Auth is fucking FINISHED
This commit is contained in:
parent
4742b4322e
commit
3c4846fd0a
16 changed files with 321 additions and 917 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -48,7 +48,8 @@ content/images/backgrounds/*
|
||||||
!content/images/backgrounds/.htaccess
|
!content/images/backgrounds/.htaccess
|
||||||
BingSiteAuth.xml
|
BingSiteAuth.xml
|
||||||
google*.html
|
google*.html
|
||||||
logs/*
|
main/logs/*
|
||||||
|
main/dev/*
|
||||||
|
|
||||||
|
|
||||||
#################
|
#################
|
||||||
|
|
|
@ -4,8 +4,11 @@
|
||||||
* By Flashwave
|
* By Flashwave
|
||||||
*/
|
*/
|
||||||
|
|
||||||
// Settings
|
// Filesystem path to the _sakura folder WITHOUT an ending /
|
||||||
$sockSakuraPath = ''; // Filesystem path to the _sakura folder WITHOUT an ending /
|
// This can also be set before an include of this file in case
|
||||||
|
// you're using git to keep in sync and don't want conflicts
|
||||||
|
if(!isset($sockSakuraPath))
|
||||||
|
$sockSakuraPath = '';
|
||||||
|
|
||||||
/* * * DON'T EDIT ANYTHING BELOW THIS LINE * * */
|
/* * * DON'T EDIT ANYTHING BELOW THIS LINE * * */
|
||||||
|
|
||||||
|
@ -31,8 +34,8 @@ if(Auth::getPageType() == AUTH_FETCH) {
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
// Get arguments
|
// Get arguments
|
||||||
$uid = $_GET['arg1'];
|
$uid = $_REQUEST['arg1'];
|
||||||
$sid = $_GET['arg2'];
|
$sid = $_REQUEST['arg2'];
|
||||||
|
|
||||||
// Check if session is active else deny
|
// Check if session is active else deny
|
||||||
if(Session::checkSession($uid, $sid)) {
|
if(Session::checkSession($uid, $sid)) {
|
||||||
|
@ -53,7 +56,7 @@ if(Auth::getPageType() == AUTH_FETCH) {
|
||||||
Auth::SetUserData(
|
Auth::SetUserData(
|
||||||
$user['id'],
|
$user['id'],
|
||||||
$user['username'],
|
$user['username'],
|
||||||
$rank['colour']
|
$user['name_colour'] == null ? $rank['colour'] : $user['name_colour']
|
||||||
);
|
);
|
||||||
|
|
||||||
switch($rank['id']) {
|
switch($rank['id']) {
|
|
@ -219,9 +219,15 @@ class Main {
|
||||||
|
|
||||||
// Get user data
|
// Get user data
|
||||||
foreach($newsPosts as $newsId => $newsPost) {
|
foreach($newsPosts as $newsId => $newsPost) {
|
||||||
|
|
||||||
$newsPosts[$newsId]['parsed'] = self::mdParse($newsPost['content']);
|
$newsPosts[$newsId]['parsed'] = self::mdParse($newsPost['content']);
|
||||||
$newsPosts[$newsId]['udata'] = Users::getUser($newsPost['uid']);
|
$newsPosts[$newsId]['udata'] = Users::getUser($newsPost['uid']);
|
||||||
$newsPosts[$newsId]['rdata'] = Users::getRank($newsPosts[$newsId]['udata']['rank_main']);
|
$newsPosts[$newsId]['rdata'] = Users::getRank($newsPosts[$newsId]['udata']['rank_main']);
|
||||||
|
|
||||||
|
// Check if a custom name colour is set and if so overwrite the rank colour
|
||||||
|
if($newsPosts[$newsId]['udata']['name_colour'] != null)
|
||||||
|
$newsPosts[$newsId]['rdata']['colour'] = $newsPosts[$newsId]['udata']['name_colour'];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Return posts
|
// Return posts
|
||||||
|
|
|
@ -69,6 +69,10 @@ class Users {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Redirect people that need to change their password to the new format
|
||||||
|
if(self::getUser(Session::$userId)['password_algo'] == 'legacy' && $_SERVER['PHP_SELF'] != '/authenticate.php' && $_SERVER['PHP_SELF'] != '/imageserve.php')
|
||||||
|
header('Location: /authenticate.php?legacy=true');
|
||||||
|
|
||||||
// If everything went through return true
|
// If everything went through return true
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
|
@ -258,6 +262,157 @@ class Users {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if a user exists and then send the password forgot email
|
||||||
|
public static function sendPasswordForgot($username, $email) {
|
||||||
|
|
||||||
|
// Check if authentication is disallowed
|
||||||
|
if(Configuration::getConfig('lock_authentication'))
|
||||||
|
return [0, 'AUTH_LOCKED'];
|
||||||
|
|
||||||
|
// Clean username string
|
||||||
|
$usernameClean = Main::cleanString($username, true);
|
||||||
|
$emailClean = Main::cleanString($email, true);
|
||||||
|
|
||||||
|
// Do database request
|
||||||
|
$user = Database::fetch('users', false, [
|
||||||
|
'username_clean' => [$usernameClean, '='],
|
||||||
|
'email' => [$emailClean, '=']
|
||||||
|
]);
|
||||||
|
|
||||||
|
// Check if user exists
|
||||||
|
if(count($user) < 2)
|
||||||
|
return [0, 'USER_NOT_EXIST'];
|
||||||
|
|
||||||
|
