rip authenticate.php
This commit is contained in:
parent
aabc983611
commit
9279173528
18 changed files with 256 additions and 537 deletions
|
@ -78,7 +78,7 @@ class ActionCode
|
|||
public static function invalidate($code)
|
||||
{
|
||||
DB::table('actioncodes')
|
||||
->where('code_action', $code)
|
||||
->where('action_code', $code)
|
||||
->delete();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -9,6 +9,9 @@ namespace Sakura\BBcodeDefinitions;
|
|||
|
||||
use JBBCode\CodeDefinition;
|
||||
use JBBCode\ElementNode;
|
||||
use Sakura\Router;
|
||||
use Sakura\User;
|
||||
use Sakura\Utils;
|
||||
|
||||
/**
|
||||
* Username BBcode for JBBCode.
|
||||
|
@ -41,12 +44,13 @@ class User extends CodeDefinition
|
|||
$content = "";
|
||||
|
||||
foreach ($el->getChildren() as $child) {
|
||||
$content .= \Sakura\Utils::cleanString($child->getAsText(), true);
|
||||
$content .= Utils::cleanString($child->getAsText(), true);
|
||||
}
|
||||
|
||||
$user = \Sakura\User::construct($content);
|
||||
$urls = new \Sakura\Urls();
|
||||
$user = User::construct($content);
|
||||
$profile = Router::route('user.profile', $user->id);
|
||||
|
||||
return '<a class="default username" href="' . $urls->format('USER_PROFILE', [$user->id]) . '" style="color: ' . $user->colour . '; text-shadow: 0 0 .3em ' . $user->colour . '; font-weight: bold;">' . $user->username . '</a>';
|
||||
return "<a class='default username' href='{$profile} style='color: {$user->colour};
|
||||
text-shadow: 0 0 .3em {$user->colour}; font-weight: bold;'>{$user->username}</a>";
|
||||
}
|
||||
}
|
||||
|
|
|
@ -428,4 +428,180 @@ class AuthController extends Controller
|
|||
{
|
||||
return Template::render('main/reactivate');
|
||||
}
|
||||
|
||||
public function reactivatePost()
|
||||
{
|
||||
// Preliminarily set registration to failed
|
||||
$success = 0;
|
||||
$redirect = Router::route('auth.reactivate');
|
||||
|
||||
// Check if authentication is disallowed
|
||||
if (Config::get('lock_authentication')) {
|
||||
$message = "You can't request a reactivation at this time, sorry!";
|
||||
|
||||
Template::vars(['page' => compact('success', 'redirect', 'message')]);
|
||||
|
||||
return Template::render('global/information');
|
||||
}
|
||||
|
||||
// Validate session
|
||||
if (!isset($_POST['session']) || $_POST['session'] != session_id()) {
|
||||
$message = "Your session expired, refreshing the page will most likely fix this!";
|
||||
|
||||
Template::vars(['page' => compact('success', 'redirect', 'message')]);
|
||||
|
||||
return Template::render('global/information');
|
||||
}
|
||||
|
||||
// Grab forms
|
||||
$username = isset($_POST['username']) ? Utils::cleanString($_POST['username'], true) : null;
|
||||
$email = isset($_POST['email']) ? Utils::cleanString($_POST['email'], true) : null;
|
||||
|
||||
// Do database request
|
||||
$getUser = DB::table('users')
|
||||
->where('username_clean', $username)
|
||||
->where('email', $email)
|
||||
->get(['user_id']);
|
||||
|
||||
// Check if user exists
|
||||
if (!$getUser) {
|
||||
$message = "User not found! Double check your username and e-mail address!";
|
||||
|
||||
Template::vars(['page' => compact('success', 'redirect', 'message')]);
|
||||
|
||||
return Template::render('global/information');
|
||||
}
|
||||
|
||||
// Create user object
|
||||
$user = User::construct($getUser[0]->user_id);
|
||||
|
||||
// Check if a user is activated
|
||||
if (!$user->permission(Site::DEACTIVATED)) {
|
||||
$message = "Your account is already activated! Why are you here?";
|
||||
|
||||
Template::vars(['page' => compact('success', 'redirect', 'message')]);
|
||||
|
||||
return Template::render('global/information');
|
||||
}
|
||||
|
||||
// Send activation e-mail to user
|
||||
Users::sendActivationMail($user->id);
|
||||
|
||||
$success = 1;
|
||||
$redirect = Router::route('auth.login');
|
||||
$message = "Sent the e-mail! Make sure to check your spam folder as well!";
|
||||
|
||||
Template::vars(['page' => compact('success', 'redirect', 'message')]);
|
||||
|
||||
return Template::render('global/information');
|
||||
}
|
||||
|
||||
public function resetPasswordGet()
|
||||
{
|
||||
return Template::render('main/resetpassword');
|
||||
}
|
||||
|
||||
public function resetPasswordPost()
|
||||
{
|
||||
// Preliminarily set action to failed
|
||||
$success = 0;
|
||||
$redirect = Router::route('main.index');
|
||||
|
||||
// Check if authentication is disallowed
|
||||
if (Config::get('lock_authentication')) {
|
||||
$message = "You can't request a reactivation at this time, sorry!";
|
||||
|
||||
Template::vars(['page' => compact('success', 'redirect', 'message')]);
|
||||
|
||||
return Template::render('global/information');
|
||||
}
|
||||
|
||||
// Validate session
|
||||
