function postContent()
{
// TODO: change this to actual basic login, of course
if ($user = \Idno\Entities\User::getByHandle($this->getInput('email'))) {
} else {
if ($user = \Idno\Entities\User::getByEmail($this->getInput('email'))) {
} else {
\Idno\Core\site()->triggerEvent('login/failure/nouser', ['method' => 'password', 'credentials' => ['email' => $this->getInput('email')]]);
$this->setResponse(401);
$this->forward('/session/login');
}
}
if ($user instanceof \Idno\Entities\User) {
if ($user->checkPassword($this->getInput('password'))) {
\Idno\Core\site()->triggerEvent('login/success', ['user' => $user]);
// Trigger an event for auditing
\Idno\Core\site()->session()->logUserOn($user);
\Idno\Core\site()->session()->addMessage("You've signed in as {$user->getTitle()}.");
$this->forward();
} else {
\Idno\Core\site()->session()->addMessage("Oops! It looks like your password isn't correct. Please try again.");
\Idno\Core\site()->triggerEvent('login/failure', ['user' => $user]);
}
} else {
\Idno\Core\site()->session()->addMessage("Oops! We couldn't find your username or email address. Please check you typed it correctly and try again.");
}
}
function postContent()
{
$this->reverseGatekeeper();
$name = $this->getInput('name');
$handle = trim($this->getInput('handle'));
$password = trim($this->getInput('password'));
$email = trim($this->getInput('email'));
if (empty($handle) && empty($email)) {
\Idno\Core\site()->session()->addErrorMessage("Please enter a username and email address.");
} else {
if (!empty($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) {
if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && strlen($handle) <= 32 && !substr_count($handle, '/') && \Idno\Entities\User::checkNewPasswordStrength($password)) {
$user = new Application();
$user->email = $email;
$user->handle = strtolower(trim($handle));
// Trim the handle and set it to lowercase
$user->setPassword($password);
$user->notifications['email'] = 'all';
if (empty($name)) {
$name = $user->handle;
}
$user->setTitle($name);
if ($user->save()) {
$t = clone \Idno\Core\site()->template();
$t->setTemplateType('email');
foreach (\Idno\Core\site()->getAdmins() as $admin) {
$email_message = new Email();
$email_message->setSubject("You have a new membership application!");
$email_message->addTo($admin->email);
$email_message->setHTMLBodyFromTemplate('applytojoin/new', ['user' => $user]);
$email_message->send();
}
$this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'account/join/thanks/');
} else {
var_export(\Idno\Core\site()->session()->messages);
}
} else {
if (empty($handle)) {
\Idno\Core\site()->session()->addErrorMessage("Please create a username.");
}
if (strlen($handle) > 32) {
\Idno\Core\site()->session()->addErrorMessage("Your username is too long.");
}
if (substr_count($handle, '/')) {
\Idno\Core\site()->session()->addErrorMessage("Usernames can't contain a slash ('/') character.");
}
if (!empty($handleuser)) {
\Idno\Core\site()->session()->addErrorMessage("Unfortunately, someone is already using that username. Please choose another.");
}
if (!empty($emailuser)) {
\Idno\Core\site()->session()->addErrorMessage("Hey, it looks like there's already an account with that email address. Did you forget your login?");
}
if (!\Idno\Entities\User::checkNewPasswordStrength($password)) {
\Idno\Core\site()->session()->addErrorMessage("Please check that your password is at least 7 characters long.");
}
}
}
}
$this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'account/join/');
}
function postContent()
{
$fwd = $this->getInput('fwd');
// Forward to a new page?