// Check if the user is deactivated
|
||||||
|
if(in_array(0, json_decode($user['ranks'], true)))
|
||||||
|
return [0, 'DEACTIVATED'];
|
||||||
|
|
||||||
|
// Generate the verification key
|
||||||
|
$verk = Main::newActionCode('LOST_PASS', $user['id'], [
|
||||||
|
'meta' => [
|
||||||
|
'password_change' => 1
|
||||||
|
]
|
||||||
|
]);
|
||||||
|
|
||||||
|
// Build the e-mail
|
||||||
|
$message = "Hello ". $user['username'] .",\r\n\r\n";
|
||||||
|
$message .= "You are receiving this notification because you have (or someone pretending to be you has) requested a password reset link to be sent for your account on \"". Configuration::getConfig('sitename') ."\". If you did not request this notification then please ignore it, if you keep receiving it please contact the site administrator.\r\n\r\n";
|
||||||
|
$message .= "To use this password reset key you need to go to a special page. To do this click the link provided below.\r\n\r\n";
|
||||||
|
$message .= "http://". Configuration::getLocalConfig('urls', 'main') ."/forgotpassword?pw=true&uid=". $user['id'] ."&key=". $verk ."\r\n\r\n";
|
||||||
|
$message .= "If successful you should be able to change your password here.\r\n\r\n";
|
||||||
|
$message .= "Alternatively if the above method fails for some reason you can go to http://". Configuration::getLocalConfig('urls', 'main') ."/forgotpassword?pw=true&uid=". $user['id'] ." and use the key listed below:\r\n\r\n";
|
||||||
|
$message .= "Verification key: ". $verk ."\r\n\r\n";
|
||||||
|
$message .= "You can of course change this password yourself via the profile page. If you have any difficulties please contact the site administrator.\r\n\r\n";
|
||||||
|
$message .= "--\r\n\r\nThanks\r\n\r\n". Configuration::getConfig('mail_signature');
|
||||||
|
|
||||||
|
// Send the message
|
||||||
|
Main::sendMail([$user['email'] => $user['username']], Configuration::getConfig('sitename') .' password restoration', $message);
|
||||||
|
|
||||||
|
// Return success
|
||||||
|
return [1, 'SUCCESS'];
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// [Flashwave 2015-04-25] Prepare for 5 million password changing functions
|
||||||
|
|
||||||
|
// Change legacy passwords after logging in
|
||||||
|
public static function changeLegacy($oldpass, $newpass, $verpass) {
|
||||||
|
|
||||||
|
// Check if user is logged in because I just know someone is going to meme around it
|
||||||
|
if(!self::checkLogin())
|
||||||
|
return [0, 'USER_NOT_LOGIN'];
|
||||||
|
|
||||||
|
// Get user data
|
||||||
|
$user = Users::getUser(Session::$userId);
|
||||||
|
|
||||||
|
// Check if the user is deactivated
|
||||||
|
if(in_array(0, json_decode($user['ranks'], true)))
|
||||||
|
return [0, 'DEACTIVATED'];
|
||||||
|
|
||||||
|
// Check if the account is disabled
|
||||||
|
if('nologin' == $user['password_algo'])
|
||||||
|
return [0, 'NO_LOGIN'];
|
||||||
|
|
||||||
|
// Check if old pass is correct
|
||||||
|
if(Main::legacyPasswordHash($oldpass) != $user['password_hash'])
|
||||||
|
return [0, 'INCORRECT_PASSWORD'];
|
||||||
|
|
||||||
|
// Check password entropy
|
||||||
|
if(Main::pwdEntropy($newpass) < Configuration::getConfig('min_entropy'))
|
||||||
|
return [0, 'PASS_TOO_SHIT'];
|
||||||
|
|
||||||
|
// Passwords do not match
|
||||||
|
if($newpass != $verpass)
|
||||||
|
return [0, 'PASS_NOT_MATCH'];
|
||||||
|
|
||||||
|
// Hash the password
|
||||||
|
$password = Hashing::create_hash($newpass);
|
||||||
|
$time = time();
|
||||||
|
|
||||||
|
// Update the user
|
||||||
|
Database::update('users', [
|
||||||
|
[
|
||||||
|
'password_hash' => $password[3],
|
||||||
|
'password_salt' => $password[2],
|
||||||
|
'password_algo' => $password[0],
|
||||||
|
'password_iter' => $password[1],
|
||||||
|
'password_chan' => $time
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'id' => [Session::$userId, '=']
|
||||||
|
]
|
||||||
|
]);
|
||||||
|
|
||||||
|
// Return success
|
||||||
|
return [1, 'SUCCESS'];
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// Reset password with key
|
||||||
|
public static function resetPassword($verk, $uid, $newpass, $verpass) {
|
||||||
|
|
||||||
|
// Check if authentication is disallowed
|
||||||
|
if(Configuration::getConfig('lock_authentication'))
|
||||||
|
return [0, 'AUTH_LOCKED'];
|
||||||
|
|
||||||
|
// Check password entropy
|
||||||
|
if(Main::pwdEntropy($newpass) < Configuration::getConfig('min_entropy'))
|
||||||
|
return [0, 'PASS_TOO_SHIT'];
|
||||||
|
|
||||||
|
// Passwords do not match
