore vendored
View file

@ -48,7 +48,8 @@ content/images/backgrounds/*
!content/images/backgrounds/.htaccess !content/images/backgrounds/.htaccess
BingSiteAuth.xml BingSiteAuth.xml
google*.html google*.html
logs/* main/logs/*
main/dev/*
################# #################

View file

@ -4,8 +4,11 @@
* By Flashwave * By Flashwave
*/ */
// Settings // Filesystem path to the _sakura folder WITHOUT an ending /
$sockSakuraPath = ''; // Filesystem path to the _sakura folder WITHOUT an ending / // This can also be set before an include of this file in case
// you're using git to keep in sync and don't want conflicts
if(!isset($sockSakuraPath))
$sockSakuraPath = '';
/* * * DON'T EDIT ANYTHING BELOW THIS LINE * * */ /* * * DON'T EDIT ANYTHING BELOW THIS LINE * * */
@ -31,8 +34,8 @@ if(Auth::getPageType() == AUTH_FETCH) {
} else { } else {
// Get arguments // Get arguments
$uid = $_GET['arg1']; $uid = $_REQUEST['arg1'];
$sid = $_GET['arg2']; $sid = $_REQUEST['arg2'];
// Check if session is active else deny // Check if session is active else deny
if(Session::checkSession($uid, $sid)) { if(Session::checkSession($uid, $sid)) {
@ -53,7 +56,7 @@ if(Auth::getPageType() == AUTH_FETCH) {
Auth::SetUserData( Auth::SetUserData(
$user['id'], $user['id'],
$user['username'], $user['username'],
$rank['colour'] $user['name_colour'] == null ? $rank['colour'] : $user['name_colour']
); );
switch($rank['id']) { switch($rank['id']) {

View file

@ -219,9 +219,15 @@ class Main {
// Get user data // Get user data
foreach($newsPosts as $newsId => $newsPost) { foreach($newsPosts as $newsId => $newsPost) {
$newsPosts[$newsId]['parsed'] = self::mdParse($newsPost['content']); $newsPosts[$newsId]['parsed'] = self::mdParse($newsPost['content']);
$newsPosts[$newsId]['udata'] = Users::getUser($newsPost['uid']); $newsPosts[$newsId]['udata'] = Users::getUser($newsPost['uid']);
$newsPosts[$newsId]['rdata'] = Users::getRank($newsPosts[$newsId]['udata']['rank_main']); $newsPosts[$newsId]['rdata'] = Users::getRank($newsPosts[$newsId]['udata']['rank_main']);
// Check if a custom name colour is set and if so overwrite the rank colour
if($newsPosts[$newsId]['udata']['name_colour'] != null)
$newsPosts[$newsId]['rdata']['colour'] = $newsPosts[$newsId]['udata']['name_colour'];
} }
// Return posts // Return posts