if (empty($fwd)) {
$fwd = \Idno\Core\site()->config()->url;
}
if ($user = \Idno\Entities\User::getByHandle($this->getInput('email'))) {
} else {
if ($user = \Idno\Entities\User::getByEmail($this->getInput('email'))) {
} else {
\Idno\Core\site()->triggerEvent('login/failure/nouser', array('method' => 'password', 'credentials' => array('email' => $this->getInput('email'))));
$this->setResponse(401);
}
}
if ($user instanceof \Idno\Entities\User) {
if ($user->checkPassword(trim($this->getInput('password')))) {
\Idno\Core\site()->triggerEvent('login/success', array('user' => $user));
// Trigger an event for auditing
\Idno\Core\site()->session()->logUserOn($user);
$this->forward($fwd);
} else {
\Idno\Core\site()->session()->addErrorMessage("Oops! It looks like your password isn't correct. Please try again.");
\Idno\Core\site()->triggerEvent('login/failure', array('user' => $user));
$this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'session/login/?fwd=' . urlencode($fwd));
}
} else {
\Idno\Core\site()->session()->addErrorMessage("Oops! We couldn't find your username or email address. Please check you typed it correctly and try again.");
$this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'session/login/?fwd=' . urlencode($fwd));
}
}
function getContent()
{
if (!empty($this->arguments[0])) {
$user = \Idno\Entities\User::getByHandle($this->arguments[0]);
}
if (empty($user)) {
$this->forward();
}
// TODO: 404
$t = \Idno\Core\site()->template();
$t->__(array('title' => 'Edit profile: ' . $user->getTitle(), 'body' => $t->__(array('user' => $user))->draw('entity/User/edit')))->drawPage();
}
function postContent()
{
if (!empty($this->arguments[0])) {
$user = \Idno\Entities\User::getByHandle($this->arguments[0]);
}
if (empty($user)) {
$this->forward();
}
// TODO: 404
if ($user->saveDataFromInput($this)) {
\Idno\Core\site()->session()->addMessage($user->getTitle() . ' was saved.');
$this->forward($user->getURL());
}
$this->forward($_SERVER['HTTP_REFERER']);
}
function getContent()
{
$acct = $this->getInput('resource');
if (!empty($acct)) {
if (substr($acct, 0, 5) == 'acct:' && strlen($acct) > 8) {
$handle = str_replace('@' . \Idno\Core\site()->config()->host, '', substr($acct, 5));
if ($user = \Idno\Entities\User::getByHandle($handle)) {
$links = \Idno\Core\site()->triggerEvent('webfinger', array('object' => $user));
}
}
}
$t = \Idno\Core\site()->template();
$t->setTemplateType('json');
$t->__(array('subject' => $acct, 'links' => $links))->drawPage();
}
/**
* Sets the page owner on the homepage
*/
function init()
{
\Idno\Core\Idno::site()->events()->addListener('page/get', function (\Idno\Core\Event $event) {
if ($event->data()['page_class'] == 'Idno\\Pages\\Homepage') {
if (!empty(\Idno\Core\Idno::site()->config()->cherwell['profile_user'])) {
if ($profile_user = User::getByHandle(\Idno\Core\Idno::site()->config()->cherwell['profile_user'])) {
\Idno\Core\Idno::site()->currentPage()->setOwner($profile_user);
}
}
if (empty($profile_user)) {
\Idno\Core\Idno::site()->currentPage()->setOwner(\Idno\Entities\User::getOne(['admin' => true]));
}
}
});
\Idno\Core\Idno::site()->addPageHandler('/admin/cherwell/?', 'Themes\\Cherwell\\Pages\\Admin');
}
function postContent()
{
$name = $this->getInput('name');
$handle = $this->getInput('handle');
$password = $this->getInput('password');
$password2 = $this->getInput('password2');
$email = $this->getInput('email');
$user = new \Idno\Entities\User();
if (!empty($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) {
if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && $password == $password2 && strlen($password) > 4 && !empty($name)) {
$user = new \Idno\Entities\User();
$user->email = $email;
$user->handle = $handle;
$user->setPassword($password);
$user->setTitle($name);
if (!\Idno\Entities\User::get()) {
$user->setAdmin(true);
}
$user->save();
} else {
if (empty($handle)) {
\Idno\Core\site()->session()->addMessage("You can't have an empty handle.");
} else {
if (!empty($handleuser)) {
\Idno\Core\site()->session()->addMessage("Unfortunately, a user is already using that handle. Please choose another.");
}
}
if (!empty($emailuser)) {
\Idno\Core\site()->session()->addMessage("Unfortunately, a user is already using that email address. Please choose another.");
}
if ($password != $password2 || strlen($password) <= 4) {
\Idno\Core\site()->session()->addMessage("Please check that your passwords match and that your password is over four characters long.");
}
}
} else {
\Idno\Core\site()->session()->addMessage("That doesn't seem to be a valid email address.");
}
if (!empty($user->_id)) {
\Idno\Core\site()->session()->addMessage("You've registered! Well done.");
\Idno\Core\site()->session()->logUserOn($user);
} else {
\Idno\Core\site()->session()->addMessage("We couldn't register you.");
$this->forward($_SERVER['HTTP_REFERER']);
}
}
function postContent()
{
$this->adminGatekeeper();
$user_uuid = $this->getInput('user');
$action = $this->getInput('action');
$user = Application::getByUUID($user_uuid);
if ($user instanceof Application) {
$name = $user->getTitle();
$handle = $user->handle;
$email = $user->email;
switch ($action) {
case 'approve':
if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && strlen($handle) <= 32 && !substr_count($handle, '/')) {
$real_user = new \Idno\Entities\User();
$real_user->setHandle($user->handle);
$real_user->email = $user->email;
$real_user->password = $user->password;
$real_user->setTitle($user->getTitle());
if ($real_user->save()) {
$user->delete();
$email_message = new Email();
$email_message->setSubject("Your membership was approved!");
$email_message->addTo($real_user->email);
$email_message->setHTMLBodyFromTemplate('applytojoin/approved', ['user' => $real_user]);
$email_message->send();
\Idno\Core\site()->session()->addMessage("{$name}'s membership application was approved. They can now log into the site.");
} else {
\Idno\Core\site()->session()->addMessage("Something went wrong and we weren't able to approve {$name}'s membership application.");
}
} else {
\Idno\Core\site()->session()->addMessage("We couldn't approve {$name}'s application. Either their handle or their email was invalid or in use.");
}
break;
case 'delete':
$user->delete();
\Idno\Core\site()->session()->addMessage("{$name}'s membership application was deleted.");
break;
}
}
$this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'admin/applytojoin/');
}
function postContent()
{
if (!empty($this->arguments[0])) {
$user = \Idno\Entities\User::getByHandle($this->arguments[0]);
}
if (empty($user)) {
$this->forward();
}
// TODO: 404
if ($user->saveDataFromInput($this)) {
if ($onboarding = $this->getInput('onboarding')) {
$services = \Idno\Core\site()->syndication()->getServices();
if (!empty($services) || !empty(\Idno\Core\site()->config->force_onboarding_connect)) {
$this->forward(\Idno\Core\site()->config()->getURL() . 'begin/connect');
} else {
$this->forward(\Idno\Core\site()->config()->getURL() . 'begin/publish');
}
}
$this->forward($user->getURL());
}
$this->forward($_SERVER['HTTP_REFERER']);
}
/**
* Return an admin test user, creating it if necessary.