|
||||||
|
if($newpass != $verpass)
|
||||||
|
return [0, 'PASS_NOT_MATCH'];
|
||||||
|
|
||||||
|
// Check the verification key
|
||||||
|
$action = Main::useActionCode('LOST_PASS', $verk, $uid);
|
||||||
|
|
||||||
|
// Check if we got a negative return
|
||||||
|
if(!$action[0])
|
||||||
|
return [0, $action[1]];
|
||||||
|
|
||||||
|
// Hash the password
|
||||||
|
$password = Hashing::create_hash($newpass);
|
||||||
|
$time = time();
|
||||||
|
|
||||||
|
// Update the user
|
||||||
|
Database::update('users', [
|
||||||
|
[
|
||||||
|
'password_hash' => $password[3],
|
||||||
|
'password_salt' => $password[2],
|
||||||
|
'password_algo' => $password[0],
|
||||||
|
'password_iter' => $password[1],
|
||||||
|
'password_chan' => $time
|
||||||
|
],
|
||||||
|
[
|
||||||
|
'id' => [$uid, '=']
|
||||||
|
]
|
||||||
|
]);
|
||||||
|
|
||||||
|
// Return success
|
||||||
|
return [1, 'SUCCESS'];
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// Check if a user exists and then resend the activation e-mail
|
// Check if a user exists and then resend the activation e-mail
|
||||||
public static function resendActivationMail($username, $email) {
|
public static function resendActivationMail($username, $email) {
|
||||||
|
|
||||||
|
@ -321,7 +476,7 @@ class Users {
|
||||||
$message .= "Your password has been securely stored in our database and cannot be retrieved. ";
|
$message .= "Your password has been securely stored in our database and cannot be retrieved. ";
|
||||||
$message .= "In the event that it is forgotten, you will be able to reset it using the email address associated with your account.\r\n\r\n";
|
$message .= "In the event that it is forgotten, you will be able to reset it using the email address associated with your account.\r\n\r\n";
|
||||||
$message .= "Thank you for registering.\r\n\r\n";
|
$message .= "Thank you for registering.\r\n\r\n";
|
||||||
$message .= "--\r\n\r\nSincerely\r\n\r\n". Configuration::getConfig('mail_signature');
|
$message .= "--\r\n\r\nThanks\r\n\r\n". Configuration::getConfig('mail_signature');
|
||||||
|
|
||||||
// Send the message
|
// Send the message
|
||||||
Main::sendMail([$user['email'] => $user['username']], Configuration::getConfig('sitename') .' Activation Mail', $message);
|
Main::sendMail([$user['email'] => $user['username']], Configuration::getConfig('sitename') .' Activation Mail', $message);
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
// Flashii Configuration
|
// Sakura Configuration
|
||||||
$sakuraConf = array(); // Define configuration array
|
$sakuraConf = array(); // Define configuration array
|
||||||
|
|
||||||
// PDO Database Connection
|
// PDO Database Connection
|
||||||
|
@ -8,10 +8,10 @@ $sakuraConf['db']['driver'] = 'mysql'; // SQL Driver contained in the compon
|
||||||
$sakuraConf['db']['unixsocket'] = false; // Use internal UNIX system sockets (would not work on Windows)
|
$sakuraConf['db']['unixsocket'] = false; // Use internal UNIX system sockets (would not work on Windows)
|
||||||
$sakuraConf['db']['host'] = 'localhost'; // SQL Hosts (or path to socket in the case that you're using them)
|
$sakuraConf['db']['host'] = 'localhost'; // SQL Hosts (or path to socket in the case that you're using them)
|
||||||
$sakuraConf['db']['port'] = 3306; // SQL Port (does nothing when UNIX sockets are used)
|
$sakuraConf['db']['port'] = 3306; // SQL Port (does nothing when UNIX sockets are used)
|
||||||
$sakuraConf['db']['username'] = 'flashii'; // Database authentication username
|
$sakuraConf['db']['username'] = 'sakura'; // Database authentication username
|
||||||
$sakuraConf['db']['password'] = 'password'; // Database authentication password
|
$sakuraConf['db']['password'] = 'password'; // Database authentication password
|
||||||
$sakuraConf['db']['database'] = 'flashii'; // Database name
|
$sakuraConf['db']['database'] = 'sakura'; // Database name
|
||||||
$sakuraConf['db']['prefix'] = 'fii_'; // Table Prefix
|
$sakuraConf['db']['prefix'] = 'sakura_'; // Table Prefix
|
||||||
|
|
||||||
// URLs (for modularity)
|
// URLs (for modularity)
|
||||||
$sakuraConf['urls']['main'] = 'flashii.net'; // Main site url
|
$sakuraConf['urls']['main'] = 'flashii.net'; // Main site url
|
||||||
|
|
|
@ -74,6 +74,7 @@ $renderData = array(
|
||||||
'checklogin' => Users::checkLogin(),
|
'checklogin' => Users::checkLogin(),
|
||||||
'session' => Session::$sessionId,
|
'session' => Session::$sessionId,
|
||||||