if (!isset($_POST['session']) || $_POST['session'] != session_id()) {
|
||||
$message = "Your session expired, refreshing the page will most likely fix this!";
|
||||
|
||||
Template::vars(['page' => compact('success', 'redirect', 'message')]);
|
||||
|
||||
return Template::render('global/information');
|
||||
}
|
||||
|
||||
// Attempt to get the various required GET parameters
|
||||
$userId = isset($_POST['user']) ? $_POST['user'] : 0;
|
||||
$key = isset($_POST['key']) ? $_POST['key'] : "";
|
||||
$password = isset($_POST['password']) ? $_POST['password'] : "";
|
||||
$userName = isset($_POST['username']) ? Utils::cleanString($_POST['username'], true) : "";
|
||||
$email = isset($_POST['email']) ? Utils::cleanString($_POST['email'], true) : null;
|
||||
|
||||
// Create user object
|
||||
$user = User::construct($userId ? $userId : $userName);
|
||||
|
||||
// Quit if the user ID is 0
|
||||
if ($user->id === 0 || ($email !== null ? $email !== $user->email : false)) {
|
||||
$message = "This user does not exist! Contact us if you think this isn't right.";
|
||||
|
||||
Template::vars(['page' => compact('success', 'redirect', 'message')]);
|
||||
|
||||
return Template::render('global/information');
|
||||
}
|
||||
|
||||
// Check if the user is active
|
||||
if ($user->permission(Site::DEACTIVATED)) {
|
||||
$message = "Your account is deactivated, go activate it first...";
|
||||
|
||||
Template::vars(['page' => compact('success', 'redirect', 'message')]);
|
||||
|
||||
return Template::render('global/information');
|
||||
}
|
||||
|
||||
if ($key && $password) {
|
||||
// Check password entropy
|
||||
if (Utils::pwdEntropy($password) < Config::get('min_entropy')) {
|
||||
$message = "Your password doesn't meet the strength requirements!";
|
||||
|
||||
Template::vars(['page' => compact('success', 'redirect', 'message')]);
|
||||
|
||||
return Template::render('global/information');
|
||||
}
|
||||
|
||||
// Validate the activation key
|
||||
$action = ActionCode::validate('LOST_PASS', $key, $user->id);
|
||||
|
||||
if (!$action) {
|
||||
$message = "Invalid verification code! Contact us if you think this isn't right.";
|
||||
|
||||
Template::vars(['page' => compact('success', 'redirect', 'message')]);
|
||||
|
||||
return Template::render('global/information');
|
||||
}
|
||||
|
||||
// Hash the password
|
||||
$pw = Hashing::createHash($password);
|
||||
|
||||
// Update the user
|
||||
DB::table('users')
|
||||
->where('user_id', $user->id)
|
||||
->update([
|
||||
'password_hash' => $pw[3],
|
||||
'password_salt' => $pw[2],
|
||||
'password_algo' => $pw[0],
|
||||
'password_iter' => $pw[1],
|
||||
'password_chan' => time(),
|
||||
]);
|
||||
|
||||
$success = 1;
|
||||
$message = "Changed your password! You may now log in.";
|
||||
$redirect = Router::route('auth.login');
|
||||
} else {
|
||||
// Send e-mail
|
||||
Users::sendPasswordForgot($user->id, $user->email);
|
||||
|
||||
$success = 1;
|
||||
$message = "Sent the e-mail, keep an eye on your spam folder as well!";
|
||||
$redirect = Router::route('main.index');
|
||||
}
|
||||
|
||||
Template::vars(['page' => compact('success', 'redirect', 'message')]);
|
||||
|
||||
return Template::render('global/information');
|
||||
}
|
||||
}
|
||||
|
|
|
@ -36,7 +36,10 @@ class ForumController extends Controller
|
|||
Template::vars([
|
||||
'forum' => (new Forum()),
|
||||
'stats' => [
|
||||
'userCount' => DB::table('users')->where('password_algo', '!=', 'disabled')->whereNotIn('rank_main', [1, 10])->count(),
|
||||
'userCount' => DB::table('users')
|
||||
->where('password_algo', '!=', 'disabled')
|
||||
->whereNotIn('rank_main', [1, 10])
|
||||
->count(),
|
||||
'newestUser' => User::construct(Users::getNewestUserId()),
|
||||
'lastRegDate' => date_diff(
|
||||
date_create(date('Y-m-d', User::construct(Users::getNewestUserId())->registered)),
|
||||
|
|
|
@ -627,7 +627,7 @@ class User
|
|||
->count();
|
||||
|
||||
// And the other user
|
||||
$user = DB::table('friends')
|
||||
$friend = DB::table('friends')
|
||||
->where('user_id', $with)
|
||||
->where('friend_id', $this->id)
|
||||
->count();
|
||||
|
@ -935,7 +935,7 @@ class User
|
|||
return [0];
|
||||
}
|
||||
|
||||
$getRecord[0] = $getRecord;
|
||||
$getRecord = $getRecord[0];
|
||||
|
||||
// Check if the Tenshi hasn't expired
|
||||
if ($getRecord->premium_expire < time()) {
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
namespace Sakura;
|
||||
|
||||
use Sakura\Perms\Site;
|
||||
use Sakura\Router;
|
||||
|
||||
/**
|
||||
* User management
|
||||
|
@ -101,211 +102,86 @@ class Users
|
|||
/**
|
||||
* Send password forgot e-mail
|
||||
*
|
||||
* @param string $username The username.
|
||||
* @param string $userId The user id.
|
||||
* @param string $email The e-mail.
|
||||
*
|
||||
* @return array The status.
