function setup()
{
if (Admin::count_users() == 0 && isset($_POST['email']) && isset($_POST['username']) && isset($_POST['password'])) {
// Do setup
$user_id = User::add($_POST['email']);
User::signup($user_id, $_POST['username'], $_POST['password'], $this->config->encryption_salt);
$user = User::get_by_email($_POST['email']);
// Update session
$_SESSION['user_id'] = $user->id;
// Log login
if (isset($this->plugins->log)) {
$this->plugins->log->add($_SESSION['user_id'], 'user', NULL, 'signup');
}
Application::flash('success', 'You are now logged in to your app!');
// Go forth!
header('Location: ' . $this->url_for('admin', 'config'));
exit;
} else {
// Show setup form
if (Admin::count_users() == 0) {
Application::flash('info', 'Welcome to Rat!');
$this->loadView('admin/setup');
} else {
throw new RoutingException($this->uri, "Page not found");
}
}
}
/**
* Find user by email
*
* @param $email
*
* @return bool|User
*/
public static function findByEmail($email)
{
$user = new User();
$user->get_by_email($email);
if ($user->exists()) {
return $user;
}
return false;
}
function add()
{
$user = User::get_by_id($_SESSION['user_id']);
$_POST['email'] = trim($_POST['email']);
$error = '';
if ($_POST['email'] == '') {
$error .= 'Please enter an email address.<br />';
}
if ($user->invites < 1) {
$error .= 'You don\'t have any invites remaining.<br />';
}
// Check if email contains spaces
if (User::check_contains_spaces($_POST['email']) == TRUE) {
$error .= 'Email address cannot contain spaces.<br />';
}
if (User::check_contains_at($_POST['email']) != TRUE) {
$error .= 'Email must contain an @ symbol.<br />';
}
// Check if already invited
if (Invite::check_invited($_SESSION['user_id'], $_POST['email']) == TRUE) {
$error .= 'You have already invited this person.<br />';
}
// Check if already a user
if (is_object(User::get_by_email($_POST['email'])) == TRUE) {
$error .= 'This person is already using ' . $this->config->name . '!<br />';
}
if ($error == '') {
// No problems so do signup + login
// Add invite to database
$id = Invite::add($_SESSION['user_id'], $_POST['email']);
// Decrement invites in users table
$user->update_invites(-1);
// Award points
if (isset($this->plugins->points)) {
$this->plugins->points->update($_SESSION['user_id'], $this->plugins->points['per_invite_sent']);
}
// Log invite
if (isset($this->plugins->log)) {
$this->plugins->log->add($_SESSION['user_id'], 'invite', $id, 'add', $_POST['email']);
}
$admin = User::get_by_id($this->config->admin_users[0]);
$to = array('email' => $_POST['email']);
$subject = '[' . $this->config->name . '] An invitation from ' . $user->username;
$link = $this->config->url . 'signup/' . $id;
$body = $this->twig_string->render(file_get_contents("themes/{$this->config->theme}/emails/invite_friend.html"), array('user' => $user, 'link' => $link, 'app' => $this));
// Email user
$this->email->send_email($to, $subject, $body);
Application::flash('success', 'Invite sent!');
} else {
$this->uri['params']['email'] = $_POST['email'];
Application::flash('error', $error);
}
$this->index();
}
function add()
{
if (isset($_POST['email']) && isset($_POST['password'])) {
// User trying to sign up but app not configured, error out
if (Admin::count_users() == 0) {
Application::flash('error', $this->config->name . ' is not yet configured properly.