View file

@ -69,6 +69,10 @@ class Users {
} }
// Redirect people that need to change their password to the new format
if(self::getUser(Session::$userId)['password_algo'] == 'legacy' && $_SERVER['PHP_SELF'] != '/authenticate.php' && $_SERVER['PHP_SELF'] != '/imageserve.php')
header('Location: /authenticate.php?legacy=true');
// If everything went through return true // If everything went through return true
return true; return true;
@ -258,6 +262,157 @@ class Users {
} }
// Check if a user exists and then send the password forgot email
public static function sendPasswordForgot($username, $email) {
// Check if authentication is disallowed
if(Configuration::getConfig('lock_authentication'))
return [0, 'AUTH_LOCKED'];
// Clean username string
$usernameClean = Main::cleanString($username, true);
$emailClean = Main::cleanString($email, true);
// Do database request
$user = Database::fetch('users', false, [
'username_clean' => [$usernameClean, '='],
'email' => [$emailClean, '=']
]);
// Check if user exists
if(count($user) < 2)
return [0, 'USER_NOT_EXIST'];
// Check if the user is deactivated
if(in_array(0, json_decode($user['ranks'], true)))
return [0, 'DEACTIVATED'];
// Generate the verification key
$verk = Main::newActionCode('LOST_PASS', $user['id'], [
'meta' => [
'password_change' => 1
]
]);
// Build the e-mail
$message = "Hello ". $user['username'] .",\r\n\r\n";
$message .= "You are receiving this notification because you have (or someone pretending to be you has) requested a password reset link to be sent for your account on \"". Configuration::getConfig('sitename') ."\". If you did not request this notification then please ignore it, if you keep receiving it please contact the site administrator.\r\n\r\n";
$message .= "To use this password reset key you need to go to a special page. To do this click the link provided below.\r\n\r\n";
$message .= "http://". Configuration::getLocalConfig('urls', 'main') ."/forgotpassword?pw=true&uid=". $user['id'] ."&key=". $verk ."\r\n\r\n";
$message .= "If successful you should be able to change your password here.\r\n\r\n";
$message .= "Alternatively if the above method fails for some reason you can go to http://". Configuration::getLocalConfig('urls', 'main') ."/forgotpassword?pw=true&uid=". $user['id'] ." and use the key listed below:\r\n\r\n";
$message .= "Verification key: ". $verk ."\r\n\r\n";
$message .= "You can of course change this password yourself via the profile page. If you have any difficulties please contact the site administrator.\r\n\r\n";
$message .= "--\r\n\r\nThanks\r\n\r\n". Configuration::getConfig('mail_signature');
// Send the message
Main::sendMail([$user['email'] => $user['username']], Configuration::getConfig('sitename') .' password restoration', $message);
// Return success
return [1, 'SUCCESS'];
}
// [Flashwave 2015-04-25] Prepare for 5 million password changing functions
// Change legacy passwords after logging in
public static function changeLegacy($oldpass, $newpass, $verpass) {
// Check if user is logged in because I just know someone is going to meme around it
if(!self::checkLogin())
return [0, 'USER_NOT_LOGIN'];
// Get user data
$user = Users::getUser(Session::$userId);
// Check if the user is deactivated
if(in_array(0, json_decode($user['ranks'], true)))
return [0, 'DEACTIVATED'];
// Check if the account is disabled
if('nologin' == $user['password_algo'])
return [0, 'NO_LOGIN'];
// Check if old pass is correct
if(Main::legacyPasswordHash($oldpass) != $user['password_hash'])
return [0, 'INCORRECT_PASSWORD'];
// Check password entropy
if(Main::pwdEntropy($newpass) < Configuration::getConfig('min_entropy'))
return [0, 'PASS_TOO_SHIT'];
// Passwords do not match
if($newpass != $verpass)
return [0, 'PASS_NOT_MATCH'];
// Hash the password
$password = Hashing::create_hash($newpass);
$time = time();
// Update the user
Database::update('users', [
[
'password_hash' => $password[3],
'password_salt' => $password[2],
'password_algo' => $password[0],
'password_iter' => $password[1],
'password_chan' => $time
],
[
'id' => [Session::$userId, '=']
]
]);
// Return success
return [1, 'SUCCESS'];
}
// Reset password with key
public static function resetPassword($verk, $uid, $newpass, $verpass) {
// Check if authentication is disallowed
if(Configuration::getConfig('lock_authentication'))
return [0, 'AUTH_LOCKED'];
// Check password entropy
if(Main::pwdEntropy($newpass) < Configuration::getConfig('min_entropy'))
return [0, 'PASS_TOO_SHIT'];
// Passwords do not match
if($newpass != $verpass)
return [0, 'PASS_NOT_MATCH'];
// Check the verification key
$action = Main::useActionCode('LOST_PASS', $verk, $uid);
// Check if we got a negative return
if(!$action[0])
return [0, $action[1]];
// Hash the password
$password = Hashing::create_hash($newpass);
$time = time();
// Update the user
Database::update('users', [
[
'password_hash' => $password[3],
'password_salt' => $password[2],
'password_algo' => $password[0],
'password_iter' => $password[1],
'password_chan' => $time
],
[
'id' => [$uid, '=']
]
]);
// Return success
return [1, 'SUCCESS'];
}
// Check if a user exists and then resend the activation e-mail // Check if a user exists and then resend the activation e-mail
public static function resendActivationMail($username, $email) { public static function resendActivationMail($username, $email) {
@ -321,7 +476,7 @@ class Users {
$message .= "Your password has been securely stored in our database and cannot be retrieved. "; $message .= "Your password has been securely stored in our database and cannot be retrieved. ";
$message .= "In the event that it is forgotten, you will be able to reset it using the email address associated with your account.\r\n\r\n"; $message .= "In the event that it is forgotten, you will be able to reset it using the email address associated with your account.\r\n\r\n";
$message .= "Thank you for registering.\r\n\r\n"; $message .= "Thank you for registering.\r\n\r\n";
$message .= "--\r\n\r\nSincerely\r\n\r\n". Configuration::getConfig('mail_signature'); $message .= "--\r\n\r\nThanks\r\n\r\n". Configuration::getConfig('mail_signature');
// Send the message // Send the message
Main::sendMail([$user['email'] => $user['username']], Configuration::getConfig('sitename') .' Activation Mail', $message); Main::sendMail([$user['email'] => $user['username']], Configuration::getConfig('sitename') .' Activation Mail', $message);