'data' => ($_init_udata = Users::getUser(Session::$userId)),
|
'data' => ($_init_udata = Users::getUser(Session::$userId)),
|
||||||
'rank' => Users::getRank($_init_udata['rank_main'])
|
'rank' => ($_init_rdata = Users::getRank($_init_udata['rank_main'])),
|
||||||
|
'colour' => ($_init_udata['name_colour'] == null ? $_init_rdata['colour'] : $_init_udata['name_colour'])
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|
|
@ -122,13 +122,13 @@
|
||||||
<a class="menu-item" href="//{{ sakura.urls.chat }}/" title="Chat with other Flashii members">Chat</a>
|
<a class="menu-item" href="//{{ sakura.urls.chat }}/" title="Chat with other Flashii members">Chat</a>
|
||||||
{% if user.checklogin %}
|
{% if user.checklogin %}
|
||||||
<a class="menu-item" href="//{{ sakura.urls.main }}/members" title="View a list with all the activated user accounts">Members</a>
|
<a class="menu-item" href="//{{ sakura.urls.main }}/members" title="View a list with all the activated user accounts">Members</a>
|
||||||
<a class="menu-item menu-donate" href="//{{ sakura.urls.main }}/donate" title="Give us money to keep the site (and other services) up and running">Donate</a>
|
<a class="menu-item menu-donate" href="//{{ sakura.urls.main }}/support" title="Give us money to keep the site (and other services) up and running">Support</a>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
<div class="menu-ucp" id="navMenuUser">
|
<div class="menu-ucp" id="navMenuUser">
|
||||||
<!-- User menu, displayed on right side of the bar. -->
|
<!-- User menu, displayed on right side of the bar. -->
|
||||||
{% if user.checklogin %}
|
{% if user.checklogin %}
|
||||||
<a class="menu-item avatar" href="//{{ sakura.urls.main }}/u/{{ user.data.id }}" title="View and edit your own profile" style="background-image: url('//{{ sakura.urls.main }}/a/{{ user.data.id }}'); width: auto; color: {{ user.rank.colour }}; font-weight: 700;">{{ user.data.username }}</a>
|
<a class="menu-item avatar" href="//{{ sakura.urls.main }}/u/{{ user.data.id }}" title="View and edit your own profile" style="background-image: url('//{{ sakura.urls.main }}/a/{{ user.data.id }}'); width: auto; color: {{ user.colour }}; font-weight: 700;">{{ user.data.username }}</a>
|
||||||
<a class="menu-item" href="//{{ sakura.urls.main }}/settings" title="Change your settings">Settings</a>
|
<a class="menu-item" href="//{{ sakura.urls.main }}/settings" title="Change your settings">Settings</a>
|
||||||
<a class="menu-item" href="//{{ sakura.urls.main }}/logout?mode=logout&time={{ php.time }}&session={{ php.sessionid }}&redirect={{ sakura.currentpage }}" title="End your login session" id="headerLogoutLink">Logout</a>
|
<a class="menu-item" href="//{{ sakura.urls.main }}/logout?mode=logout&time={{ php.time }}&session={{ php.sessionid }}&redirect={{ sakura.currentpage }}" title="End your login session" id="headerLogoutLink">Logout</a>
|
||||||
{% else %}
|
{% else %}
|
||||||
|
@ -170,3 +170,9 @@
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
<noscript>
|
||||||
|
<div class="headerNotify">
|
||||||
|
<h1>You have JavaScript disabled!</h1>
|
||||||
|
<p>A lot of things on this site require JavaScript to be enabled (e.g. the chat), we try to keep both sides happy but it is highly recommended that you enable it (you'll also have to deal with this message being here if you don't enable it).</p>
|
||||||
|
</div>
|
||||||
|
</noscript>
|
||||||
|
|
|
@ -89,7 +89,7 @@
|
||||||
<label for="registerPassword">Password:</label>
|
<label for="registerPassword">Password:</label>
|
||||||
</div>
|
</div>
|
||||||
<div class="centreAlign">
|
<div class="centreAlign">
|
||||||
<input class="inputStyling" type="password" id="registerPassword" name="password" placeholder="Must be at least 8 characters." />
|
<input class="inputStyling" type="password" id="registerPassword" name="password" placeholder="Using special characters is recommended" />
|
||||||
</div>
|
</div>
|
||||||
<div class="leftAlign">
|
<div class="leftAlign">
|
||||||
<label for="registerConfirmPassword">Confirm Password:</label>
|
<label for="registerConfirmPassword">Confirm Password:</label>
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
<input type="hidden" name="redirect" value="//iihsalf.net/" />
|
<input type="hidden" name="redirect" value="//iihsalf.net/" />
|
||||||
<input type="hidden" name="session" value="{{ php.sessionid }}" />
|
<input type="hidden" name="session" value="{{ php.sessionid }}" />
|
||||||
<input type="hidden" name="time" value="{{ php.time }}" />