|
||||
*/
|
||||
public static function sendPasswordForgot($username, $email)
|
||||
public static function sendPasswordForgot($userId, $email)
|
||||
{
|
||||
// Check if authentication is disallowed
|
||||
if (Config::get('lock_authentication')) {
|
||||
return [0, 'AUTH_LOCKED'];
|
||||
}
|
||||
$user = User::construct($userId);
|
||||
|
||||
// Clean username string
|
||||
$usernameClean = Utils::cleanString($username, true);
|
||||
$emailClean = Utils::cleanString($email, true);
|
||||
|
||||
// Do database request
|
||||
$user = DB::table('users')
|
||||
->where('username_clean', $usernameClean)
|
||||
->where(':email', $emailClean)
|
||||
->get(['user_id']);
|
||||
|
||||
// Check if user exists
|
||||
if (count($user) < 1) {
|
||||
return [0, 'USER_NOT_EXIST'];
|
||||
}
|
||||
|
||||
$userObj = User::construct($user[0]->user_id);
|
||||
|
||||
// Check if the user has the required privs to log in
|
||||
if ($userObj->permission(Site::DEACTIVATED)) {
|
||||
return [0, 'NOT_ALLOWED'];
|
||||
if (!$user->id || $user->permission(Site::DEACTIVATED)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Generate the verification key
|
||||
$verk = ActionCode::generate('LOST_PASS', $userObj->id);
|
||||
$verk = ActionCode::generate('LOST_PASS', $user->id);
|
||||
|
||||
// Create new urls object
|
||||
$urls = new Urls();
|
||||
$siteName = Config::get('sitename');
|
||||
$baseUrl = "http://" . Config::get('url_main');
|
||||
$reactivateLink = Router::route('auth.resetpassword') . "?u={$user->id}&k={$verk}";
|
||||
$signature = Config::get('mail_signature');
|
||||
|
||||
// Build the e-mail
|
||||
$message = "Hello " . $user['username'] . ",\r\n\r\n";
|
||||
$message .= "You are receiving this notification because you have (or someone pretending to be you has) requested a password reset link to be sent for your account on \"" . Config::get('sitename') . "\". If you did not request this notification then please ignore it, if you keep receiving it please contact the site administrator.\r\n\r\n";
|
||||
$message .= "To use this password reset key you need to go to a special page. To do this click the link provided below.\r\n\r\n";
|
||||
$message .= "http://" . Config::get('url_main') . $urls->format('SITE_FORGOT_PASSWORD') . "?pw=true&uid=" . $user['user_id'] . "&key=" . $verk . "\r\n\r\n";
|
||||
$message .= "If successful you should be able to change your password here.\r\n\r\n";
|
||||
$message .= "Alternatively if the above method fails for some reason you can go to http://" . Config::get('url_main') . $urls->format('SITE_FORGOT_PASSWORD') . "?pw=true&uid=" . $user['user_id'] . " and use the key listed below:\r\n\r\n";
|
||||
$message .= "Verification key: " . $verk . "\r\n\r\n";
|
||||
$message .= "You can of course change this password yourself via the profile page. If you have any difficulties please contact the site administrator.\r\n\r\n";
|
||||
$message .= "--\r\n\r\nThanks\r\n\r\n" . Config::get('mail_signature');
|
||||
$message = "Hello {$user->username},\r\n\r\n"
|
||||
. "You are receiving this notification because you have (or someone pretending to be you has)"
|
||||
. " requested a password reset link to be sent for your account on \"{$siteName}\"."
|
||||
. " If you did not request this notification then please ignore it,"
|
||||
. " if you keep receiving it please contact the site administrator.\r\n\r\n"
|
||||
. "To use this password reset key you need to go to a special page."
|
||||
. " To do this click the link provided below.\r\n\r\n"
|
||||
. "{$baseUrl}{$reactivateLink}\r\n\r\n"
|
||||
. "If successful you should be able to change your password here.\r\n\r\n"
|
||||
. "You can of course change this password yourself via the settings page."
|
||||
. " If you have any difficulties please contact the site administrator.\r\n\r\n"
|
||||
. "--\r\n\r\nThanks\r\n\r\n{$signature}";
|
||||
|
||||
// Send the message
|
||||
Utils::sendMail([$user['email'] => $user['username']], Config::get('sitename') . ' password restoration', $message);
|
||||
|
||||
// Return success
|
||||
return [1, 'SUCCESS'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Reset a password.
|
||||
*
|
||||
* @param string $verk The e-mail verification key.
|
||||
* @param int $uid The user id.
|
||||
* @param string $newpass New pass.
|
||||
* @param string $verpass Again.
|
||||
*
|
||||
* @return array Status.
|
||||
*/
|
||||
public static function resetPassword($verk, $uid, $newpass, $verpass)
|
||||
{
|
||||
// Check if authentication is disallowed
|
||||
if (Config::get('lock_authentication')) {
|
||||
return [0, 'AUTH_LOCKED'];
|
||||
}
|
||||
|
||||
// Check password entropy
|
||||
if (Utils::pwdEntropy($newpass) < Config::get('min_entropy')) {
|
||||
return [0, 'PASS_TOO_SHIT'];
|
||||
}
|
||||
|
||||
// Passwords do not match
|
||||
if ($newpass != $verpass) {
|
||||
return [0, 'PASS_NOT_MATCH'];
|
||||
}
|
||||
|
||||
// Check the verification key
|
||||
$action = ActionCode::validate('LOST_PASS', $verk, $uid);
|
||||
|
||||
// Check if we got a negative return
|
||||
if (!$action) {
|
||||
return [0, 'INVALID_CODE'];
|
||||
}
|
||||
|
||||
// Hash the password
|
||||
$password = Hashing::createHash($newpass);
|
||||
|
||||
// Update the user
|
||||
DB::table('users')
|
||||
->where('user_id', $uid)
|
||||
->update([
|
||||
'password_hash' => $password[3],
|
||||
'password_salt' => $password[2],
|
||||
'password_algo' => $password[0],
|
||||
'password_iter' => $password[1],
|
||||
'password_chan' => time(),
|
||||
]);
|
||||
|
||||
// Return success
|
||||
return [1, 'SUCCESS'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Resend activation e-mail.
|
||||
*
|
||||
* @param string $username Username.
|
||||
* @param string $email E-mail.