View file

@ -1,5 +1,5 @@
<?php <?php
// Flashii Configuration // Sakura Configuration
$sakuraConf = array(); // Define configuration array $sakuraConf = array(); // Define configuration array
// PDO Database Connection // PDO Database Connection
@ -8,10 +8,10 @@ $sakuraConf['db']['driver'] = 'mysql'; // SQL Driver contained in the compon
$sakuraConf['db']['unixsocket'] = false; // Use internal UNIX system sockets (would not work on Windows) $sakuraConf['db']['unixsocket'] = false; // Use internal UNIX system sockets (would not work on Windows)
$sakuraConf['db']['host'] = 'localhost'; // SQL Hosts (or path to socket in the case that you're using them) $sakuraConf['db']['host'] = 'localhost'; // SQL Hosts (or path to socket in the case that you're using them)
$sakuraConf['db']['port'] = 3306; // SQL Port (does nothing when UNIX sockets are used) $sakuraConf['db']['port'] = 3306; // SQL Port (does nothing when UNIX sockets are used)
$sakuraConf['db']['username'] = 'flashii'; // Database authentication username $sakuraConf['db']['username'] = 'sakura'; // Database authentication username
$sakuraConf['db']['password'] = 'password'; // Database authentication password $sakuraConf['db']['password'] = 'password'; // Database authentication password
$sakuraConf['db']['database'] = 'flashii'; // Database name $sakuraConf['db']['database'] = 'sakura'; // Database name
$sakuraConf['db']['prefix'] = 'fii_'; // Table Prefix $sakuraConf['db']['prefix'] = 'sakura_'; // Table Prefix
// URLs (for modularity) // URLs (for modularity)
$sakuraConf['urls']['main'] = 'flashii.net'; // Main site url $sakuraConf['urls']['main'] = 'flashii.net'; // Main site url

View file

@ -74,6 +74,7 @@ $renderData = array(
'checklogin' => Users::checkLogin(), 'checklogin' => Users::checkLogin(),
'session' => Session::$sessionId, 'session' => Session::$sessionId,
'data' => ($_init_udata = Users::getUser(Session::$userId)), 'data' => ($_init_udata = Users::getUser(Session::$userId)),
'rank' => Users::getRank($_init_udata['rank_main']) 'rank' => ($_init_rdata = Users::getRank($_init_udata['rank_main'])),
'colour' => ($_init_udata['name_colour'] == null ? $_init_rdata['colour'] : $_init_udata['name_colour'])
] ]
); );