* @return \Idno\Entities\User
*/
protected function &admin()
{
// Have we already got a user?
if (static::$testAdmin) {
return static::$testAdmin;
}
// Get a user (shouldn't happen)
if ($user = \Idno\Entities\User::getByHandle('testadmin')) {
static::$testAdmin = $user;
return $user;
}
// No user there, so create one
$user = new \Idno\Entities\User();
$user->handle = 'testadmin';
$user->email = '*****@*****.**';
$user->setPassword(md5(rand()));
// Set password to something random to mitigate security holes if cleanup fails
$user->setTitle('Test Admin User');
$user->setAdmin(true);
$user->save();
static::$testAdmin = $user;
return $user;
}
/**
* Retrieve a user by their profile URL.
* @param string $url
* @return User|false
*/
static function getByProfileURL($url)
{
// If user explicitly has a profile url set (generally this means it's a RemoteUser class
if ($result = \Idno\Core\Idno::site()->db()->getObjects(get_called_class(), array('url' => $url), null, 1)) {
foreach ($result as $row) {
return $row;
}
}
// Ok, now try and see if we can get the local profile
if (preg_match("~" . \Idno\Core\Idno::site()->config()->url . 'profile/([A-Za-z0-9]+)?~', $url, $matches)) {
return \Idno\Entities\User::getByHandle($matches[1]);
}
// Can't find
return false;
}
/**
* Checks HTTP request headers to see if the request has been properly
* signed for API access, and if so, log the user on and return the user
*
* @return \Idno\Entities\User|false The logged-in user, or false otherwise
*/
function APIlogin()
{
if (!empty($_SERVER['HTTP_X_KNOWN_USERNAME']) && !empty($_SERVER['HTTP_X_KNOWN_SIGNATURE'])) {
\Idno\Core\site()->session()->setIsAPIRequest(true);
if (!\Idno\Common\Page::isSSL() && !\Idno\Core\site()->config()->disable_cleartext_warning) {
\Idno\Core\site()->session()->addErrorMessage("Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini");
}
$t = site()->currentPage()->getInput('_t');
if (empty($t)) {
site()->template()->setTemplateType('json');
}
if ($user = \Idno\Entities\User::getByHandle($_SERVER['HTTP_X_KNOWN_USERNAME'])) {
// Short circuit authentication, since this user is already logged in. Needed to resolve #595
if (\Idno\Core\site()->session()->currentUser() && \Idno\Core\site()->session()->currentUser()->getUUID() == $user->getUUID()) {
return $user;
}
$key = $user->getAPIkey();
$hmac = trim($_SERVER['HTTP_X_KNOWN_SIGNATURE']);
$compare_hmac = base64_encode(hash_hmac('sha256', $_SERVER['REQUEST_URI'], $key, true));
if ($hmac == $compare_hmac) {
\Idno\Core\site()->session()->logUserOn($user);
return $user;
}
}
}
// We're not logged in yet, so try and authenticate using other mechanism
if ($return = site()->triggerEvent('user/auth/api', [], false)) {
\Idno\Core\site()->session()->setIsAPIRequest(true);
if (!\Idno\Common\Page::isSSL() && !\Idno\Core\site()->config()->disable_cleartext_warning) {
\Idno\Core\site()->session()->addErrorMessage("Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini");
}
}
// If this is an API request but we're not logged in, set page response code to access denied
if ($this->isAPIRequest() && !$return) {
site()->currentPage()->setResponse(403);
}
return $return;
}
function postContent()
{
$name = $this->getInput('name');
$handle = trim($this->getInput('handle'));
$password = trim($this->getInput('password'));
$password2 = trim($this->getInput('password2'));
$email = trim($this->getInput('email'));
$code = $this->getInput('code');
$onboarding = $this->getInput('onboarding');
/*if (!\Idno\Common\Page::isSSL() && !\Idno\Core\site()->config()->disable_cleartext_warning) {
\Idno\Core\site()->session()->addErrorMessage("Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini");
}*/
if (empty(\Idno\Core\site()->config()->open_registration)) {
if (!($invitation = \Idno\Entities\Invitation::validate($email, $code))) {
\Idno\Core\site()->session()->addErrorMessage("Your invitation doesn't seem to be valid, or has expired.");
$this->forward(\Idno\Core\site()->config()->getURL());
} else {
// Removing this from here - invitation will be deleted once user is created
//$invitation->delete(); // Remove the invitation; it's no longer needed
}
}
$user = new \Idno\Entities\User();
if (empty($handle) && empty($email)) {
\Idno\Core\site()->session()->addErrorMessage("Please enter a username and email address.");
} else {
if (!empty($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) {
if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && strlen($handle) <= 32 && preg_match('/^[a-zA-Z0-9_]{1,}$/', $handle) && !substr_count($handle, '/') && $password == $password2 & \Idno\Entities\User::checkNewPasswordStrength($password)) {