|
||||
*
|
||||
* @return array Status
|
||||
*/
|
||||
public static function resendActivationMail($username, $email)
|
||||
{
|
||||
// Check if authentication is disallowed
|
||||
if (Config::get('lock_authentication')) {
|
||||
return [0, 'AUTH_LOCKED'];
|
||||
}
|
||||
|
||||
// Clean username string
|
||||
$usernameClean = Utils::cleanString($username, true);
|
||||
$emailClean = Utils::cleanString($email, true);
|
||||
|
||||
// Do database request
|
||||
$user = DB::table('users')
|
||||
->where('username_clean', $usernameClean)
|
||||
->where(':email', $emailClean)
|
||||
->get(['user_id']);
|
||||
|
||||
// Check if user exists
|
||||
if (count($user) < 1) {
|
||||
return [0, 'USER_NOT_EXIST'];
|
||||
}
|
||||
|
||||
$userObj = User::construct($user[0]->user_id);
|
||||
|
||||
// Check if a user is activated
|
||||
if (!$userObj->permission(Site::DEACTIVATED)) {
|
||||
return [0, 'USER_ALREADY_ACTIVE'];
|
||||
}
|
||||
|
||||
// Send activation e-mail
|
||||
self::sendActivationMail($userObj->id);
|
||||
|
||||
// Return success
|
||||
return [1, 'SUCCESS'];
|
||||
Utils::sendMail([$user->email => $user->username], "{$siteName} password restoration", $message);
|
||||
}
|
||||
|
||||
/**
|
||||
* Send activation e-mail.
|
||||
*
|
||||
* @param mixed $uid User ID.
|
||||
* @param mixed $userId User ID.
|
||||
* @param mixed $customKey Key.
|
||||
*
|
||||
* @return bool Always true.
|
||||
*/
|
||||
public static function sendActivationMail($uid, $customKey = null)
|
||||
public static function sendActivationMail($userId, $customKey = null)
|
||||
{
|
||||
|
||||
// Get the user data
|
||||
$user = User::construct($uid);
|
||||
$user = User::construct($userId);
|
||||
|
||||
// User is already activated or doesn't even exist
|
||||
if (!$user->id || !$user->permission(Site::DEACTIVATED)) {
|
||||
return false;
|
||||
return;
|
||||
}
|
||||
|
||||
// Generate activation key
|
||||
$activate = ActionCode::generate('ACTIVATE', $user->id);
|
||||
|
||||
// Create new urls object
|
||||
$urls = new Urls();
|
||||
$siteName = Config::get('sitename');
|
||||
$baseUrl = "http://" . Config::get('url_main');
|
||||
$activateLink = Router::route('auth.activate') . "?u={$user->id}&k={$activate}";
|
||||
$profileLink = Router::route('user.profile', $user->id);
|
||||
$signature = Config::get('mail_signature');
|
||||
|
||||
// Build the e-mail
|
||||
$message = "Welcome to " . Config::get('sitename') . "!\r\n\r\n";
|
||||
$message .= "Please keep this e-mail for your records. Your account intormation is as follows:\r\n\r\n";
|
||||
$message .= "----------------------------\r\n\r\n";
|
||||
$message .= "Username: " . $user->username . "\r\n\r\n";
|
||||
$message .= "Your profile: http://" . Config::get('url_main') . $urls->format('USER_PROFILE', [$user->id]) . "\r\n\r\n";
|
||||
$message .= "----------------------------\r\n\r\n";
|
||||
$message .= "Please visit the following link in order to activate your account:\r\n\r\n";
|
||||
$message .= "http://" . Config::get('url_main') . $urls->format('SITE_ACTIVATE') . "?mode=activate&u=" . $user->id . "&k=" . $activate . "\r\n\r\n";
|
||||
$message .= "Your password has been securely stored in our database and cannot be retrieved. ";
|
||||
$message .= "In the event that it is forgotten, you will be able to reset it using the email address associated with your account.\r\n\r\n";
|
||||
$message .= "Thank you for registering.\r\n\r\n";
|
||||
$message .= "--\r\n\r\nThanks\r\n\r\n" . Config::get('mail_signature');
|
||||
$message = "Welcome to {$siteName}!\r\n\r\n"
|
||||
. "Please keep this e-mail for your records. Your account intormation is as follows:\r\n\r\n"
|
||||
. "----------------------------\r\n\r\n"
|
||||
. "Username: {$user->username}\r\n\r\n"
|
||||
. "Your profile: {$baseUrl}{$profileLink}\r\n\r\n"
|
||||
. "----------------------------\r\n\r\n"
|
||||
. "Please visit the following link in order to activate your account:\r\n\r\n"
|
||||
. "{$baseUrl}{$activateLink}\r\n\r\n"
|
||||
. "Your password has been securely stored in our database and cannot be retrieved. "
|
||||
. "In the event that it is forgotten,"
|
||||
. " you will be able to reset it using the email address associated with your account.\r\n\r\n"
|
||||
. "Thank you for registering.\r\n\r\n"
|
||||
. "--\r\n\r\nThanks\r\n\r\n{$signature}";
|
||||
|
||||
// Send the message
|
||||
Utils::sendMail(
|
||||
[
|
||||
$user->email => $user->username,
|
||||
],
|
||||
Config::get('sitename') . ' Activation Mail',
|
||||
$message
|
||||
);
|
||||
|
||||
// Return true indicating that the things have been sent
|
||||
return true;
|
||||
Utils::sendMail([$user->email => $user->username], "{$siteName} activation mail", $message);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -1,20 +0,0 @@
|
|||
<IfModule mod_rewrite.c>
|
||||
<IfModule mod_negotiation.c>
|
||||
Options -MultiViews
|
||||
</IfModule>
|
||||
|
||||
RewriteEngine On
|
||||
|
||||
# Redirect Trailing Slashes If Not A Folder...
|
||||
RewriteCond %{REQUEST_FILENAME} !-d
|
||||
RewriteRule ^(.*)/$ /$1 [L,R=301]
|
||||
|
||||
# Handle Front Controller...
|
||||
RewriteCond %{REQUEST_FILENAME} !-d
|
||||
RewriteCond %{REQUEST_FILENAME} !-f
|
||||
RewriteRule ^ index.php [L]
|
||||
|
||||
# Handle Authorization Header
|
||||
RewriteCond %{HTTP:Authorization} .