View file

@ -122,13 +122,13 @@
<a class="menu-item" href="//{{ sakura.urls.chat }}/" title="Chat with other Flashii members">Chat</a> <a class="menu-item" href="//{{ sakura.urls.chat }}/" title="Chat with other Flashii members">Chat</a>
{% if user.checklogin %} {% if user.checklogin %}
<a class="menu-item" href="//{{ sakura.urls.main }}/members" title="View a list with all the activated user accounts">Members</a> <a class="menu-item" href="//{{ sakura.urls.main }}/members" title="View a list with all the activated user accounts">Members</a>
<a class="menu-item menu-donate" href="//{{ sakura.urls.main }}/donate" title="Give us money to keep the site (and other services) up and running">Donate</a> <a class="menu-item menu-donate" href="//{{ sakura.urls.main }}/support" title="Give us money to keep the site (and other services) up and running">Support</a>
{% endif %} {% endif %}
</div> </div>
<div class="menu-ucp" id="navMenuUser"> <div class="menu-ucp" id="navMenuUser">
<!-- User menu, displayed on right side of the bar. --> <!-- User menu, displayed on right side of the bar. -->
{% if user.checklogin %} {% if user.checklogin %}
<a class="menu-item avatar" href="//{{ sakura.urls.main }}/u/{{ user.data.id }}" title="View and edit your own profile" style="background-image: url('//{{ sakura.urls.main }}/a/{{ user.data.id }}'); width: auto; color: {{ user.rank.colour }}; font-weight: 700;">{{ user.data.username }}</a> <a class="menu-item avatar" href="//{{ sakura.urls.main }}/u/{{ user.data.id }}" title="View and edit your own profile" style="background-image: url('//{{ sakura.urls.main }}/a/{{ user.data.id }}'); width: auto; color: {{ user.colour }}; font-weight: 700;">{{ user.data.username }}</a>
<a class="menu-item" href="//{{ sakura.urls.main }}/settings" title="Change your settings">Settings</a> <a class="menu-item" href="//{{ sakura.urls.main }}/settings" title="Change your settings">Settings</a>
<a class="menu-item" href="//{{ sakura.urls.main }}/logout?mode=logout&time={{ php.time }}&session={{ php.sessionid }}&redirect={{ sakura.currentpage }}" title="End your login session" id="headerLogoutLink">Logout</a> <a class="menu-item" href="//{{ sakura.urls.main }}/logout?mode=logout&time={{ php.time }}&session={{ php.sessionid }}&redirect={{ sakura.currentpage }}" title="End your login session" id="headerLogoutLink">Logout</a>
{% else %} {% else %}
@ -170,3 +170,9 @@
</div> </div>
</form> </form>
{% endif %} {% endif %}
<noscript>
<div class="headerNotify">
<h1>You have JavaScript disabled!</h1>
<p>A lot of things on this site require JavaScript to be enabled (e.g. the chat), we try to keep both sides happy but it is highly recommended that you enable it (you'll also have to deal with this message being here if you don't enable it).</p>
</div>
</noscript>

View file

@ -89,7 +89,7 @@
<label for="registerPassword">Password:</label> <label for="registerPassword">Password:</label>
</div> </div>
<div class="centreAlign"> <div class="centreAlign">
<input class="inputStyling" type="password" id="registerPassword" name="password" placeholder="Must be at least 8 characters." /> <input class="inputStyling" type="password" id="registerPassword" name="password" placeholder="Using special characters is recommended" />
</div> </div>
<div class="leftAlign"> <div class="leftAlign">
<label for="registerConfirmPassword">Confirm Password:</label> <label for="registerConfirmPassword">Confirm Password:</label>