$user = new \Idno\Entities\User();
$user->email = $email;
$user->handle = strtolower(trim($handle));
// Trim the handle and set it to lowercase
$user->setPassword($password);
$user->notifications['email'] = 'all';
if (empty($name)) {
$name = $user->handle;
}
$user->setTitle($name);
if (!\Idno\Entities\User::get()) {
$user->setAdmin(true);
$user->robot_state = '1';
// State for our happy robot helper
if (\Idno\Core\site()->config()->title == 'New Known site') {
if (!empty($_SESSION['set_name'])) {
\Idno\Core\site()->config()->title = $_SESSION['set_name'];
} else {
\Idno\Core\site()->config()->title = $user->getTitle() . '\'s Known';
}
\Idno\Core\site()->config()->theme = 'Solo';
\Idno\Core\site()->config()->open_registration = false;
\Idno\Core\site()->config()->from_email = $user->email;
\Idno\Core\site()->config()->save();
}
\Idno\Core\site()->triggerEvent('site/firstadmin', array('user' => $user));
// Event hook for first admin
} else {
\Idno\Core\site()->triggerEvent('site/newuser', array('user' => $user));
// Event hook for new user
}
$user->save();
// Now we can remove the invitation
if (!empty($invitation)) {
if ($invitation instanceof Invitation) {
$invitation->delete();
// Remove the invitation; it's no longer needed
}
}
} else {
if (empty($handle)) {
\Idno\Core\site()->session()->addErrorMessage("Please create a username.");
}
if (strlen($handle) > 32) {
\Idno\Core\site()->session()->addErrorMessage("Your username is too long.");
}
if (!preg_match('/^[a-zA-Z0-9_]{1,}$/', $handle)) {
\Idno\Core\site()->session()->addErrorMessage("Usernames can only have letters, numbers and underscores.");
}
if (substr_count($handle, '/')) {
\Idno\Core\site()->session()->addErrorMessage("Usernames can't contain a slash ('/') character.");
}
if (!empty($handleuser)) {
\Idno\Core\site()->session()->addErrorMessage("Unfortunately, someone is already using that username. Please choose another.");
}
if (!empty($emailuser)) {
\Idno\Core\site()->session()->addErrorMessage("Hey, it looks like there's already an account with that email address. Did you forget your login?");
}
if (!\Idno\Entities\User::checkNewPasswordStrength($password) || $password != $password2) {
\Idno\Core\site()->session()->addErrorMessage("Please check that your passwords match and that your password is at least 7 characters long.");
}
}
} else {
\Idno\Core\site()->session()->addErrorMessage("That doesn't seem like it's a valid email address.");
}
}
if (!empty($user->_id)) {
\Idno\Core\site()->session()->addMessage("You've registered! You're ready to get started. Why not add a status update to say hello?");
\Idno\Core\site()->session()->logUserOn($user);
if (empty($onboarding)) {
$this->forward();
} else {
$this->forward(\Idno\Core\site()->config()->getURL() . 'begin/profile');
}
} else {
\Idno\Core\site()->session()->addMessageAtStart("We couldn't register you.");
$this->forward($_SERVER['HTTP_REFERER']);
}
}
function postContent()
{
$this->adminGatekeeper();
// Admins only
$action = $this->getInput('action');
switch ($action) {
case 'add_rights':
$uuid = $this->getInput('user');
if ($user = User::getByUUID($uuid)) {
$user->setAdmin(true);
$user->save();
\Idno\Core\site()->session()->addMessage($user->getTitle() . " was given administration rights.");
}
break;
case 'remove_rights':
$uuid = $this->getInput('user');
if ($user = User::getByUUID($uuid)) {
$user->setAdmin(false);
$user->save();
\Idno\Core\site()->session()->addMessage($user->getTitle() . " was stripped of their administration rights.");
}
break;
case 'delete':
$uuid = $this->getInput('user');
if ($user = User::getByUUID($uuid)) {
if ($user->delete()) {
\Idno\Core\site()->session()->addMessage($user->getTitle() . " was removed from your site.");
}
}
break;
case 'invite_users':
$emails = $this->getInput('invitation_emails');
preg_match_all('/[a-z\\d._%\\+\\-]+@[a-z\\d.-]+\\.[a-z]{2,4}\\b/i', $emails, $matches);
$invitation_count = 0;
if (!empty($matches[0])) {
if (is_array($matches[0])) {
foreach ($matches[0] as $email) {
if (!($user = User::getByEmail($email))) {
$invitation = new Invitation();
if ($invitation->sendToEmail($email, \Idno\Core\site()->session()->currentUser()->email) !== 0) {
$invitation_count++;
}
}
}
}
}
if ($invitation_count > 1) {
\Idno\Core\site()->session()->addMessage("{$invitation_count} invitations were sent.");
} else {
if ($invitation_count == 1) {