|
||||
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
||||
</IfModule>
|
|
@ -1,216 +0,0 @@
|
|||
<?php
|
||||
/*
|
||||
* Sakura Authentication Page
|
||||
*/
|
||||
|
||||
// Declare Namespace
|
||||
namespace Sakura;
|
||||
|
||||
// Include components
|
||||
require_once str_replace(basename(__DIR__), '', dirname(__FILE__)) . 'sakura.php';
|
||||
|
||||
// Page actions
|
||||
if (isset($_REQUEST['mode'])) {
|
||||
// Continue
|
||||
$continue = true;
|
||||
|
||||
// Make sure we're not in activate mode since adding a timestamp
|
||||
// and accessing the PHP session id is kind of hard when you're in an e-mail client
|
||||
if (!isset($_REQUEST['mode']) || $_REQUEST['mode'] != 'activate') {
|
||||
// Compare time and session so we know the link isn't forged
|
||||
if (!isset($_REQUEST['time']) || $_REQUEST['time'] < time() - 1000) {
|
||||
$renderData['page'] = [
|
||||
'redirect' => $urls->format('AUTH_ACTION'),
|
||||
'message' => 'Timestamps differ too much, refresh the page and try again.',
|
||||
'success' => 0,
|
||||
];
|
||||
|
||||
// Prevent
|
||||
$continue = false;
|
||||
}
|
||||
|
||||
// Match session ids for the same reason
|
||||
if (!isset($_REQUEST['session']) || $_REQUEST['session'] != session_id()) {
|
||||
$renderData['page'] = [
|
||||
'redirect' => $urls->format('AUTH_ACTION'),
|
||||
'message' => 'Invalid session, please try again.',
|
||||
'success' => 0,
|
||||
];
|
||||
|
||||
// Prevent
|
||||
$continue = false;
|
||||
}
|
||||
}
|
||||
|
||||
// Login check
|
||||
if (Users::checkLogin()) {
|
||||
if (!in_array($_REQUEST['mode'], ['logout'])) {
|
||||
$continue = false;
|
||||
|
||||
// Add page specific things
|
||||
$renderData['page'] = [
|
||||
'redirect' => $urls->format('SITE_HOME'),
|
||||
'message' => 'You are already authenticated. Redirecting...',
|
||||
'success' => 1,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
if ($continue) {
|
||||
switch ($_REQUEST['mode']) {
|
||||
case 'changepassword':
|
||||
// Attempt change
|
||||
$passforget = Users::resetPassword(
|
||||
$_REQUEST['verk'],
|
||||
$_REQUEST['uid'],
|
||||
$_REQUEST['newpw'],
|
||||
$_REQUEST['verpw']
|
||||
);
|
||||
|
||||
// Array containing "human understandable" messages
|
||||
$messages = [
|
||||
'INVALID_VERK' => 'The verification key supplied was invalid!',
|
||||
'INVALID_CODE' => 'Invalid verification key, if you think this is an error contact the administrator.',
|
||||
'INVALID_USER' => 'The used verification key is not designated for this user.',
|
||||
'VERK_TOO_SHIT' => 'Your verification code is too weak, try adding some special characters.',
|
||||
'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.',
|
||||
'PASS_NOT_MATCH' => 'Passwords do not match.',
|
||||
'SUCCESS' => 'Successfully changed your password, you may now log in.',
|
||||
];
|
||||
|
||||
// Add page specific things
|
||||
$renderData['page'] = [
|
||||
'redirect' => (
|
||||
$passforget[0] ?
|
||||
$urls->format('SITE_LOGIN') :
|
||||
$_SERVER['PHP_SELF'] . '?pw=true&uid=' . $_REQUEST['uid'] . '&verk=' . $_REQUEST['verk']
|
||||
),
|
||||
'message' => $messages[$passforget[1]],
|
||||
'success' => $passforget[0],
|
||||
];
|
||||
break;
|
||||
|
||||
// Resending the activation e-mail
|
||||
case 'resendactivemail':
|
||||
// Attempt send
|
||||
$resend = Users::resendActivationMail($_REQUEST['username'], $_REQUEST['email']);
|
||||
|
||||
// Array containing "human understandable" messages
|
||||
$messages = [
|
||||
'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.',
|
||||
'USER_NOT_EXIST' => 'The user you tried to activate does not exist (confirm the username/email combination).',
|
||||
'USER_ALREADY_ACTIVE' => 'The user you tried to activate is already active.',
|
||||
'SUCCESS' => 'The activation e-mail has been sent to the address associated with your account.',
|
||||
];
|
||||
|
||||
// Add page specific things
|
||||
$renderData['page'] = [
|
||||
'redirect' => $urls->format('SITE_HOME'),
|
||||
'message' => $messages[$resend[1]],
|
||||
'success' => $resend[0],
|
||||
];
|
||||
break;
|
||||
|
||||
// Unforgetting passwords
|
||||
case 'forgotpassword':
|
||||
// Attempt send
|
||||
$passforgot = Users::sendPasswordForgot($_REQUEST['username'], $_REQUEST['email']);
|
||||
|
||||
// Array containing "human understandable" messages
|
||||
$messages = [
|
||||
'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.',
|
||||
'USER_NOT_EXIST' => 'The requested user does not exist (confirm the username/email combination).',
|
||||
'NOT_ALLOWED' => 'Your account does not have the required permissions to change your password.',
|
||||
'SUCCESS' => 'The password reset e-mail has been sent to the address associated with your account.',
|
||||
];
|
||||
|
||||
// Add page specific things
|
||||
$renderData['page'] = [
|
||||
'redirect' => $urls->format('SITE_FORGOT_PASSWORD'),
|
||||
'message' => $messages[$passforgot[1]],
|
||||
'success' => $passforgot[0],
|
||||
];
|
||||
break;
|
||||
|
||||
case 'logout':
|
||||
$renderData['page'] = [
|
||||
'redirect' => Router::route('main.index'),
|
||||
'message' => 'Wrong logout page.',
|
||||
'success' => 0,
|
||||
];
|
||||
break;
|
||||
|
||||
case 'login':
|
||||
$renderData['page'] = [
|
||||
'redirect' => Router::route('auth.login'),
|
||||
'message' => 'Wrong login page.',
|
||||
'success' => 0,
|
||||
];
|
||||
break;
|
||||
|
||||
case 'register':
|
||||
$renderData['page'] = [
|
||||
'redirect' => Router::route('auth.register'),
|
||||
'message' => 'Wrong registration page.',
|
||||
'success' => 0,
|
||||
];
|
||||
break;
|
||||
|
||||
case 'activate':
|
||||
$renderData['page'] = [
|
||||
'redirect' => Router::route('auth.activate'),
|
||||
'message' => 'Wrong activation page.',
|
||||
'success' => 0,
|
||||
];
|
||||
break;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
// Print page contents or if the AJAX request is set only display the render data
|
||||
if (isset($_REQUEST['ajax'])) {
|
||||
echo $renderData['page']['message'] . '|' .