<br />Please contact the creator of this app.');
$this->loadView('items/index');
exit;
}
$user = User::get_by_email($_POST['email']);
if ($user != NULL && $user->authenticate($_POST['password'], $this->config->encryption_salt) == TRUE) {
// Get redirected
if (isset($this->uri['params']['redirect_to'])) {
$redirect_url = $this->uri['params']['redirect_to'];
} else {
$redirect_url = $this->config->url;
}
// Go forth
header('Location: ' . $redirect_url);
exit;
} else {
Application::flash('error', 'Something isn\'t quite right. Please try again...');
$email = $_POST['email'];
}
}
if (!isset($_SESSION['user_id'])) {
if (isset($email)) {
$this->loadView('sessions/add', array('email' => $email));
} else {
$this->loadView('sessions/add');
}
} else {
Application::flash('error', 'You are already logged in! ' . $this->get_link_to('Click here', 'sessions', 'remove') . ' to logout.');
$this->loadView();
}
}
public function send_password()
{
$this->layout = 'blank';
$user = new User(_post('user'));
$user->refine();
if (!$user->validate_send_password()) {
$this->flash->add('message_error', $user->errors->get_messages());
$this->back();
}
$user = User::get_by_email($user->email);
$user->send_password();
$this->redirect_to('/user/send_password_success');
}
$data['identity'] = $provider;
if (isset($data['name'])) {
$data['fullname'] = $data['name'];
}
$user = User::get_by_identity_openidConnectSub($provider, $data['sub']);
if (!$user && $oidc->getPlainOpenid()) {
// This may be the first time the user logs in after the migration from
// OpenID 2.0 to OpenID Connect.
$user = User::get_by_identity($oidc->getPlainOpenid());
if ($user) {
$user->identity = null;
// session_login will overwrite it
}
}
if ($user) {
session_login($user, $data);
} else {
// First time logging in, must claim an existing account or create a new one
// TODO this duplicates code in revenireOpenid.php
$user = isset($data['email']) ? User::get_by_email($data['email']) : null;
$loginType = $user ? 0 : (isset($data['fullname']) ? 1 : (isset($data['nickname']) ? 2 : 3));
// Store the identity in a temporary file. Don't print it in the form, because then it can be faked on the next page.
$randString = util_randomCapitalLetterString(20);
FileCache::put($randString, $data);
SmartyWrap::assign('page_title', 'Autentificare cu OpenID');
SmartyWrap::assign('suggestHiddenSearchForm', true);
SmartyWrap::assign('data', $data);
SmartyWrap::assign('randString', $randString);
SmartyWrap::assign('loginType', $loginType);
SmartyWrap::display('auth/chooseIdentity.ihtml');
}
function check_email()
{
$user = new User();
$user->get_by_email($_GET['email']);
$user->email ? $this->output->set_output("false") : $this->output->set_output("true");
}
private function signup_full()
{
$error = '';
// Check email
$_POST['email'] = trim($_POST['email']);
$email_check = $this->check_email($_POST['email']);
if ($email_check !== TRUE) {
$error .= $email_check;
}
// Check username
$username_check = $this->check_username($_POST['username']);
if ($username_check !== TRUE) {
$error .= $username_check;
}
// Check password
$password_check = $this->check_password($_POST['password1'], $_POST['password2']);
if ($password_check !== TRUE) {
$error .= $password_check;
}
// Error processing
if ($error == '') {
// No error so proceed...
// First check if user added
$user = User::get_by_email($_POST['email']);
// If not then add
if ($user == NULL) {
$user_id = User::add($_POST['email']);
$user = User::get_by_id($user_id);
}
// Do signup
User::signup($user->id, $_POST['username'], $_POST['password1'], $this->config->encryption_salt);
if ($this->config->send_emails == TRUE) {
// Send 'thank you for signing up' email
$admin = User::get_by_id($this->config->admin_users[0]);
$to = array('name' => $_POST['username'], 'email' => $_POST['email']);
$subject = '[' . $this->config->name . '] Welcome to ' . $this->config->name . '!';
$body = $this->twig_string->render(file_get_contents("themes/{$this->config->theme}/emails/signup.html"), array('username' => $_POST['username'], 'app' => $this));
// Email user
$this->email->send_email($to, $subject, $body);
}
// Log signup
if (isset($this->plugins->log)) {
$this->plugins->log->add($user->id, 'user', NULL, 'signup');
}
// Admin alert email
if ($this->config->send_emails && $this->config->signup_email_notifications == TRUE) {