\Idno\Core\site()->session()->addMessage("Your invitation was sent.");
} else {
\Idno\Core\site()->session()->addMessage("No email addresses were found or all the people you invited are already members of this site.");
}
}
break;
case 'remove_invitation':
$invitation_id = $this->getInput('invitation_id');
if ($invitation = Invitation::getByID($invitation_id)) {
if ($invitation->delete()) {
\Idno\Core\site()->session()->addMessage("The invitation was removed.");
}
}
break;
case 'resend_invitation':
$invitation_id = $this->getInput('invitation_id');
if ($invitation = Invitation::getByID($invitation_id)) {
$email = $invitation->email;
if ($invitation->delete()) {
$new_invitation = new Invitation();
if ($new_invitation->sendToEmail($email)) {
\Idno\Core\site()->session()->addMessage("The invitation was resent.");
}
}
}
break;
case 'add_user':
if (!\Idno\Core\site()->config()->canAddUsers()) {
\Idno\Core\site()->session()->addMessage("You can't add any more users to your site.");
break;
}
$name = $this->getInput('name');
$handle = trim($this->getInput('handle'));
$email = trim($this->getInput('email'));
$password = trim($this->getInput('password1'));
$password2 = trim($this->getInput('password2'));
$user = new \Idno\Entities\User();
if (empty($password) || $password != $password2) {
\Idno\Core\site()->session()->addMessage("Please make sure your passwords match and aren't empty.");
} else {
if (empty($handle) && empty($email)) {
\Idno\Core\site()->session()->addMessage("Please enter a username and email address.");
} else {
if (!empty($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) {
if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && strlen($handle) <= 32 && !substr_count($handle, '/')) {
$user = new \Idno\Entities\User();
$user->email = $email;
$user->handle = strtolower(trim($handle));
// Trim the handle and set it to lowercase
$user->setPassword($password);
if (empty($name)) {
$name = $user->handle;
}
$user->setTitle($name);
$user->save();
} else {
if (empty($handle)) {
\Idno\Core\site()->session()->addMessage("Please create a username.");
}
if (strlen($handle) > 32) {
\Idno\Core\site()->session()->addMessage("Your username is too long.");
}
if (substr_count($handle, '/')) {
\Idno\Core\site()->session()->addMessage("Usernames can't contain a slash ('/') character.");
}
if (!empty($handleuser)) {
\Idno\Core\site()->session()->addMessage("Unfortunately, someone is already using that username. Please choose another.");
}
if (!empty($emailuser)) {
\Idno\Core\site()->session()->addMessage("Hey, it looks like there's already an account with that email address. Did you forget your login?");
}
}
} else {
\Idno\Core\site()->session()->addMessage("That doesn't seem like it's a valid email address.");
}
}
}
if (!empty($user->_id)) {
\Idno\Core\site()->session()->addMessage("User " . $user->getHandle() . " was created. You may wish to email them to let them know.");
} else {
\Idno\Core\site()->session()->addMessageAtStart("We couldn't register that user.");
}
break;
case 'block_emails':
$emails = $this->getInput('blocked_emails');
preg_match_all('/[a-z\\d._%+-]+@[a-z\\d.-]+\\.[a-z]{2,4}\\b/i', $emails, $matches);
$block_count = 0;
if (!empty($matches[0])) {
if (is_array($matches[0])) {
foreach ($matches[0] as $email) {
if (\Idno\Core\site()->config()->addBlockedEmail($email)) {
$block_count++;
}
}
\Idno\Core\site()->config()->save();
}
}
if ($block_count > 1) {
\Idno\Core\site()->session()->addMessage("{$block_count} emails were blocked.");
} else {
if ($block_count == 1) {
\Idno\Core\site()->session()->addMessage("The email address was blocked.");
} else {
\Idno\Core\site()->session()->addMessage("No email addresses were found.");
}
}
break;
case 'unblock_emails':
$emails = $this->getInput('blocked_emails');
preg_match_all('/[a-z\\d._%+-]+@[a-z\\d.-]+\\.[a-z]{2,4}\\b/i', $emails, $matches);
$block_count = 0;
if (!empty($matches[0])) {
if (is_array($matches[0])) {
foreach ($matches[0] as $email) {
if (\Idno\Core\site()->config()->removeBlockedEmail($email)) {
$block_count++;
}
}
\Idno\Core\site()->config()->save();
}
}
if ($block_count > 1) {
\Idno\Core\site()->session()->addMessage("{$block_count} emails were unblocked.");
} else {
if ($block_count == 1) {
\Idno\Core\site()->session()->addMessage("The email address was unblocked.");
} else {
\Idno\Core\site()->session()->addMessage("No email addresses were found.");
}
}
break;
}
$this->forward(\Idno\Core\site()->config()->getURL() . 'admin/users');
}
/**
* A webmention to our profile page means someone mentioned us.
