Beispiel #1
0
 public static function generate_jwt($user, $expire)
 {
     $issuedAt = time();
     $tokenId = base64_encode(Random::key(32));
     $serverName = Config::get('serverName');
     /*
      * Create the token as an array
      */
     $data = ['iat' => $issuedAt, 'jti' => $tokenId, 'iss' => $serverName, 'exp' => $expire, 'data' => ['userId' => $user->id, 'userName' => $user->username]];
     /*
      * Extract the key, which is coming from the config file.
      *
      * Generated with base64_encode(openssl_random_pseudo_bytes(64));
      */
     $secretKey = base64_decode(ForumSettings::get('jwt_token'));
     /*
      * Extract the algorithm from the config file too
      */
     $algorithm = ForumSettings::get('jwt_algorithm');
     /*
      * Encode the array to a JWT string.
      * Second parameter is the key to encode the token.
      *
      * The output string can be validated at http://jwt.io/
      */
     $jwt = JWT::encode($data, $secretKey, $algorithm);
     return $jwt;
 }
Beispiel #2
0
 public function insert_user($user)
 {
     $user = Container::get('hooks')->fire('model.register.insert_user_start', $user);
     // Insert the new user into the database. We do this now to get the last inserted ID for later use
     $now = time();
     $intial_group_id = ForumSettings::get('o_regs_verify') == '0' ? ForumSettings::get('o_default_user_group') : ForumEnv::get('FEATHER_UNVERIFIED');
     $password_hash = Random::hash($user['password1']);
     // Add the user
     $user['insert'] = array('username' => $user['username'], 'group_id' => $intial_group_id, 'password' => $password_hash, 'email' => $user['email1'], 'email_setting' => ForumSettings::get('o_default_email_setting'), 'timezone' => ForumSettings::get('o_default_timezone'), 'dst' => 0, 'language' => $user['language'], 'style' => ForumSettings::get('o_default_style'), 'registered' => $now, 'registration_ip' => Utils::getIp(), 'last_visit' => $now);
     $user = DB::for_table('users')->create()->set($user['insert']);
     $user = Container::get('hooks')->fireDB('model.register.insert_user_query', $user);
     $user = $user->save();
     $new_uid = DB::get_db()->lastInsertId(ForumSettings::get('db_prefix') . 'users');
     // If the mailing list isn't empty, we may need to send out some alerts
     if (ForumSettings::get('o_mailing_list') != '') {
         // If we previously found out that the email was banned
         if (isset($user['banned_email'])) {
             // Load the "banned email register" template
             $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/banned_email_register.tpl'));
             $mail_tpl = Container::get('hooks')->fire('model.register.insert_user_banned_mail_tpl', $mail_tpl);
             // The first row contains the subject
             $first_crlf = strpos($mail_tpl, "\n");
             $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
             $mail_subject = Container::get('hooks')->fire('model.register.insert_user_banned_mail_subject', $mail_subject);
             $mail_message = trim(substr($mail_tpl, $first_crlf));
             $mail_message = str_replace('<username>', $user['username'], $mail_message);
             $mail_message = str_replace('<email>', $user['email1'], $mail_message);
             $mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message);
             $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
             $mail_message = Container::get('hooks')->fire('model.register.insert_user_banned_mail_message', $mail_message);
             Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
         }
         // If we previously found out that the email was a dupe
         if (!empty($dupe_list)) {
             // Load the "dupe email register" template
             $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/dupe_email_register.tpl'));
             $mail_tpl = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_tpl', $mail_tpl);
             // The first row contains the subject
             $first_crlf = strpos($mail_tpl, "\n");
             $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
             $mail_subject = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_subject', $mail_subject);
             $mail_message = trim(substr($mail_tpl, $first_crlf));
             $mail_message = str_replace('<username>', $user['username'], $mail_message);
             $mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
             $mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message);
             $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
             $mail_message = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_message', $mail_message);
             Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
         }
         // Should we alert people on the admin mailing list that a new user has registered?