|
<input type="hidden" name="time" value="{{ php.time }}" />
|
||||||
|
<input type="hidden" name="uid" value="{{ auth.userId }}" />
|
||||||
<input type="hidden" name="mode" value="changepassword" />
|
<input type="hidden" name="mode" value="changepassword" />
|
||||||
<div class="profile-field">
|
<div class="profile-field">
|
||||||
<div><h2>Verification Key</h2></div>
|
<div><h2>Verification Key</h2></div>
|
||||||
|
@ -12,7 +13,7 @@
|
||||||
</div>
|
</div>
|
||||||
<div class="profile-field">
|
<div class="profile-field">
|
||||||
<div><h2>New Password</h2></div>
|
<div><h2>New Password</h2></div>
|
||||||
<div style="text-align: center;"><input type="password" name="newpw" placeholder="Your new password, has to be at least 8 characters" class="inputStyling" /></div>
|
<div style="text-align: center;"><input type="password" name="newpw" placeholder="Your new password, using special characters is recommended" class="inputStyling" /></div>
|
||||||
</div>
|
</div>
|
||||||
<div class="profile-field">
|
<div class="profile-field">
|
||||||
<div><h2>Verify Password</h2></div>
|
<div><h2>Verify Password</h2></div>
|
||||||
|
|
|
@ -324,6 +324,20 @@ a.gotop:active {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Header notification thing */
|
||||||
|
.headerNotify {
|
||||||
|
margin: 10px auto;
|
||||||
|
padding: 10px;
|
||||||
|
width: auto;
|
||||||
|
max-width: 1024px;
|
||||||
|
border: 1px solid #9475B2;
|
||||||
|
box-shadow: 0 0 3px #9475B2;
|
||||||
|
border-radius: 3px;
|
||||||
|
background: #D3BFFF;
|
||||||
|
display: block;
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
/* Footer Styling */
|
/* Footer Styling */
|
||||||
.footer {
|
.footer {
|
||||||
box-shadow: 0 0 1em #9475B2;
|
box-shadow: 0 0 1em #9475B2;
|
||||||
|
@ -467,7 +481,7 @@ a.gotop:active {
|
||||||
background: #B19DDD;
|
background: #B19DDD;
|
||||||
}
|
}
|
||||||
.markdown hr {
|
.markdown hr {
|
||||||
background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAYAAAAECAYAAACtBE5DAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMC1jMDYwIDYxLjEzNDc3NywgMjAxMC8wMi8xMi0xNzozMjowMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNSBNYWNpbnRvc2giIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6OENDRjNBN0E2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6OENDRjNBN0I2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDo4Q0NGM0E3ODY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDo4Q0NGM0E3OTY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PqqezsUAAAAfSURBVHjaYmRABcYwBiM2QSA4y4hNEKYDQxAEAAIMAHNGAzhkPOlYAAAAAElFTkSuQmCC') repeat-x scroll 0px 0px transparent;
|
background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAYAAAAECAYAAACtBE5DAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMC1jMDYwIDYxLjEzNDc3NywgMjAxMC8wMi8xMi0xNzozMjowMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNSBNYWNpbnRvc2giIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6OENDRjNBN0E2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6OENDRjNBN0I2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDo4Q0NGM0E3ODY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDo4Q0NGM0E3OTY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PqqezsUAAAAfSURBVHjaYmRABcYwBiM2QSA4y4hNEKYDQxAEAAIMAHNGAzhkPOlYAAAAAElFTkSuQmCC') repeat-x scroll 0 0 transparent;
|
||||||
border: 0 none;
|
border: 0 none;
|
||||||
color: #CCC;
|
color: #CCC;
|
||||||
height: 4px;
|
height: 4px;
|
||||||
|
@ -1240,7 +1254,7 @@ textarea.inputStyling {
|
||||||
background: linear-gradient(0deg, #9475B2 0%, #9475B2 50%, #86A 50%) repeat scroll 0% 0% #9475B2;
|
background: linear-gradient(0deg, #9475B2 0%, #9475B2 50%, #86A 50%) repeat scroll 0% 0% #9475B2;
|
||||||
}
|
}
|
||||||
.recaptcha > .recaptcha_buttons > a:first-child {
|
.recaptcha > .recaptcha_buttons > a:first-child {
|
||||||
border-top-right-radius: 0px;
|
border-top-right-radius: 0;
|
||||||
border-bottom-left-radius: 4px;
|
border-bottom-left-radius: 4px;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,7 +18,7 @@ RewriteRule ^feedback?/?$ http://forum.flash.moe/viewforum.php?f=22
|
||||||
RewriteRule ^credits?/?$ credits.php
|
RewriteRule ^credits?/?$ credits.php
|
||||||
RewriteRule ^index?/?$ index.php
|
RewriteRule ^index?/?$ index.php
|
||||||
RewriteRule ^login?/?$|logout?/?$|activate?/?$|register?/?$|forgotpassword?/?|authenticate?/?$ authenticate.php
|
RewriteRule ^login?/?$|logout?/?$|activate?/?$|register?/?$|forgotpassword?/?|authenticate?/?$ authenticate.php