*/
function webmentionContent($source, $target, $source_response, $source_mf2)
{
Idno::site()->logging()->info("received user mention from {$source} to {$target}");
if (empty($this->arguments)) {
Idno::site()->logging()->debug("could not process user mention, no pagehandler arguments");
return false;
}
$user = User::getByHandle($this->arguments[0]);
if (empty($user)) {
Idno::site()->logging()->debug('could not process user mention, no user for handle ' . $this->arguments[0]);
return false;
}
Idno::site()->logging()->debug("found target user {$user->getHandle()}");
// if this is anything other than a normal mention (e.g. a delete), accept the wm, but do nothing
if ($source_response['response'] !== 200) {
return true;
}
$title = Webmention::getTitleFromContent($source_response['content'], $source);
$mention = ['permalink' => $source, 'title' => $title];
// look for the first and only h-entry or h-event on the page
$entry = Webmention::findRepresentativeHEntry($source_mf2, $source, ['h-entry', 'h-event']);
$card = Webmention::findAuthorHCard($source_mf2, $source, $entry);
// try to get some more specific details of the mention from mf2 content
if ($entry) {
if (!empty($entry['properties']['url'])) {
$mention['permalink'] = $entry['properties']['url'][0];
}
if (!empty($entry['properties']['content'])) {
$content = $entry['properties']['content'][0];
$mention['content'] = Idno::site()->template()->sanitize_html(is_array($content) ? $content['html'] : $content);
}
}
$sender_url = false;
if ($card) {
if (!empty($card['properties']['url'])) {
$sender_url = $card['properties']['url'][0];
$mention['owner_url'] = $card['properties']['url'][0];
}
if (!empty($card['properties']['name'])) {
$mention['owner_name'] = $card['properties']['name'][0];
}
}
$message = 'You were mentioned';
if (isset($mention['owner_name'])) {
$message .= ' by ' . $mention['owner_name'];
}
$message .= ' on ' . parse_url($mention['permalink'], PHP_URL_HOST);
$notif = new Notification();
if ($notif->setNotificationKey(['mention', $user->getUUID(), $source, $target])) {
$notif->setOwner($user);
$notif->setMessage($message);
$notif->setMessageTemplate('content/notification/mention');
$notif->setActor($sender_url);
$notif->setVerb('mention');
$notif->setObject($mention);
$notif->setTarget($user);
$notif->save();
$user->notify($notif);
} else {
\Idno\Core\Idno::site()->logging()->debug("ignoring duplicate notification", ['source' => $source, 'target' => $target, 'user' => $user->getHandle()]);
}
return true;
}
/**
* Checks HTTP request headers to see if the request has been properly
* signed for API access, and if so, log the user on and return the user
*
* @return \Idno\Entities\User|false The logged-in user, or false otherwise
*/
function APIlogin()
{
if (!empty($_SERVER['HTTP_X_KNOWN_USERNAME']) && !empty($_SERVER['HTTP_X_KNOWN_SIGNATURE'])) {
\Idno\Core\Idno::site()->session()->setIsAPIRequest(true);
if (!\Idno\Common\Page::isSSL() && !\Idno\Core\Idno::site()->config()->disable_cleartext_warning) {
\Idno\Core\Idno::site()->session()->addErrorMessage("Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini");
}
$t = \Idno\Core\Idno::site()->currentPage()->getInput('_t');
if (empty($t)) {
\Idno\Core\Idno::site()->template()->setTemplateType('json');
}
if ($user = \Idno\Entities\User::getByHandle($_SERVER['HTTP_X_KNOWN_USERNAME'])) {
$key = $user->getAPIkey();
$hmac = trim($_SERVER['HTTP_X_KNOWN_SIGNATURE']);
//$compare_hmac = base64_encode(hash_hmac('sha256', explode('?', $_SERVER['REQUEST_URI'])[0], $key, true));
$compare_hmac = base64_encode(hash_hmac('sha256', $_SERVER['REQUEST_URI'], $key, true));
if ($hmac == $compare_hmac) {
\Idno\Core\Idno::site()->session()->logUserOn($user);
return $user;
}
}
}
// We're not logged in yet, so try and authenticate using other mechanism
if ($return = \Idno\Core\Idno::site()->triggerEvent('user/auth/api', [], false)) {
\Idno\Core\Idno::site()->session()->setIsAPIRequest(true);
if (!\Idno\Common\Page::isSSL() && !\Idno\Core\Idno::site()->config()->disable_cleartext_warning) {
\Idno\Core\Idno::site()->session()->addErrorMessage("Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini");
}
}
// If this is an API request but we're not logged in, set page response code to access denied
if ($this->isAPIRequest() && !$return) {
$ip = $_SERVER['REMOTE_ADDR'];
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$proxies = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
// We are behind a proxy
$ip = trim($proxies[0]);
}
\Idno\Core\Idno::site()->logging()->log("API Login failure from {$ip}", LOGLEVEL_ERROR);
//\Idno\Core\Idno::site()->triggerEvent('login/failure/api'); // Can't be used until #918 is fixed.