         if (ForumSettings::get('o_regs_report') == '1') {
             // Load the "new user" template
             $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/new_user.tpl'));
             $mail_tpl = Container::get('hooks')->fire('model.register.insert_user_new_mail_tpl', $mail_tpl);
             // The first row contains the subject
             $first_crlf = strpos($mail_tpl, "\n");
             $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
             $mail_subject = Container::get('hooks')->fire('model.register.insert_user_new_mail_subject', $mail_subject);
             $mail_message = trim(substr($mail_tpl, $first_crlf));
             $mail_message = str_replace('<username>', $user['username'], $mail_message);
             $mail_message = str_replace('<base_url>', Router::pathFor('home'), $mail_message);
             $mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message);
             $mail_message = str_replace('<admin_url>', Router::pathFor('profileSection', ['id' => $new_uid, 'section' => 'admin']), $mail_message);
             $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
             $mail_message = Container::get('hooks')->fire('model.register.insert_user_new_mail_message', $mail_message);
             Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
         }
     }
     // Must the user verify the registration or do we log him/her in right now?
     if (ForumSettings::get('o_regs_verify') == '1') {
         // Load the "welcome" template
         $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/welcome.tpl'));
         $mail_tpl = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_tpl', $mail_tpl);
         // The first row contains the subject
         $first_crlf = strpos($mail_tpl, "\n");
         $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
         $mail_subject = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_subject', $mail_subject);
         $mail_message = trim(substr($mail_tpl, $first_crlf));
         $mail_subject = str_replace('<board_title>', ForumSettings::get('o_board_title'), $mail_subject);
         $mail_message = str_replace('<base_url>', Router::pathFor('home'), $mail_message);
         $mail_message = str_replace('<username>', $user['username'], $mail_message);
         $mail_message = str_replace('<password>', $user['password1'], $mail_message);
         $mail_message = str_replace('<login_url>', Router::pathFor('login'), $mail_message);
         $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
         $mail_message = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_message', $mail_message);
         Container::get('email')->feather_mail($user['email1'], $mail_subject, $mail_message);
         return Router::redirect(Router::pathFor('home'), __('Reg email') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.');
     }
     $user_object = new \stdClass();
     $user_object->id = $new_uid;
     $user_object->username = $user['username'];
     $expire = time() + ForumSettings::get('o_timeout_visit');
     $jwt = AuthModel::generate_jwt($user_object, $expire);
     AuthModel::feather_setcookie('Bearer ' . $jwt, $expire);
     // Refresh cache
     Container::get('cache')->store('users_info', Cache::get_users_info());
     Container::get('hooks')->fire('model.register.insert_user');
     return Router::redirect(Router::pathFor('home'), __('Reg complete'));
 }
Beispiel #3
0
}
if (ForumSettings::get('o_rules') == '1' && (!User::get()->is_guest || User::get()->g_read_board == '1' || ForumSettings::get('o_regs_allow') == '1')) {
    $navlinks[] = '<li id="navrules"' . ($active_page == 'rules' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('rules') . '">' . __('Rules') . '</a></li>';
}
if (User::get()->g_read_board == '1' && User::get()->g_search == '1') {
    $navlinks[] = '<li id="navsearch"' . ($active_page == 'search' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('search') . '">' . __('Search') . '</a></li>';
}
if (User::get()->is_guest) {
    $navlinks[] = '<li id="navregister"' . ($active_page == 'register' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('register') . '">' . __('Register') . '</a></li>';
    $navlinks[] = '<li id="navlogin"' . ($active_page == 'login' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('login') . '">' . __('Login') . '</a></li>';
} else {
    $navlinks[] = '<li id="navprofile"' . ($active_page == 'profile' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('userProfile', ['id' => User::get()->id]) . '">' . __('Profile') . '</a></li>';
    if (User::get()->is_admmod) {
        $navlinks[] = '<li id="navadmin"' . ($active_page == 'admin' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('adminIndex') . '">' . __('Admin') . '</a></li>';
    }
    $navlinks[] = '<li id="navlogout"><a href="' . Router::pathFor('logout', ['token' => Random::hash(User::get()->id . Random::hash(Utils::getIp()))]) . '">' . __('Logout') . '</a></li>';
}
// Are there any additional navlinks we should insert into the array before imploding it?