|
||||
$renderData['page']['success'] . '|' .
|
||||
$renderData['page']['redirect'];
|
||||
} else {
|
||||
Template::vars($renderData);
|
||||
echo Template::render('global/information');
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
// Add page specific things
|
||||
$renderData['auth'] = [
|
||||
'redirect' => isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('SITE_HOME'),
|
||||
];
|
||||
|
||||
// Check if the user is already logged in
|
||||
if (Users::checkLogin()) {
|
||||
// Add page specific things
|
||||
$renderData['page'] = [
|
||||
'redirect' => $urls->format('SITE_HOME'),
|
||||
'message' => 'You are already logged in, log out to access this page.',
|
||||
];
|
||||
|
||||
Template::vars($renderData);
|
||||
echo Template::render('global/information');
|
||||
exit;
|
||||
}
|
||||
|
||||
// If password forgot things are set display password forget thing
|
||||
if (isset($_REQUEST['pw']) && $_REQUEST['pw']) {
|
||||
$renderData['auth']['changingPass'] = true;
|
||||
$renderData['auth']['userId'] = $_REQUEST['uid'];
|
||||
|
||||
if (isset($_REQUEST['key'])) {
|
||||
$renderData['auth']['forgotKey'] = $_REQUEST['key'];
|
||||
}
|
||||
|
||||
Template::vars($renderData);
|
||||
echo Template::render('main/forgotpassword');
|
||||
exit;
|
||||
}
|
||||
|
||||
// Print page contents
|
||||
Template::vars($renderData);
|
||||
echo Template::render('main/authenticate');
|
|
@ -7,6 +7,7 @@
|
|||
namespace Sakura;
|
||||
|
||||
use Sakura\Perms\Site;
|
||||
use Sakura\Router;
|
||||
|
||||
// If this we're requesting notifications this page won't require templating
|
||||
if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notifications']) {
|
||||
|
@ -99,7 +100,7 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
|
|||
exit;
|
||||
} elseif (isset($_REQUEST['comment-action']) && $_REQUEST['comment-action']) {
|
||||
// Referrer
|
||||
$redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('SITE_INDEX'));
|
||||
$redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : Router::route('main.index'));
|
||||
|
||||
// Continue
|
||||
$continue = true;
|
||||
|
@ -278,7 +279,7 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
|
|||
$continue = true;
|
||||
|
||||
// Referrer
|
||||
$redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $urls->format('SITE_INDEX'));
|
||||
$redirect = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : Router::route('main.index'));
|
||||
|
||||
// Compare time and session so we know the link isn't forged
|
||||
if (!isset($_REQUEST['add']) && !isset($_REQUEST['remove'])) {
|
||||
|
@ -382,8 +383,8 @@ if (isset($_REQUEST['request-notifications']) && $_REQUEST['request-notification
|
|||
sprintf($notifStrings[$action[1]][0], $user->username),
|
||||
$notifStrings[$action[1]][1],
|
||||
60000,
|
||||
$urls->format('IMAGE_AVATAR', [$user->id]),
|
||||
$urls->format('USER_PROFILE', [$user->id]),
|
||||
Router::route('file.avatar', $user->id),
|
||||
Router::route('user.profile', $user->id),
|
||||
'1'
|
||||
);
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
namespace Sakura;
|
||||
|
||||
// Define Sakura version
|
||||
define('SAKURA_VERSION', '20160317');
|
||||
define('SAKURA_VERSION', '20160319');
|
||||
|
||||
// Define Sakura Path
|
||||
define('ROOT', __DIR__ . '/');
|
||||
|
@ -51,11 +51,6 @@ spl_autoload_register(function ($className) {
|
|||
require_once ROOT . $className . '.php';
|
||||
});
|
||||
|
||||
// Include database extensions
|
||||
foreach (glob(ROOT . 'libraries/DBWrapper/*.php') as $driver) {
|
||||
require_once $driver;
|
||||
}
|
||||
|
||||
// Set Error handler
|
||||
set_error_handler(['Sakura\Utils', 'errorHandler']);
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<div class="head">Welcome!</div>
|
||||
Welcome to Flashii! This is a site for a bunch of friends to hang out, nothing special. Anyone is pretty much welcome to register so why not have a go?