View file

@ -5,6 +5,7 @@
<input type="hidden" name="redirect" value="//iihsalf.net/" /> <input type="hidden" name="redirect" value="//iihsalf.net/" />
<input type="hidden" name="session" value="{{ php.sessionid }}" /> <input type="hidden" name="session" value="{{ php.sessionid }}" />
<input type="hidden" name="time" value="{{ php.time }}" /> <input type="hidden" name="time" value="{{ php.time }}" />
<input type="hidden" name="uid" value="{{ auth.userId }}" />
<input type="hidden" name="mode" value="changepassword" /> <input type="hidden" name="mode" value="changepassword" />
<div class="profile-field"> <div class="profile-field">
<div><h2>Verification Key</h2></div> <div><h2>Verification Key</h2></div>
@ -12,7 +13,7 @@
</div> </div>
<div class="profile-field"> <div class="profile-field">
<div><h2>New Password</h2></div> <div><h2>New Password</h2></div>
<div style="text-align: center;"><input type="password" name="newpw" placeholder="Your new password, has to be at least 8 characters" class="inputStyling" /></div> <div style="text-align: center;"><input type="password" name="newpw" placeholder="Your new password, using special characters is recommended" class="inputStyling" /></div>
</div> </div>
<div class="profile-field"> <div class="profile-field">
<div><h2>Verify Password</h2></div> <div><h2>Verify Password</h2></div>

View file

@ -324,6 +324,20 @@ a.gotop:active {
} }
} }
/* Header notification thing */
.headerNotify {
margin: 10px auto;
padding: 10px;
width: auto;
max-width: 1024px;
border: 1px solid #9475B2;
box-shadow: 0 0 3px #9475B2;
border-radius: 3px;
background: #D3BFFF;
display: block;
text-align: center;
}
/* Footer Styling */ /* Footer Styling */
.footer { .footer {
box-shadow: 0 0 1em #9475B2; box-shadow: 0 0 1em #9475B2;
@ -467,7 +481,7 @@ a.gotop:active {
background: #B19DDD; background: #B19DDD;
} }
.markdown hr { .markdown hr {
background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAYAAAAECAYAAACtBE5DAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMC1jMDYwIDYxLjEzNDc3NywgMjAxMC8wMi8xMi0xNzozMjowMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNSBNYWNpbnRvc2giIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6OENDRjNBN0E2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6OENDRjNBN0I2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDo4Q0NGM0E3ODY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDo4Q0NGM0E3OTY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PqqezsUAAAAfSURBVHjaYmRABcYwBiM2QSA4y4hNEKYDQxAEAAIMAHNGAzhkPOlYAAAAAElFTkSuQmCC') repeat-x scroll 0px 0px transparent; background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAYAAAAECAYAAACtBE5DAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMC1jMDYwIDYxLjEzNDc3NywgMjAxMC8wMi8xMi0xNzozMjowMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNSBNYWNpbnRvc2giIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6OENDRjNBN0E2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6OENDRjNBN0I2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDo4Q0NGM0E3ODY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDo4Q0NGM0E3OTY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PqqezsUAAAAfSURBVHjaYmRABcYwBiM2QSA4y4hNEKYDQxAEAAIMAHNGAzhkPOlYAAAAAElFTkSuQmCC') repeat-x scroll 0 0 transparent;
border: 0 none; border: 0 none;
color: #CCC; color: #CCC;
height: 4px; height: 4px;
@ -1240,7 +1254,7 @@ textarea.inputStyling {
background: linear-gradient(0deg, #9475B2 0%, #9475B2 50%, #86A 50%) repeat scroll 0% 0% #9475B2; background: linear-gradient(0deg, #9475B2 0%, #9475B2 50%, #86A 50%) repeat scroll 0% 0% #9475B2;
} }
.recaptcha > .recaptcha_buttons > a:first-child { .recaptcha > .recaptcha_buttons > a:first-child {
border-top-right-radius: 0px; border-top-right-radius: 0;
border-bottom-left-radius: 4px; border-bottom-left-radius: 4px;
} }
} }