$hooksLinks = Container::get('hooks')->fire('view.header.navlinks', []);
$extraLinks = ForumSettings::get('o_additional_navlinks') . "\n" . implode("\n", $hooksLinks);
if (User::get()->g_read_board == '1' && $extraLinks != '') {
    if (preg_match_all('%([0-9]+)\\s*=\\s*(.*?)\\n%s', $extraLinks . "\n", $results)) {
        // Insert any additional links into the $links array (at the correct index)
        $num_links = count($results[1]);
        for ($i = 0; $i < $num_links; ++$i) {
            array_splice($navlinks, $results[1][$i], 0, array('<li id="navextra' . ($i + 1) . '"' . ($active_page == 'navextra' . ($i + 1) ? ' class="isactive"' : '') . '>' . $results[2][$i] . '</li>'));
        }
    }
}
echo "\t\t\t" . implode("\n\t\t\t", $navlinks);
?>
Beispiel #4
0
 public function change_email($id)
 {
     $id = Container::get('hooks')->fire('model.profile.change_email_start', $id);
     // Make sure we are allowed to change this user's email
     if (User::get()->id != $id) {
         $id = Container::get('hooks')->fire('model.profile.change_email_not_id', $id);
         if (!User::get()->is_admmod) {
             // A regular user trying to change another user's email?
             throw new Error(__('No permission'), 403);
         } elseif (User::get()->g_moderator == '1') {
             // A moderator trying to change a user's email?
             $user['select'] = array('u.group_id', 'g.g_moderator');
             $user = DB::for_table('users')->table_alias('u')->select_many($user['select'])->inner_join('groups', array('g.g_id', '=', 'u.group_id'), 'g')->where('u.id', $id);
             $user = Container::get('hooks')->fireDB('model.profile.change_email_not_id_query', $user);
             $user = $user->find_one();
             if (!$user) {
                 throw new Error(__('Bad request'), 404);
             }
             if (User::get()->g_mod_edit_users == '0' || User::get()->g_mod_change_passwords == '0' || $user['group_id'] == ForumEnv::get('FEATHER_ADMIN') || $user['g_moderator'] == '1') {
                 throw new Error(__('No permission'), 403);
             }
         }
     }
     if (Input::query('key')) {
         $key = Input::query('key');
         $key = Container::get('hooks')->fire('model.profile.change_email_key', $key);
         $new_email_key = DB::for_table('users')->where('id', $id);
         $new_email_key = Container::get('hooks')->fireDB('model.profile.change_email_key_query', $new_email_key);
         $new_email_key = $new_email_key->find_one_col('activate_key');
         if ($key == '' || $key != $new_email_key) {
             throw new Error(__('Email key bad') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.', 400);
         } else {
             $update_mail = DB::for_table('users')->where('id', $id)->find_one()->set_expr('email', 'activate_string')->set_expr('activate_string', 'NULL')->set_expr('activate_key', 'NULL');
             $update_mail = Container::get('hooks')->fireDB('model.profile.change_email_query', $update_mail);
             $update_mail = $update_mail->save();
             return Router::redirect(Router::pathFor('home'), __('Email updated'));
         }
     } elseif (Request::isPost()) {
         Container::get('hooks')->fire('model.profile.change_email_post');
         if (Random::hash(Input::post('req_password')) !== User::get()->password) {
             throw new Error(__('Wrong pass'));
         }
         // Validate the email address
         $new_email = strtolower(Utils::trim(Input::post('req_new_email')));
         $new_email = Container::get('hooks')->fire('model.profile.change_email_new_email', $new_email);
         if (!Container::get('email')->is_valid_email($new_email)) {
             throw new Error(__('Invalid email'), 400);
         }
         // Check if it's a banned email address
         if (Container::get('email')->is_banned_email($new_email)) {
             if (ForumSettings::get('p_allow_banned_email') == '0') {
                 throw new Error(__('Banned email'), 403);
             } elseif (ForumSettings::get('o_mailing_list') != '') {
                 // Load the "banned email change" template
                 $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/banned_email_change.tpl'));
                 $mail_tpl = Container::get('hooks')->fire('model.profile.change_email_mail_tpl', $mail_tpl);
                 // The first row contains the subject
                 $first_crlf = strpos($mail_tpl, "\n");
                 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
                 $mail_subject = Container::get('hooks')->fire('model.profile.change_email_mail_subject', $mail_subject);
                 $mail_message = trim(substr($mail_tpl, $first_crlf));
                 $mail_message = str_replace('<username>', User::get()->username, $mail_message);
                 $mail_message = str_replace('<email>', $new_email, $mail_message);
                 $mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $id]), $mail_message);
                 $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
                 $mail_message = Container::get('hooks')->fire('model.profile.change_email_mail_message', $mail_message);
                 Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
             }
         }
         // Check if someone else already has registered with that email address
         $result['select'] = array('id', 'username');
         $result = DB::for_table('users')->select_many($result['select'])->where('email', $new_email);