$admin = User::get_by_id($this->config->admin_users[0]);
$to = array('name' => $admin->username, 'email' => $admin->email);
$subject = '[' . $this->config->name . '] New signup on ' . $this->config->name . '!';
$link = substr($this->config->url, 0, -1) . $this->url_for('users', 'show', $user->id);
$body = $this->twig_string->render(file_get_contents("themes/{$this->config->theme}/emails/admin_signup_notification.html"), array('link' => $link, 'app' => $this));
// Email user
$this->email->send_email($to, $subject, $body);
}
// Start session
$_SESSION['user_id'] = $user->id;
// Check invites are enabled and the code is valid
if ($this->config->invites->enabled == TRUE && Invite::check_code_valid($_POST['code'], $_POST['email']) == TRUE) {
// Get invites
$invites = Invite::list_by_code($_POST['code']);
if (is_array($invites)) {
foreach ($invites as $invite) {
// Update invites
$invite->update();
// Log invite update
if (isset($this->plugins->log)) {
$this->plugins->log->add($_SESSION['user_id'], 'invite', $invite->id, 'accept');
}
// Update points (but only if inviting user is not an admin)
if (isset($this->plugins->points) && in_array($invite->user_id, $this->config->admin_users) != TRUE) {
// Update points
$this->plugins->points->update($invite->user_id, $this->plugins->points['per_invite_accepted']);
// Log points update
if (isset($this->plugins->log)) {
$this->plugins->log->add($invite->user_id, 'points', NULL, $this->plugins->points['per_invite_accepted'], 'invite_accepted = ' . $invite->id);
}
}
}
// end foreach
}
// end if is_array
}
// Log login
if (isset($this->plugins->log)) {
$this->plugins->log->add($_SESSION['user_id'], 'user', NULL, 'login');
}
// If redirect_to is set then redirect
if ($this->uri['params']['redirect_to']) {
header('Location: ' . $this->uri['params']['redirect_to']);
exit;
}
// Set welcome message
Application::flash('success', 'Welcome to ' . $this->config->name . '!');
// Go forth!
header('Location: ' . $this->config->url);
exit;
} else {
// There was an error
// Propagate get vars to be picked up by the form
$this->uri['params']['email'] = $_POST['email'];
$this->uri['params']['username'] = $_POST['username'];
if (isset($_POST['code'])) {
$this->code = $_POST['code'];
}
// Show error message
Application::flash('error', $error);
// Show signup form
$this->loadView('users/add', array('title' => 'Signup'));
}
}
/**
* Email Exists
* Check if an email address exists
*
* @param mixed $email
*/
public function email_exists($email)
{
$u = new User();
$u->get_by_email($email);
return $u->exists() ? TRUE : FALSE;
}
public function login($remember_me = false)
{
$current_cookie_params = session_get_cookie_params();
if ($remember_me) {
session_write_close();
session_set_cookie_params(3600 * 24 * 7);
session_start();
} else {
session_write_close();
session_set_cookie_params($current_cookie_params['lifetime']);
session_start();
}
$user = User::get_by_email($this->email);
_session('user', $user);
}
require_once "../../phplib/util.php";
util_assertNotMirror();
util_assertNotLoggedIn();
$submitButton = util_getRequestParameter('submitButton');
$identity = util_getRequestParameter('identity');
$email = util_getRequestParameter('email');
SmartyWrap::assign('identity', $identity);
SmartyWrap::assign('email', $email);
SmartyWrap::assign('page_title', 'Parolă uitată');
SmartyWrap::assign('suggestHiddenSearchForm', true);
if ($submitButton) {
if (!$email) {
FlashMessage::add('Trebuie să introduceți o adresă de e-mail.');
SmartyWrap::display('auth/parola-uitata.ihtml');
} else {
$user = User::get_by_email($email);
if ($user) {
log_userLog("Password recovery requested for {$email} from " . $_SERVER['REMOTE_ADDR']);
// Create the token
$pt = Model::factory('PasswordToken')->create();
$pt->userId = $user->id;
$pt->token = util_randomCapitalLetterString(20);
$pt->save();
// Send email
SmartyWrap::assign('homePage', util_getFullServerUrl());
SmartyWrap::assign('token', $pt->token);
$body = SmartyWrap::fetch('email/resetPassword.ihtml');
$ourEmail = Config::get('global.contact');
$headers = array("From: DEX online <{$ourEmail}>", "Reply-To: {$ourEmail}", 'Content-Type: text/plain; charset=UTF-8');
$result = mail($email, "Schimbarea parolei pentru DEX online", $body, implode("\r\n", $headers));
}