View file

@ -18,7 +18,7 @@ RewriteRule ^feedback?/?$ http://forum.flash.moe/viewforum.php?f=22
RewriteRule ^credits?/?$ credits.php RewriteRule ^credits?/?$ credits.php
RewriteRule ^index?/?$ index.php RewriteRule ^index?/?$ index.php
RewriteRule ^login?/?$|logout?/?$|activate?/?$|register?/?$|forgotpassword?/?|authenticate?/?$ authenticate.php RewriteRule ^login?/?$|logout?/?$|activate?/?$|register?/?$|forgotpassword?/?|authenticate?/?$ authenticate.php
RewriteRule ^donate?/?$ donate.php RewriteRule ^donate?/?$|support?/?$ support.php
RewriteRule ^contact?/?$ infopage.php?r=contact RewriteRule ^contact?/?$ infopage.php?r=contact
## Info pages ## Info pages
@ -29,6 +29,11 @@ RewriteRule ^news?/?$ news.php
RewriteRule ^news/([0-9]+)$ news.php?id=$1 RewriteRule ^news/([0-9]+)$ news.php?id=$1
RewriteRule ^news.xml$ news.php?xml RewriteRule ^news.xml$ news.php?xml
## Profiles
RewriteRule ^u$|u/$ profile.php
RewriteRule ^u/([A-Za-z0-9_-\s\.]+)?/?$ profile.php?u=$1
RewriteRule ^u/([A-Za-z0-9_-\s\.]+)/api?/?$ profile.php?data
# Serving Images # Serving Images
RewriteRule ^a/([0-9]+)$ imageserve.php?m=avatar&u=$1 RewriteRule ^a/([0-9]+)$|a/([0-9]+).png$ imageserve.php?m=avatar&u=$1
RewriteRule ^a/([0-9]+).png$ imageserve.php?m=avatar&u=$1 RewriteRule ^bg/([0-9]+)$|bg/([0-9]+).png$ imageserve.php?m=background&u=$1