\Idno\Core\Idno::site()->currentPage()->deniedContent();
}
return $return;
}
function postContent()
{
$name = $this->getInput('name');
$handle = trim($this->getInput('handle'));
$password = trim($this->getInput('password'));
$password2 = trim($this->getInput('password2'));
$email = trim($this->getInput('email'));
$code = $this->getInput('code');
$onboarding = $this->getInput('onboarding');
if (empty(\Idno\Core\site()->config()->open_registration)) {
if (!($invitation = \Idno\Entities\Invitation::validate($email, $code))) {
\Idno\Core\site()->session()->addMessage("Your invitation doesn't seem to be valid or has expired.");
$this->forward(\Idno\Core\site()->config()->getURL());
} else {
// Removing this from here - invitation will be deleted once user is created
//$invitation->delete(); // Remove the invitation; it's no longer needed
}
}
$user = new \Idno\Entities\User();
if (empty($handle) && empty($email)) {
\Idno\Core\site()->session()->addMessage("Please enter a username and email address.");
} else {
if (!empty($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) {
if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && strlen($handle <= 32) && !substr_count($handle, '/') && $password == $password2 && strlen($password) > 4) {
$user = new \Idno\Entities\User();
$user->email = $email;
$user->handle = strtolower(trim($handle));
// Trim the handle and set it to lowercase
$user->setPassword($password);
if (empty($name)) {
$name = $user->handle;
}
$user->setTitle($name);
if (!\Idno\Entities\User::get()) {
$user->setAdmin(true);
$user->robot_state = 1;
// State for our happy robot helper
if (\Idno\Core\site()->config()->title == 'New Known site') {
if (!empty($_SESSION['set_name'])) {
\Idno\Core\site()->config()->title = $_SESSION['set_name'];
} else {
\Idno\Core\site()->config()->title = $user->getTitle() . '\'s Known';
}
\Idno\Core\site()->config()->open_registration = false;
\Idno\Core\site()->config()->from_email = $user->email;
\Idno\Core\site()->config()->save();
}
}
$user->save();
\Idno\Core\site()->triggerEvent('site/firstadmin', ['user' => $user]);
// Event hook for first admin
// Now we can remove the invitation
if ($invitation instanceof Invitation) {
$invitation->delete();
// Remove the invitation; it's no longer needed
}
} else {
if (empty($handle)) {
\Idno\Core\site()->session()->addMessage("Please create a username.");
} else {
if (strlen($handle) > 32) {
\Idno\Core\site()->session()->addMessage("Your username is too long.");
} else {
if (substr_count($handle, '/')) {
\Idno\Core\site()->session()->addMessage("Usernames can't contain a slash ('/') character.");
} else {
if (!empty($handleuser)) {
\Idno\Core\site()->session()->addMessage("Unfortunately, someone is already using that username. Please choose another.");
}
}
}
}
if (!empty($emailuser)) {
\Idno\Core\site()->session()->addMessage("Hey, it looks like there's already an account with that email address. Did you forget your login?");
}
if ($password != $password2 || strlen($password) <= 4) {
\Idno\Core\site()->session()->addMessage("Please check that your passwords match and that your password is over four characters long.");
}
}
} else {
\Idno\Core\site()->session()->addMessage("That doesn't seem like it's a valid email address.");
}
}
if (!empty($user->_id)) {
\Idno\Core\site()->session()->addMessage("You've registered! You're ready to get started. Why not add some profile information?");
\Idno\Core\site()->session()->logUserOn($user);
if (empty($onboarding)) {
$this->forward($user->getURL());
} else {
$this->forward(\Idno\Core\site()->config()->getURL() . 'begin/profile');
}
} else {
\Idno\Core\site()->session()->addMessageAtStart("We couldn't register you.");
$this->forward($_SERVER['HTTP_REFERER']);
}
}
/**
* Called at the beginning of each request handler, attempts to authorize the request.