         $result = Container::get('hooks')->fireDB('model.profile.change_email_check_mail', $result);
         $result = $result->find_many();
         if ($result) {
             if (ForumSettings::get('p_allow_dupe_email') == '0') {
                 throw new Error(__('Dupe email'), 400);
             } elseif (ForumSettings::get('o_mailing_list') != '') {
                 foreach ($result as $cur_dupe) {
                     $dupe_list[] = $cur_dupe['username'];
                 }
                 // Load the "dupe email change" template
                 $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/dupe_email_change.tpl'));
                 $mail_tpl = Container::get('hooks')->fire('model.profile.change_email_mail_dupe_tpl', $mail_tpl);
                 // The first row contains the subject
                 $first_crlf = strpos($mail_tpl, "\n");
                 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
                 $mail_subject = Container::get('hooks')->fire('model.profile.change_email_mail_dupe_subject', $mail_subject);
                 $mail_message = trim(substr($mail_tpl, $first_crlf));
                 $mail_message = str_replace('<username>', User::get()->username, $mail_message);
                 $mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
                 $mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $id]), $mail_message);
                 $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
                 $mail_message = Container::get('hooks')->fire('model.profile.change_email_mail_dupe_message', $mail_message);
                 Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
             }
         }
         $new_email_key = Random::pass(8);
         $new_email_key = Container::get('hooks')->fire('model.profile.change_email_new_email_key', $new_email_key);
         // Update the user
         unset($user);
         $user['update'] = array('activate_string' => $new_email, 'activate_key' => $new_email_key);
         $user = DB::for_table('users')->where('id', tid)->find_one()->set($user['update']);
         $user = Container::get('hooks')->fireDB('model.profile.change_email_user_query', $user);
         $user = $user->save();
         // Load the "activate email" template
         $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/activate_email.tpl'));
         $mail_tpl = Container::get('hooks')->fire('model.profile.change_email_mail_activate_tpl', $mail_tpl);
         // The first row contains the subject
         $first_crlf = strpos($mail_tpl, "\n");
         $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
         $mail_subject = Container::get('hooks')->fire('model.profile.change_email_mail_activate_subject', $mail_subject);
         $mail_message = trim(substr($mail_tpl, $first_crlf));
         $mail_message = str_replace('<username>', User::get()->username, $mail_message);
         $mail_message = str_replace('<base_url>', Url::base(), $mail_message);
         $mail_message = str_replace('<activation_url>', Router::pathFor('profileAction', ['id' => $id, 'action' => 'change_email']) . '?key=' . $new_email_key, $mail_message);
         $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
         $mail_message = Container::get('hooks')->fire('model.profile.change_email_mail_activate_message', $mail_message);
         Container::get('email')->feather_mail($new_email, $mail_subject, $mail_message);
         Container::get('hooks')->fire('model.profile.change_email_sent');
         throw new Error(__('Activate email sent') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.', true);
     }
     Container::get('hooks')->fire('model.profile.change_email');
 }
Beispiel #5
0
}
if ($feather->forum_settings['o_rules'] == '1' && (!$feather->user->is_guest || $feather->user->g_read_board == '1' || $feather->forum_settings['o_regs_allow'] == '1')) {
    echo "\t\t\t\t\t\t" . '<li id="navrules"' . ($active_page == 'rules' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('rules') . '">' . __('Rules') . '</a></li>' . "\n";
}
if ($feather->user->g_read_board == '1' && $feather->user->g_search == '1') {
    echo "\t\t\t\t\t\t" . '<li id="navsearch"' . ($active_page == 'search' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('search') . '">' . __('Search') . '</a></li>' . "\n";
}
if ($feather->user->is_guest) {
    echo "\t\t\t\t\t\t" . '<li id="navregister"' . ($active_page == 'register' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('register') . '">' . __('Register') . '</a></li>' . "\n";
    echo "\t\t\t\t\t\t" . '<li id="navlogin"' . ($active_page == 'login' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('login') . '">' . __('Login') . '</a></li>' . "\n";
} else {
    echo "\t\t\t\t\t\t" . '<li id="navprofile"' . ($active_page == 'profile' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('userProfile', ['id' => $feather->user->id]) . '">' . __('Profile') . '</a></li>' . "\n";
    if ($feather->user->is_admmod) {
        echo "\t\t\t\t\t\t" . '<li id="navadmin"' . ($active_page == 'admin' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('adminIndex') . '">' . __('Admin') . '</a></li>' . "\n";
    }
    echo "\t\t\t\t\t\t" . '<li id="navlogout"><a href="' . $feather->urlFor('logout', ['token' => Random::hash($feather->user->id . Random::hash($feather->request->getIp()))]) . '">' . __('Logout') . '</a></li>' . "\n";
}
// // Are there any additional navlinks we should insert into the array before imploding it?