View file

@ -24,7 +24,7 @@ if(isset($_REQUEST['mode'])) {
$renderData['page'] = [ $renderData['page'] = [
'title' => 'Action failed', 'title' => 'Action failed',
'redirect' => '/authenticate', 'redirect' => '/authenticate',
'message' => 'Timestamps differ too much, please try again.', 'message' => 'Timestamps differ too much, refresh the page and try again.',
'success' => 0 'success' => 0
]; ];
@ -53,9 +53,18 @@ if(isset($_REQUEST['mode'])) {
// Login check // Login check
if(Users::checkLogin()) { if(Users::checkLogin()) {
if(!in_array($_REQUEST['mode'], ['logout', 'legacypw'])) if(!in_array($_REQUEST['mode'], ['logout', 'legacypw'])) {
$continue = false; $continue = false;
// Add page specific things
$renderData['page'] = [
'title' => 'Authentication',
'redirect' => '/',
'message' => 'You are already authenticated. Redirecting...',
'success' => 1
];
}
} }
if($continue) { if($continue) {
@ -79,24 +88,53 @@ if(isset($_REQUEST['mode'])) {
case 'legacypw': case 'legacypw':
// Attempt change
$legacypass = Users::changeLegacy($_REQUEST['oldpw'], $_REQUEST['newpw'], $_REQUEST['verpw']);
// Array containing "human understandable" messages
$messages = [
'USER_NOT_LOGIN' => 'What are you doing, you\'re not even logged in. GO AWAY!',
'INCORRECT_PASSWORD' => 'The password you entered was invalid.',
'DEACTIVATED' => 'Your account is deactivated.',
'NO_LOGIN' => 'Logging into this account is disabled.',
'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.',
'PASS_NOT_MATCH' => 'Passwords do not match.',
'SUCCESS' => 'Successfully changed your password, you may now continue.'
];
// Add page specific things // Add page specific things
$renderData['page'] = [ $renderData['page'] = [
'title' => 'Changing Password', 'title' => 'Change Password',
'redirect' => $_SERVER['PHP_SELF'], 'redirect' => '/',
'message' => 'yet to be implemented', 'message' => $messages[$legacypass[1]],
'success' => 0 'success' => $legacypass[0]
]; ];
break; break;
case 'changepassword': case 'changepassword':
// Attempt change
$passforget = Users::resetPassword($_REQUEST['verk'], $_REQUEST['uid'], $_REQUEST['newpw'], $_REQUEST['verpw']);
// Array containing "human understandable" messages
$messages = [
'INVALID_VERK' => 'The verification key supplied was invalid!',
'INVALID_CODE' => 'Invalid verification key, if you think this is an error contact the administrator.',
'INVALID_USER' => 'The used verification key is not designated for this user.',
'VERK_TOO_SHIT' => 'Your verification code is too weak, try adding some special characters.',
'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.',
'PASS_NOT_MATCH' => 'Passwords do not match.',
'SUCCESS' => 'Successfully changed your password, you may now log in.'
];
// Add page specific things // Add page specific things
$renderData['page'] = [ $renderData['page'] = [
'title' => 'Forgot Password', 'title' => 'Forgot Password',
'redirect' => $_SERVER['PHP_SELF'], 'redirect' => ($passforget[0] ? '/' : $_SERVER['PHP_SELF'] .'?pw=true&uid='. $_REQUEST['uid'] .'&verk='. $_REQUEST['verk']),
'message' => 'Yet to be implemented', 'message' => $messages[$passforget[1]],
'success' => 0 'success' => $passforget[0]
]; ];
break; break;
@ -112,7 +150,7 @@ if(isset($_REQUEST['mode'])) {
'USER_NOT_EXIST' => 'The user you tried to activate does not exist.', 'USER_NOT_EXIST' => 'The user you tried to activate does not exist.',
'USER_ALREADY_ACTIVE' => 'The user you tried to activate is already active.', 'USER_ALREADY_ACTIVE' => 'The user you tried to activate is already active.',
'INVALID_CODE' => 'Invalid activation code, if you think this is an error contact the administrator.', 'INVALID_CODE' => 'Invalid activation code, if you think this is an error contact the administrator.',
'INVALID_USER' => 'The used registration code is not designated for this user.', 'INVALID_USER' => 'The used activation code is not designated for this user.',
'SUCCESS' => 'Successfully activated your account, you may now log in.' 'SUCCESS' => 'Successfully activated your account, you may now log in.'
]; ];
@ -170,7 +208,7 @@ if(isset($_REQUEST['mode'])) {
// Add page specific things // Add page specific things
$renderData['page'] = [ $renderData['page'] = [
'title' => 'Login', 'title' => 'Login',
'redirect' => ($login[0] ? $_REQUEST['redirect'] : '/authenticate'), 'redirect' => ($login[1] == 'LEGACY_SUCCESS' ? '/authenticate?legacy=true' : ($login[0] ? $_REQUEST['redirect'] : '/authenticate')),
'message' => $messages[$login[1]], 'message' => $messages[$login[1]],
'success' => $login[0] 'success' => $login[0]
]; ];
@ -230,12 +268,23 @@ if(isset($_REQUEST['mode'])) {
// Unforgetting passwords // Unforgetting passwords
case 'forgotpassword': case 'forgotpassword':
// Attempt send
$passforgot = Users::sendPasswordForgot($_REQUEST['username'], $_REQUEST['email']);
// Array containing "human understandable" messages
$messages = [
'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.',
'USER_NOT_EXIST' => 'The requested user does not exist (confirm the username/email combination).',
'DEACTIVATED' => 'Your account is deactivated.',
'SUCCESS' => 'The password reset e-mail has been sent to the address associated with your account.'
];
// Add page specific things // Add page specific things
$renderData['page'] = [ $renderData['page'] = [
'title' => 'Forgot Password', 'title' => 'Lost Password',
'redirect' => $_SERVER['PHP_SELF'], 'redirect' => '/authenticate',
'message' => 'yet to be implemented', 'message' => $messages[$passforgot[1]],
'success' => 0 'success' => $passforgot[0]
]; ];
break; break;
@ -279,6 +328,32 @@ $renderData['auth'] = [
] ]
]; ];
// Check if the user is already logged in
if(Users::checkLogin()) {
// If password forgot things are set display password forget thing
if(isset($_REQUEST['legacy']) && $_REQUEST['legacy'] && Users::getUser(Session::$userId)['password_algo'] == 'legacy') {
$renderData['page']['title'] = 'Changing Password';
$renderData['auth']['changingPass'] = true;
print Templates::render('main/legacypasswordchange.tpl', $renderData);
exit;
}
// Add page specific things
$renderData['page'] = [
'title' => 'Authentication',
'redirect' => '/',
'message' => 'You are already logged in, log out to access this page.'
];
print Templates::render('errors/information.tpl', $renderData);
exit;
}
// Check if a user has already registered from the current IP address // Check if a user has already registered from the current IP address
if(count($regUserIP = Users::getUsersByIP(Main::getRemoteIP()))) { if(count($regUserIP = Users::getUsersByIP(Main::getRemoteIP()))) {
@ -292,8 +367,9 @@ if(count($regUserIP = Users::getUsersByIP(Main::getRemoteIP()))) {
// If password forgot things are set display password forget thing // If password forgot things are set display password forget thing
if(isset($_REQUEST['pw']) && $_REQUEST['pw']) { if(isset($_REQUEST['pw']) && $_REQUEST['pw']) {
$renderData['page']['title'] = 'Changing Password'; $renderData['page']['title'] = 'Resetting Password';
$renderData['auth']['changingPass'] = true; $renderData['auth']['changingPass'] = true;
$renderData['auth']['userId'] = $_REQUEST['uid'];
if(isset($_REQUEST['key'])) if(isset($_REQUEST['key']))
$renderData['auth']['forgotKey'] = $_REQUEST['key']; $renderData['auth']['forgotKey'] = $_REQUEST['key'];
@ -303,24 +379,5 @@ if(isset($_REQUEST['pw']) && $_REQUEST['pw']) {
} }
// Check if the user is already logged in
if(Users::checkLogin()) {
// Add page specific things
$renderData['page'] = [
'title' => 'Authentication',
'redirect' => (
isset($_SERVER['HTTP_REFERER']) ?
$_SERVER['HTTP_REFERER'] :
'/'
),
'message' => 'You are already logged in, log out to access this page.'
];
print Templates::render('errors/information.tpl', $renderData);
exit;
}
// Print page contents // Print page contents
print Templates::render('main/authenticate.tpl', $renderData); print Templates::render('main/authenticate.tpl', $renderData);