*
* Checks HTTP request headers to see if the request has been properly
* signed for API access.
*
* If this is not an API request, then check the session for the logged in user's credentials.
*
* Triggers "user/auth/request" to give plugins an opportunity to implement their own auth mechanism.
* Then "user/auth/success" or "user/auth/failure" depending on if a user was found for the provided credentials.
*
* @return \Idno\Entities\User|false The logged-in user, or false otherwise
*/
function tryAuthUser()
{
// attempt to delegate auth to a plugin (note: plugin is responsible for calling setIsAPIRequest or not)
$return = \Idno\Core\Idno::site()->triggerEvent('user/auth/request', [], false);
// auth standard API requests
if (!$return && !empty($_SERVER['HTTP_X_KNOWN_USERNAME']) && !empty($_SERVER['HTTP_X_KNOWN_SIGNATURE'])) {
\Idno\Core\Idno::site()->logging()->log("Attempting to auth via API credentials", LOGLEVEL_DEBUG);
$this->setIsAPIRequest(true);
$t = \Idno\Core\Idno::site()->currentPage()->getInput('_t');
if (empty($t)) {
\Idno\Core\Idno::site()->template()->setTemplateType('json');
}
if ($user = \Idno\Entities\User::getByHandle($_SERVER['HTTP_X_KNOWN_USERNAME'])) {
\Idno\Core\Idno::site()->logging()->log("API auth found user by username: "******"API auth verified signature for user: "******"API auth failed signature validation for user: "******"Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini");
}
// If this is an API request but we're not logged in, set page response code to access denied
if (!$return) {
$ip = $_SERVER['REMOTE_ADDR'];
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$proxies = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
// We are behind a proxy
$ip = trim($proxies[0]);
}
\Idno\Core\Idno::site()->logging()->log("API Login failure from {$ip}", LOGLEVEL_ERROR);
\Idno\Core\Idno::site()->currentPage()->deniedContent();
}
}
$return = \Idno\Core\Idno::site()->triggerEvent($return ? "user/auth/success" : "user/auth/failure", array("user" => $return, "is api" => $this->isAPIRequest()), $return);
return $return;
}
/**
* Change @user links into active users.
* @param type $text The text to parse
* @param type $in_reply_to If specified, the function will make a (hopefully) sensible guess as to where the user is located
*/
function parseUsers($text, $in_reply_to = null)
{
$r = $text;
if (!empty($in_reply_to)) {
// TODO: do this in a more pluggable way
// It is only safe to make assumptions on @users if only one reply to is given
if (!is_array($in_reply_to) || is_array($in_reply_to) && count($in_reply_to) == 1) {
if (is_array($in_reply_to)) {
$in_reply_to = $in_reply_to[0];
}
$r = preg_replace_callback('/(?<=^|[\\>\\s\\n\\.])(\\@[\\w0-9\\_]+)/i', function ($matches) use($in_reply_to) {
$url = $matches[1];
// Find and replace twitter
if (strpos($in_reply_to, 'twitter.com') !== false) {
return '<a href="https://twitter.com/' . urlencode(ltrim($matches[1], '@')) . '" >' . $url . '</a>';
// Activate github
} else {
if (strpos($in_reply_to, 'github.com') !== false) {
return '<a href="https://github.com/' . urlencode(ltrim($matches[1], '@')) . '" >' . $url . '</a>';
} else {
return $url;
}
}
}, $text);
}
} else {
// No in-reply, so we assume a local user
$r = preg_replace_callback('/(?<=^|[\\>\\s\\n])(\\@[A-Za-z0-9\\_]+)/i', function ($matches) {
$url = $matches[1];
$username = ltrim($matches[1], '@');
if ($user = User::getByHandle($username)) {
return '<a href="' . \Idno\Core\Idno::site()->config()->url . 'profile/' . urlencode($username) . '" >' . $url . '</a>';
} else {
return $url;
}
}, $text);
}
return $r;
}
/**
* Checks HTTP request headers to see if the request has been properly
* signed for API access, and if so, log the user on and return the user
*
* @return \Idno\Entities\User|false The logged-in user, or false otherwise
*/
function APIlogin()
{
if (!empty($_SERVER['HTTP_X_KNOWN_USERNAME']) && !empty($_SERVER['HTTP_X_KNOWN_SIGNATURE'])) {
if ($user = \Idno\Entities\User::getByHandle($_SERVER['HTTP_X_KNOWN_USERNAME'])) {
$key = $user->getAPIkey();
$hmac = trim($_SERVER['HTTP_X_KNOWN_SIGNATURE']);
$compare_hmac = base64_encode(hash_hmac('sha256', $_SERVER['REQUEST_URI'], $key, true));
if ($hmac == $compare_hmac) {
\Idno\Core\site()->session()->logUserOn($user);
\Idno\Core\site()->session()->setIsAPIRequest(true);
return $user;
}
}
}
return false;
}