// if ($feather->user->g_read_board == '1' && $feather->forum_settings['o_additional_navlinks'] != '') {
//     if (preg_match_all('%([0-9]+)\s*=\s*(.*?)\n%s', $feather->forum_settings['o_additional_navlinks']."\n", $extra_links)) {
//         // Insert any additional links into the $links array (at the correct index)
//         $num_links = count($extra_links[1]);
//         for ($i = 0; $i < $num_links; ++$i) {
//             array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra'.($i + 1).'">'.$extra_links[2][$i].'</li>'));
//         }
//     }
// }
?>
                        </ul>
                    </div>
                <div class="navbar-right">
Beispiel #6
0
 public function call()
 {
     global $feather_bans;
     if ($cookie = $this->get_cookie_data($this->app->forum_settings['cookie_name'], $this->app->forum_settings['cookie_seed'])) {
         $this->app->user = $this->model->load_user($cookie['user_id']);
         $expires = $cookie['expires'] > $this->app->now + $this->app->forum_settings['o_timeout_visit'] ? $this->app->now + 1209600 : $this->app->now + $this->app->forum_settings['o_timeout_visit'];
         $this->app->user->is_guest = false;
         $this->app->user->is_admmod = $this->app->user->g_id == $this->app->forum_env['FEATHER_ADMIN'] || $this->app->user->g_moderator == '1';
         if (!$this->app->user->disp_topics) {
             $this->app->user->disp_topics = $this->app->forum_settings['o_disp_topics_default'];
         }
         if (!$this->app->user->disp_posts) {
             $this->app->user->disp_posts = $this->app->forum_settings['o_disp_posts_default'];
         }
         if (!file_exists($this->app->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->app->user->language)) {
             $this->app->user->language = $this->app->forum_settings['o_default_lang'];
         }
         if (!file_exists($this->app->forum_env['FEATHER_ROOT'] . 'style/themes/' . $this->app->user->style . '/style.css')) {
             $this->app->user->style = $this->app->forum_settings['o_default_style'];
         }
         $this->model->feather_setcookie($this->app->user->id, $this->app->user->password, $expires);
         $this->update_online();
     } else {
         $this->app->user = $this->model->load_user(1);
         $this->app->user->disp_topics = $this->app->forum_settings['o_disp_topics_default'];
         $this->app->user->disp_posts = $this->app->forum_settings['o_disp_posts_default'];
         $this->app->user->timezone = $this->app->forum_settings['o_default_timezone'];
         $this->app->user->dst = $this->app->forum_settings['o_default_dst'];
         $this->app->user->language = $this->app->forum_settings['o_default_lang'];
         $this->app->user->style = $this->app->forum_settings['o_default_style'];
         $this->app->user->is_guest = true;
         $this->app->user->is_admmod = false;
         // Update online list
         if (!$this->app->user->logged) {
             $this->app->user->logged = time();
             // With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
             switch ($this->app->forum_settings['db_type']) {
                 case 'mysql':
                 case 'mysqli':
                 case 'mysql_innodb':
                 case 'mysqli_innodb':
                 case 'sqlite':
                 case 'sqlite3':
                     DB::for_table('online')->raw_execute('REPLACE INTO ' . $this->app->forum_settings['db_prefix'] . 'online (user_id, ident, logged) VALUES(1, :ident, :logged)', array(':ident' => $this->app->request->getIp(), ':logged' => $this->app->user->logged));
                     break;
                 default:
                     DB::for_table('online')->raw_execute('INSERT INTO ' . $this->app->forum_settings['db_prefix'] . 'online (user_id, ident, logged) SELECT 1, :ident, :logged WHERE NOT EXISTS (SELECT 1 FROM ' . $this->app->db->prefix . 'online WHERE ident=:ident)', array(':ident' => $this->app->request->getIp(), ':logged' => $this->app->user->logged));
                     break;
             }
         } else {
             DB::for_table('online')->where('ident', $this->app->request->getIp())->update_many('logged', time());
         }
         $this->model->feather_setcookie(1, Random::hash(uniqid(rand(), true)), $this->app->now + 31536000);
     }
     load_textdomain('featherbb', $this->app->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->app->user->language . '/common.mo');