|
||||||
RewriteRule ^donate?/?$ donate.php
|
RewriteRule ^donate?/?$|support?/?$ support.php
|
||||||
RewriteRule ^contact?/?$ infopage.php?r=contact
|
RewriteRule ^contact?/?$ infopage.php?r=contact
|
||||||
|
|
||||||
## Info pages
|
## Info pages
|
||||||
|
@ -29,6 +29,11 @@ RewriteRule ^news?/?$ news.php
|
||||||
RewriteRule ^news/([0-9]+)$ news.php?id=$1
|
RewriteRule ^news/([0-9]+)$ news.php?id=$1
|
||||||
RewriteRule ^news.xml$ news.php?xml
|
RewriteRule ^news.xml$ news.php?xml
|
||||||
|
|
||||||
|
## Profiles
|
||||||
|
RewriteRule ^u$|u/$ profile.php
|
||||||
|
RewriteRule ^u/([A-Za-z0-9_-\s\.]+)?/?$ profile.php?u=$1
|
||||||
|
RewriteRule ^u/([A-Za-z0-9_-\s\.]+)/api?/?$ profile.php?data
|
||||||
|
|
||||||
# Serving Images
|
# Serving Images
|
||||||
RewriteRule ^a/([0-9]+)$ imageserve.php?m=avatar&u=$1
|
RewriteRule ^a/([0-9]+)$|a/([0-9]+).png$ imageserve.php?m=avatar&u=$1
|
||||||
RewriteRule ^a/([0-9]+).png$ imageserve.php?m=avatar&u=$1
|
RewriteRule ^bg/([0-9]+)$|bg/([0-9]+).png$ imageserve.php?m=background&u=$1
|
||||||
|
|
|
@ -24,7 +24,7 @@ if(isset($_REQUEST['mode'])) {
|
||||||
$renderData['page'] = [
|
$renderData['page'] = [
|
||||||
'title' => 'Action failed',
|
'title' => 'Action failed',
|
||||||
'redirect' => '/authenticate',
|
'redirect' => '/authenticate',
|
||||||
'message' => 'Timestamps differ too much, please try again.',
|
'message' => 'Timestamps differ too much, refresh the page and try again.',
|
||||||
'success' => 0
|
'success' => 0
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -53,9 +53,18 @@ if(isset($_REQUEST['mode'])) {
|
||||||
// Login check
|
// Login check
|
||||||
if(Users::checkLogin()) {
|
if(Users::checkLogin()) {
|
||||||
|
|
||||||
if(!in_array($_REQUEST['mode'], ['logout', 'legacypw']))
|
if(!in_array($_REQUEST['mode'], ['logout', 'legacypw'])) {
|
||||||
$continue = false;
|
$continue = false;
|
||||||
|
|
||||||
|
// Add page specific things
|
||||||
|
$renderData['page'] = [
|
||||||
|
'title' => 'Authentication',
|
||||||
|
'redirect' => '/',
|
||||||
|
'message' => 'You are already authenticated. Redirecting...',
|
||||||
|
'success' => 1
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if($continue) {
|
if($continue) {
|
||||||
|
@ -79,24 +88,53 @@ if(isset($_REQUEST['mode'])) {
|
||||||
|
|
||||||
case 'legacypw':
|
case 'legacypw':
|
||||||
|
|
||||||
|
// Attempt change
|
||||||
|
$legacypass = Users::changeLegacy($_REQUEST['oldpw'], $_REQUEST['newpw'], $_REQUEST['verpw']);
|
||||||
|
|
||||||
|
// Array containing "human understandable" messages
|
||||||
|
$messages = [
|
||||||
|
'USER_NOT_LOGIN' => 'What are you doing, you\'re not even logged in. GO AWAY!',
|
||||||
|
'INCORRECT_PASSWORD' => 'The password you entered was invalid.',
|
||||||
|
'DEACTIVATED' => 'Your account is deactivated.',
|
||||||
|
'NO_LOGIN' => 'Logging into this account is disabled.',
|
||||||
|
'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.',
|
||||||
|
'PASS_NOT_MATCH' => 'Passwords do not match.',
|
||||||
|
'SUCCESS' => 'Successfully changed your password, you may now continue.'
|
||||||
|
];
|
||||||
|
|
||||||
// Add page specific things
|
// Add page specific things
|
||||||
$renderData['page'] = [
|
$renderData['page'] = [
|
||||||
'title' => 'Changing Password',
|
'title' => 'Change Password',
|
||||||
'redirect' => $_SERVER['PHP_SELF'],
|
'redirect' => '/',
|
||||||
'message' => 'yet to be implemented',
|
'message' => $messages[$legacypass[1]],
|
||||||
'success' => 0
|
'success' => $legacypass[0]
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'changepassword':
|
case 'changepassword':
|
||||||
|
|
||||||
|
// Attempt change
|
||||||
|
$passforget = Users::resetPassword($_REQUEST['verk'], $_REQUEST['uid'], $_REQUEST['newpw'], $_REQUEST['verpw']);
|
||||||
|
|
||||||
|
// Array containing "human understandable" messages
|
||||||
|
$messages = [
|
||||||
|
'INVALID_VERK' => 'The verification key supplied was invalid!',
|
||||||
|
'INVALID_CODE' => 'Invalid verification key, if you think this is an error contact the administrator.',
|
||||||
|
'INVALID_USER' => 'The used verification key is not designated for this user.',
|
||||||
|
'VERK_TOO_SHIT' => 'Your verification code is too weak, try adding some special characters.',
|
||||||
|
'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.',
|
||||||
|
'PASS_NOT_MATCH' => 'Passwords do not match.',
|
||||||
|
'SUCCESS' => 'Successfully changed your password, you may now log in.'