View file

@ -1,5 +0,0 @@
<h1>Development Tools</h1>
<ul>
<li><a href="sql.php">SQL</a>
<li><a href="registerData.php">Registration Data</a>
</ul>

View file

@ -1,39 +0,0 @@
<?php
require_once '../../_sakura/sakura.php';
if(isset($_POST['submit'])) {
header('Content-Type: text/plain;charset=utf-8');
$pass = Sakura\Hashing::create_hash($_POST['password']);
$regData = [
'username' => $_POST['username'],
'username_clean' => Sakura\Main::cleanString($_POST['username'], true),
'password_hash' => $pass[3],
'password_salt' => $pass[2],
'password_algo' => $pass[0],
'password_iter' => $pass[1],
'password_chan' => time(),
'email' => Sakura\Main::cleanString($_POST['email'], true),
'group_main' => '1',
'groups' => json_encode([1]),
'register_ip' => Main::getRemoteIP(),
'last_ip' => Main::getRemoteIP(),
'regdate' => time(),
'lastdate' => time(),
'lastunamechange' => time(),
'profile_data' => json_encode([])
];
print_r($regData);
exit;
}
?>
<form method="post" action="<?=$_SERVER['PHP_SELF'];?>">
username: <input type="text" name="username" /><br />
password: <input type="password" name="password" /><br />
email: <input type="text" name="email" /><br />
<input type="submit" name="submit" value="Submit" />
</form>

File diff suppressed because one or more lines are too long

16
main/profile.php Normal file
View file

@ -0,0 +1,16 @@
<?php
/*
* Sakura User Profiles
*/
// Declare Namespace
namespace Sakura;
// Include components
require_once str_replace(basename(__DIR__), '', dirname(__FILE__)) .'_sakura/sakura.php';
// Catch old profile API and return error
if(isset($_REQUEST['data']))
die(json_encode(['error' => true]));
var_dump(@$_REQUEST);