     // Load bans from cache
     if (!$this->app->cache->isCached('bans')) {
         $this->app->cache->store('bans', Cache::get_bans());
     }
     $feather_bans = $this->app->cache->retrieve('bans');
     // Check if current user is banned
     $this->check_bans();
     // Update online list
     $this->update_users_online();
     $this->next->call();
 }
Beispiel #7
0
 public function insert_user($user)
 {
     $user = $this->hook->fire('insert_user_start', $user);
     // Insert the new user into the database. We do this now to get the last inserted ID for later use
     $now = time();
     $intial_group_id = $this->config['o_regs_verify'] == '0' ? $this->config['o_default_user_group'] : $this->feather->forum_env['FEATHER_UNVERIFIED'];
     $password_hash = Random::hash($user['password1']);
     // Add the user
     $user['insert'] = array('username' => $user['username'], 'group_id' => $intial_group_id, 'password' => $password_hash, 'email' => $user['email1'], 'email_setting' => $this->config['o_default_email_setting'], 'timezone' => $this->config['o_default_timezone'], 'dst' => 0, 'language' => $user['language'], 'style' => $this->config['o_default_style'], 'registered' => $now, 'registration_ip' => $this->request->getIp(), 'last_visit' => $now);
     $user = DB::for_table('users')->create()->set($user['insert']);
     $user = $this->hook->fireDB('insert_user_query', $user);
     $user = $user->save();
     $new_uid = DB::get_db()->lastInsertId($this->feather->forum_settings['db_prefix'] . 'users');
     if ($this->config['o_regs_verify'] == '0') {
         // Regenerate the users info cache
         if (!$this->feather->cache->isCached('users_info')) {
             $this->feather->cache->store('users_info', Cache::get_users_info());
         }
         $stats = $this->feather->cache->retrieve('users_info');
     }
     // If the mailing list isn't empty, we may need to send out some alerts
     if ($this->config['o_mailing_list'] != '') {
         // If we previously found out that the email was banned
         if (isset($user['banned_email'])) {
             // Load the "banned email register" template
             $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/banned_email_register.tpl'));
             $mail_tpl = $this->hook->fire('insert_user_banned_mail_tpl', $mail_tpl);
             // The first row contains the subject
             $first_crlf = strpos($mail_tpl, "\n");
             $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
             $mail_subject = $this->hook->fire('insert_user_banned_mail_subject', $mail_subject);
             $mail_message = trim(substr($mail_tpl, $first_crlf));
             $mail_message = str_replace('<username>', $user['username'], $mail_message);
             $mail_message = str_replace('<email>', $user['email1'], $mail_message);
             $mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message);
             $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
             $mail_message = $this->hook->fire('insert_user_banned_mail_message', $mail_message);
             $this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
         }
         // If we previously found out that the email was a dupe
         if (!empty($dupe_list)) {
             // Load the "dupe email register" template
             $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/dupe_email_register.tpl'));
             $mail_tpl = $this->hook->fire('insert_user_dupe_mail_tpl', $mail_tpl);
             // The first row contains the subject
             $first_crlf = strpos($mail_tpl, "\n");
             $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
             $mail_subject = $this->hook->fire('insert_user_dupe_mail_subject', $mail_subject);
             $mail_message = trim(substr($mail_tpl, $first_crlf));
             $mail_message = str_replace('<username>', $user['username'], $mail_message);
             $mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
             $mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message);
             $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
             $mail_message = $this->hook->fire('insert_user_dupe_mail_message', $mail_message);
             $this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
         }
         // Should we alert people on the admin mailing list that a new user has registered?