|
||||
<div class="indexSidePanelLinks">
|
||||
<a class="fa fa-magic" href="{{ urls.format('SITE_REGISTER') }}" title="Register" id="indexSidePanelRegister"></a>
|
||||
<a class="fa fa-magic" href="{{ route('auth.register') }}" title="Register" id="indexSidePanelRegister"></a>
|
||||
<a class="fa fa-sign-in" href="{{ route('auth.login') }}" title="Login" id="indexSidePanelLogin"></a>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
<div class="subforums">
|
||||
Subforums:
|
||||
{% for forum in forum.forums %}
|
||||
{% if forum.unread(user.id) %}<span style="font-variant: small-caps; color: #6C5D7B; text-shadow: 0px 0px 5px #9475B2;">[!]</span>{% endif %} <a href="{% if forum.type == 2 %}{{ forum.link }}{% else %}{{ urls.format('FORUM_SUB', [forum.id]) }}{% endif %}" class="default">{{ forum.name }}</a>
|
||||
{% if forum.unread(user.id) %}<span style="font-variant: small-caps; color: #6C5D7B; text-shadow: 0px 0px 5px #9475B2;">[!]</span>{% endif %} <a href="{% if forum.type == 2 %}{{ forum.link }}{% else %}{{ route('forums.forum', forum.id) }}{% endif %}" class="default">{{ forum.name }}</a>
|
||||
{% endfor %}
|
||||
</div>
|
||||
{% endif %}
|
||||
|
@ -23,8 +23,8 @@
|
|||
<div class="forumLastPost">
|
||||
<div>
|
||||
{% if forum.lastPost.id %}
|
||||
<a href="{{ urls.format('FORUM_THREAD', [forum.lastPost.thread]) }}" class="default">{{ forum.lastPost.subject|slice(0, 30) }}{% if forum.lastPost.subject|length > 30 %}...{% endif %}</a><br />
|
||||
<time>{{ forum.lastPost.time|date(sakura.dateFormat) }}</time> by {% if forum.lastPost.poster.id %}<a href="{{ urls.format('USER_PROFILE', [forum.lastPost.poster.id]) }}" class="default" style="color: {{ forum.lastPost.poster.colour }}; text-shadow: 0 0 5px {% if forumlastPost.poster.colour != 'inherit' %}{{ forum.lastPost.poster.colour }}{% else %}#222{% endif %};">{{ forum.lastPost.poster.username }}</a>{% else %}[deleted user]{% endif %} <a href="{{ urls.format('FORUM_POST', [forum.lastPost.id]) }}#p{{ forum.lastPost.id }}" class="default fa fa-tag"></a>
|
||||
<a href="{{ route('forums.thread', forum.lastPost.thread) }}" class="default">{{ forum.lastPost.subject|slice(0, 30) }}{% if forum.lastPost.subject|length > 30 %}...{% endif %}</a><br />
|
||||
<time>{{ forum.lastPost.time|date(sakura.dateFormat) }}</time> by {% if forum.lastPost.poster.id %}<a href="{{ route('user.profile', forum.lastPost.poster.id) }}" class="default" style="color: {{ forum.lastPost.poster.colour }}; text-shadow: 0 0 5px {% if forumlastPost.poster.colour != 'inherit' %}{{ forum.lastPost.poster.colour }}{% else %}#222{% endif %};">{{ forum.lastPost.poster.username }}</a>{% else %}[deleted user]{% endif %} <a href="{{ urls.format('FORUM_POST', [forum.lastPost.id]) }}#p{{ forum.lastPost.id }}" class="default fa fa-tag"></a>
|
||||
{% else %}
|
||||
There are no posts in this forum.<br />
|
||||
{% endif %}
|
||||
|
|
|
@ -1,70 +0,0 @@
|
|||
{% extends 'global/master.twig' %}
|
||||
|
||||
{% block title %}Authentication{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
{% if sakura.lockAuth %}
|
||||
<h1 class="stylised" style="line-height: 1.8em; text-align: center;">Authentication is currently disallowed, try again later.</h1>
|
||||
{% else %}
|
||||
<div class="loginPage">
|
||||
<div class="passwordForm">
|
||||
<div class="head">
|
||||
Lost Password
|
||||
</div>
|
||||
<form method="post" action="{{ urls.format('AUTH_ACTION') }}" id="passwordForm">
|
||||
<input type="hidden" name="mode" value="forgotpassword" />
|
||||
<input type="hidden" name="session" value="{{ php.sessionid }}" />
|
||||
<input type="hidden" name="time" value="{{ php.time }}" />
|
||||
<div class="leftAlign">
|
||||
<label for="forgotUserName">Username:</label>
|
||||
</div>
|
||||
<div class="centreAlign">
|
||||
<input class="inputStyling" type="text" id="forgotUserName" name="username" />
|
||||
</div>
|
||||
<div class="leftAlign">
|
||||
<label for="forgotEmail">E-mail:</label>
|
||||
</div>
|
||||
<div class="centreAlign">
|
||||
<input class="inputStyling" type="text" id="forgotEmail" name="email" />
|
||||
</div>
|
||||
<div class="centreAlign">
|
||||
<input class="inputStyling" type="submit" name="submit" value="Request Password" id="requestPassBtn" />
|
||||
</div>
|
||||
<div class="subLinks centreAlign">
|
||||
Contact us if you lost access to your e-mail address!
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
{% if sakura.requireActivation %}
|
||||
<div class="resendForm">
|
||||
<div class="head">
|
||||
Resend Activation E-mail
|
||||
</div>
|
||||
<form method="post" action="{{ urls.format('AUTH_ACTION') }}" id="resendForm">
|
||||
<input type="hidden" name="mode" value="resendactivemail" />
|
||||
<input type="hidden" name="session" value="{{ php.sessionid }}" />
|
||||
<input type="hidden" name="time" value="{{ php.time }}" />
|
||||
<div class="leftAlign">
|
||||
<label for="activeUserName">Username:</label>
|
||||
</div>
|
||||
<div class="centreAlign">
|
||||
<input class="inputStyling" type="text" id="activeUserName" name="username" />
|
||||
</div>
|
||||
<div class="leftAlign">
|
||||
<label for="activeEmail">E-mail:</label>
|
||||
</div>
|
||||
<div class="centreAlign">
|
||||
<input class="inputStyling" type="text" id="activeEmail" name="email" />
|
||||
</div>
|
||||
<div class="centreAlign">
|
||||
<input class="inputStyling" type="submit" name="submit" value="Request Activation" id="requestActiveBtn" />
|
||||
</div>
|
||||
<div class="subLinks centreAlign">
|
||||
Read the footnote on the Lost Password form.