|
||||||
|
];
|
||||||
|
|
||||||
// Add page specific things
|
// Add page specific things
|
||||||
$renderData['page'] = [
|
$renderData['page'] = [
|
||||||
'title' => 'Forgot Password',
|
'title' => 'Forgot Password',
|
||||||
'redirect' => $_SERVER['PHP_SELF'],
|
'redirect' => ($passforget[0] ? '/' : $_SERVER['PHP_SELF'] .'?pw=true&uid='. $_REQUEST['uid'] .'&verk='. $_REQUEST['verk']),
|
||||||
'message' => 'Yet to be implemented',
|
'message' => $messages[$passforget[1]],
|
||||||
'success' => 0
|
'success' => $passforget[0]
|
||||||
];
|
];
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
@ -112,7 +150,7 @@ if(isset($_REQUEST['mode'])) {
|
||||||
'USER_NOT_EXIST' => 'The user you tried to activate does not exist.',
|
'USER_NOT_EXIST' => 'The user you tried to activate does not exist.',
|
||||||
'USER_ALREADY_ACTIVE' => 'The user you tried to activate is already active.',
|
'USER_ALREADY_ACTIVE' => 'The user you tried to activate is already active.',
|
||||||
'INVALID_CODE' => 'Invalid activation code, if you think this is an error contact the administrator.',
|
'INVALID_CODE' => 'Invalid activation code, if you think this is an error contact the administrator.',
|
||||||
'INVALID_USER' => 'The used registration code is not designated for this user.',
|
'INVALID_USER' => 'The used activation code is not designated for this user.',
|
||||||
'SUCCESS' => 'Successfully activated your account, you may now log in.'
|
'SUCCESS' => 'Successfully activated your account, you may now log in.'
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -170,7 +208,7 @@ if(isset($_REQUEST['mode'])) {
|
||||||
// Add page specific things
|
// Add page specific things
|
||||||
$renderData['page'] = [
|
$renderData['page'] = [
|
||||||
'title' => 'Login',
|
'title' => 'Login',
|
||||||
'redirect' => ($login[0] ? $_REQUEST['redirect'] : '/authenticate'),
|
'redirect' => ($login[1] == 'LEGACY_SUCCESS' ? '/authenticate?legacy=true' : ($login[0] ? $_REQUEST['redirect'] : '/authenticate')),
|
||||||
'message' => $messages[$login[1]],
|
'message' => $messages[$login[1]],
|
||||||
'success' => $login[0]
|
'success' => $login[0]
|
||||||
];
|
];
|
||||||
|
@ -230,12 +268,23 @@ if(isset($_REQUEST['mode'])) {
|
||||||
// Unforgetting passwords
|
// Unforgetting passwords
|
||||||
case 'forgotpassword':
|
case 'forgotpassword':
|
||||||
|
|
||||||
|
// Attempt send
|
||||||
|
$passforgot = Users::sendPasswordForgot($_REQUEST['username'], $_REQUEST['email']);
|
||||||
|
|
||||||
|
// Array containing "human understandable" messages
|
||||||
|
$messages = [
|
||||||
|
'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.',
|
||||||
|
'USER_NOT_EXIST' => 'The requested user does not exist (confirm the username/email combination).',
|
||||||
|
'DEACTIVATED' => 'Your account is deactivated.',
|
||||||
|
'SUCCESS' => 'The password reset e-mail has been sent to the address associated with your account.'
|
||||||
|
];
|
||||||
|
|
||||||
// Add page specific things
|
// Add page specific things
|
||||||
$renderData['page'] = [
|
$renderData['page'] = [
|
||||||
'title' => 'Forgot Password',
|
'title' => 'Lost Password',
|
||||||
'redirect' => $_SERVER['PHP_SELF'],
|
'redirect' => '/authenticate',
|
||||||
'message' => 'yet to be implemented',
|
'message' => $messages[$passforgot[1]],
|
||||||
'success' => 0
|
'success' => $passforgot[0]
|
||||||
];
|
];
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
@ -279,6 +328,32 @@ $renderData['auth'] = [
|
||||||
]
|
]
|
||||||
];
|
];
|
||||||
|
|
||||||
|
// Check if the user is already logged in
|
||||||
|
if(Users::checkLogin()) {
|
||||||
|
|
||||||
|
// If password forgot things are set display password forget thing
|
||||||
|
if(isset($_REQUEST['legacy']) && $_REQUEST['legacy'] && Users::getUser(Session::$userId)['password_algo'] == 'legacy') {
|
||||||
|
|
||||||
|
$renderData['page']['title'] = 'Changing Password';
|
||||||
|
$renderData['auth']['changingPass'] = true;
|
||||||
|
|
||||||
|
print Templates::render('main/legacypasswordchange.tpl', $renderData);
|
||||||
|
exit;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// Add page specific things
|
||||||
|
$renderData['page'] = [
|
||||||
|
'title' => 'Authentication',
|
||||||
|
'redirect' => '/',
|
||||||
|
'message' => 'You are already logged in, log out to access this page.'
|
||||||
|
];
|
||||||
|
|
||||||
|
print Templates::render('errors/information.tpl', $renderData);
|
||||||
|
exit;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// Check if a user has already registered from the current IP address
|
// Check if a user has already registered from the current IP address
|
||||||
if(count($regUserIP = Users::getUsersByIP(Main::getRemoteIP()))) {
|
if(count($regUserIP = Users::getUsersByIP(Main::getRemoteIP()))) {
|
||||||
|
|
||||||
|
@ -292,8 +367,9 @@ if(count($regUserIP = Users::getUsersByIP(Main::getRemoteIP()))) {
|
||||||
// If password forgot things are set display password forget thing
|
// If password forgot things are set display password forget thing
|
||||||
if(isset($_REQUEST['pw']) && $_REQUEST['pw']) {
|
if(isset($_REQUEST['pw']) && $_REQUEST['pw']) {
|
||||||
|
|
||||||
$renderData['page']['title'] = 'Changing Password';
|
$renderData['page']['title'] = 'Resetting Password';
|
||||||
$renderData['auth']['changingPass'] = true;
|
$renderData['auth']['changingPass'] = true;
|
||||||
|
$renderData['auth']['userId'] = $_REQUEST['uid'];
|
||||||
|
|
||||||
if(isset($_REQUEST['key']))
|
if(isset($_REQUEST['key']))
|
||||||
$renderData['auth']['forgotKey'] = $_REQUEST['key'];
|
$renderData['auth']['forgotKey'] = $_REQUEST['key'];
|
||||||
|
@ -303,24 +379,5 @@ if(isset($_REQUEST['pw']) && $_REQUEST['pw']) {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the user is already logged in
|
|
||||||
if(Users::checkLogin()) {
|
|
||||||
|
|
||||||
// Add page specific things
|
|
||||||
$renderData['page'] = [
|
|
||||||
'title' => 'Authentication',
|
|
||||||
'redirect' => (
|
|
||||||
isset($_SERVER['HTTP_REFERER']) ?
|
|
||||||
$_SERVER['HTTP_REFERER'] :
|
|
||||||
'/'
|
|
||||||
),
|
|
||||||
'message' => 'You are already logged in, log out to access this page.'
|
|
||||||
];
|
|
||||||
|
|
||||||
print Templates::render('errors/information.tpl', $renderData);
|
|
||||||
exit;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
// Print page contents
|
// Print page contents
|
||||||
print Templates::render('main/authenticate.tpl', $renderData);
|
print Templates::render('main/authenticate.tpl', $renderData);
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
<h1>Development Tools</h1>
|
|
||||||
<ul>
|
|
||||||
<li><a href="sql.php">SQL</a>
|
|
||||||
<li><a href="registerData.php">Registration Data</a>
|
|
||||||
</ul>
|
|
|
@ -1,39 +0,0 @@
|
||||||
<?php
|
|
||||||
require_once '../../_sakura/sakura.php';
|
|
||||||
|
|
||||||
if(isset($_POST['submit'])) {
|
|
||||||
|
|
||||||
header('Content-Type: text/plain;charset=utf-8');
|
|
||||||
|
|
||||||
$pass = Sakura\Hashing::create_hash($_POST['password']);
|
|
||||||
|
|
||||||
$regData = [
|
|
||||||
'username' => $_POST['username'],
|
|
||||||
'username_clean' => Sakura\Main::cleanString($_POST['username'], true),
|
|
||||||
'password_hash' => $pass[3],
|
|
||||||
'password_salt' => $pass[2],
|
|
||||||
'password_algo' => $pass[0],
|
|
||||||
'password_iter' => $pass[1],
|
|
||||||
'password_chan' => time(),
|
|
||||||
'email' => Sakura\Main::cleanString($_POST['email'], true),
|
|
||||||
'group_main' => '1',
|
|
||||||
'groups' => json_encode([1]),
|
|
||||||
'register_ip' => Main::getRemoteIP(),
|
|
||||||
'last_ip' => Main::getRemoteIP(),
|
|
||||||
'regdate' => time(),
|
|
||||||
'lastdate' => time(),
|
|
||||||
'lastunamechange' => time(),
|
|
||||||
'profile_data' => json_encode([])
|
|
||||||
];
|
|
||||||
|
|
||||||
print_r($regData);
|
|
||||||
exit;
|
|
||||||
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<form method="post" action="<?=$_SERVER['PHP_SELF'];?>">
|
|
||||||
username: <input type="text" name="username" /><br />
|
|
||||||
password: <input type="password" name="password" /><br />
|
|
||||||
email: <input type="text" name="email" /><br />
|
|
||||||
<input type="submit" name="submit" value="Submit" />
|
|
||||||
</form>
|
|
817
main/dev/sql.php
817
main/dev/sql.php
File diff suppressed because one or more lines are too long
16
main/profile.php
Normal file
16
main/profile.php
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
<?php
|
||||||
|
/*
|
||||||
|
* Sakura User Profiles
|
||||||
|
*/
|
||||||
|
|
||||||
|
// Declare Namespace
|
||||||
|
namespace Sakura;
|
||||||
|
|
||||||
|
// Include components
|
||||||
|
require_once str_replace(basename(__DIR__), '', dirname(__FILE__)) .'_sakura/sakura.php';
|
||||||
|
|
||||||
|
// Catch old profile API and return error
|
||||||
|
if(isset($_REQUEST['data']))
|
||||||
|
die(json_encode(['error' => true]));
|
||||||
|
|
||||||
|
var_dump(@$_REQUEST);
|
Reference in a new issue