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% endblock %}
|
|
@ -1,30 +0,0 @@
|
|||
{% extends 'global/master.twig' %}
|
||||
|
||||
{% block title %}Forgot Password{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
<div class="content news settings">
|
||||
<div class="head">Forgot Password</div>
|
||||
<form method="post" action="{{ urls.format('AUTH_ACTION') }}" id="passwordForm">
|
||||
<input type="hidden" name="session" value="{{ php.sessionid }}" />
|
||||
<input type="hidden" name="time" value="{{ php.time }}" />
|
||||
<input type="hidden" name="uid" value="{{ auth.userId }}" />
|
||||
<input type="hidden" name="mode" value="changepassword" />
|
||||
<div class="profile-field{% if auth.forgotKey %} hidden{% endif %}">
|
||||
<div><h2>Verification Key</h2></div>
|
||||
<div style="text-align: center;"><input type="text" name="verk" placeholder="The key that was sent to you in the e-mail" class="inputStyling"{% if auth.forgotKey %} value="{{ auth.forgotKey }}"{% endif %} /></div>
|
||||
</div>
|
||||
<div class="profile-field">
|
||||
<div><h2>New Password</h2></div>
|
||||
<div style="text-align: center;"><input type="password" name="newpw" placeholder="Your new password, using special characters is recommended" class="inputStyling" /></div>
|
||||
</div>
|
||||
<div class="profile-field">
|
||||
<div><h2>Verify Password</h2></div>
|
||||
<div style="text-align: center;"><input type="password" name="verpw" placeholder="Your new password again to make sure you didn't typo anything" class="inputStyling" /></div>
|
||||
</div>
|
||||
<div class="profile-save">
|
||||
<input type="submit" value="Save" name="submit" class="inputStyling" /> <input type="reset" value="Reset" name="reset" class="inputStyling" />
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
{% endblock %}
|
|
@ -7,7 +7,7 @@
|
|||
{% set comments = newsPosts[0].news_comments.comments %}
|
||||
{% else %}
|
||||
{% set paginationPages = news.posts|batch(postsPerPage) %}
|
||||
{% set paginationUrl %}{{ urls.format('SITE_NEWS') }}{% endset %}
|
||||
{% set paginationUrl %}{{ route('news.index') }}{% endset %}
|
||||
{% endif %}
|
||||
|
||||
{% set title %}
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
{% for rank in user.ranks %}
|
||||
<tr {% if rank.id == user.mainRankId %} class="current-session" {% endif %}>
|
||||
<td style="font-weight: bold; color: {{ rank.colour }}; text-shadow: 0 0 7px {{ rank.colour }}; text-align: left;">
|
||||
<a href="{{ urls.format('MEMBERLIST_RANK', [rank.id]) }}" class="clean">{{ rank.name }}</a>
|
||||
<a href="{{ route('members.rank', rank.id) }}" class="clean">{{ rank.name }}</a>
|
||||
</td>
|
||||
<td style="width: 90px;">
|
||||
<form method="post" action="{{ sakura.currentPage }}">
|
||||
|
|
|
@ -27,11 +27,11 @@ window.addEventListener("load", function() {
|
|||
<div class="friends-list">
|
||||
{% for friend in friends[get.page|default(1) - 1] %}
|
||||
<div class="friend-container" id="friendslist-friend-{{ friend.id }}">
|
||||
<a class="friends-list-data clean" href="{{ urls.format('USER_PROFILE', [friend.id]) }}">
|
||||
<img src="/a/{{ friend.id }}" alt="{{ friend.username }}" class="friends-list-avatar default-avatar-setting" style="width: 150px; height: 150px;" />
|
||||
<a class="friends-list-data clean" href="{{ route('user.profile', friend.id) }}">
|
||||
<img src="{{ route('file.avatar', friend.id) }}" alt="{{ friend.username }}" class="friends-list-avatar default-avatar-setting" style="width: 150px; height: 150px;" />
|
||||
<div class="friends-list-name" style="color: {{ friend.colour }};">{{ friend.username }}</div>
|
||||
</a>
|
||||
<div class="friends-list-actions">
|
||||
<div class="friends-list-actions"><!-- urls -->
|
||||
<a class="remove fill fa fa-remove" title="Remove friend" href="/friends?remove={{ friend.id }}&session={{ php.sessionid }}&time={{ php.time }}" id="friendslist-friend-action-remove-{{ friend.id }}"></a>
|
||||
<div class="clear"></div>
|
||||
</div>
|
||||
|
|
|
@ -27,11 +27,11 @@ window.addEventListener("load", function() {
|
|||
<div class="friends-list">
|
||||
{% for friend in friends[get.page|default(1) - 1] %}
|
||||
<div class="friend-container" id="friend-{{ friend.id }}">
|
||||
<a class="friends-list-data clean" href="{{ urls.format('USER_PROFILE', [friend.id]) }}">
|
||||
<img src="/a/{{ friend.id }}" alt="{{ friend.username }}" class="friends-list-avatar default-avatar-setting" style="width: 150px; height: 150px;" />
|
||||
<a class="friends-list-data clean" href="{{ route('user.profile', friend.id) }}">
|
||||
<img src="{{ route('file.avatar', friend.id) }}" alt="{{ friend.username }}" class="friends-list-avatar default-avatar-setting" style="width: 150px; height: 150px;" />
|
||||
<div class="friends-list-name" style="color: {{ friend.colour }};">{{ friend.username }}</div>
|
||||
</a>
|
||||
<div class="friends-list-actions">
|
||||
<div class="friends-list-actions"><!-- urls -->
|
||||
<a class="add fa fa-check" title="Add friend" href="/friends?add={{ friend.id }}&session={{ php.sessionid }}&time={{ php.time }}" id="friendslist-friend-action-add-{{ friend.id }}"></a>
|
||||
<a class="remove fa fa-remove" title="Remove friend" href="/friends?remove={{ friend.id }}&session={{ php.sessionid }}&time={{ php.time }}" id="friendslist-friend-action-remove-{{ friend.id }}"></a>
|
||||
<div class="clear"></div>
|
||||
|
|
Reference in a new issue