         if ($this->config['o_regs_report'] == '1') {
             // Load the "new user" template
             $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/new_user.tpl'));
             $mail_tpl = $this->hook->fire('insert_user_new_mail_tpl', $mail_tpl);
             // The first row contains the subject
             $first_crlf = strpos($mail_tpl, "\n");
             $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
             $mail_subject = $this->hook->fire('insert_user_new_mail_subject', $mail_subject);
             $mail_message = trim(substr($mail_tpl, $first_crlf));
             $mail_message = str_replace('<username>', $user['username'], $mail_message);
             $mail_message = str_replace('<base_url>', $this->feather->urlFor('home'), $mail_message);
             $mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message);
             $mail_message = str_replace('<admin_url>', $this->feather->urlFor('profileSection', ['id' => $new_uid, 'section' => 'admin']), $mail_message);
             $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
             $mail_message = $this->hook->fire('insert_user_new_mail_message', $mail_message);
             $this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
         }
     }
     // Must the user verify the registration or do we log him/her in right now?
     if ($this->config['o_regs_verify'] == '1') {
         // Load the "welcome" template
         $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/welcome.tpl'));
         $mail_tpl = $this->hook->fire('insert_user_welcome_mail_tpl', $mail_tpl);
         // The first row contains the subject
         $first_crlf = strpos($mail_tpl, "\n");
         $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
         $mail_subject = $this->hook->fire('insert_user_welcome_mail_subject', $mail_subject);
         $mail_message = trim(substr($mail_tpl, $first_crlf));
         $mail_subject = str_replace('<board_title>', $this->config['o_board_title'], $mail_subject);
         $mail_message = str_replace('<base_url>', $this->feather->urlFor('home'), $mail_message);
         $mail_message = str_replace('<username>', $user['username'], $mail_message);
         $mail_message = str_replace('<password>', $user['password1'], $mail_message);
         $mail_message = str_replace('<login_url>', $this->feather->urlFor('login'), $mail_message);
         $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
         $mail_message = $this->hook->fire('insert_user_welcome_mail_message', $mail_message);
         $this->email->feather_mail($user['email1'], $mail_subject, $mail_message);
         Url::redirect($this->feather->urlFor('home'), __('Reg email') . ' <a href="mailto:' . Utils::escape($this->config['o_admin_email']) . '">' . Utils::escape($this->config['o_admin_email']) . '</a>.');
     }
     $this->auth->feather_setcookie($new_uid, $password_hash, time() + $this->config['o_timeout_visit']);
     $this->hook->fire('insert_user');
     Url::redirect($this->feather->urlFor('home'), __('Reg complete'));
 }
Beispiel #8
0
 public function create_config(array $data)
 {
     Container::get('hooks')->fire('controller.install.create_config');
     // Generate config ...
     $config = array();
     foreach ($data as $key => $value) {
         if (in_array($key, $this->config_keys)) {
             $config[$key] = $value;
         }
     }
     $config = array_merge($config, array('cookie_name' => mb_strtolower(ForumEnv::get('FORUM_NAME')) . '_cookie_' . Random::key(7, false, true), 'jwt_token' => base64_encode(Random::secure_random_bytes(64)), 'jwt_algorithm' => 'HS512'));
     // ... And write it on disk
     if ($this->write_config($config)) {
         return $this->create_db($data);
     } else {
         // TODO: Translate
         return Router::redirect(Router::pathFor('install'), ['error', 'Error while writing config file']);
     }
 }
Beispiel #9
0
 public function create_config(array $data)
 {
     // Generate config ...
     $config = array();
     foreach ($data as $key => $value) {
         if (in_array($key, $this->config_keys)) {
             $config[$key] = $value;
         }
     }
     $config = array_merge($config, array('cookie_name' => mb_strtolower($this->feather->forum_env['FORUM_NAME']) . '_cookie_' . Random::key(7, false, true), 'cookie_seed' => Random::key(16, false, true)));
     // ... And write it on disk
     if ($this->write_config($config)) {
         $this->create_db($data);
     }
 }
Beispiel #10
0
function authenticate_user($user, $password, $password_is_hash = false)
{
    // Check if there's a user matching $user and $password
    $select_check_cookie = array('u.*', 'g.*', 'o.logged', 'o.idle');
    $result = DB::for_table('users')->table_alias('u')->select_many($select_check_cookie)->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->left_outer_join('online', array('o.user_id', '=', 'u.id'), 'o');
    if (is_int($user)) {
        $result = $result->where('u.id', intval($user));
    } else {
        $result = $result->where('u.username', $user);
    }
    $result = $result->find_result_set();
    foreach ($result as User::get()) {
    }
    if (!isset(User::get()->id) || $password_is_hash && $password != User::get()->password || !$password_is_hash && \FeatherBB\Core\Random::hash($password) != User::get()->password) {
        set_default_user();
    } else {
        User::get()->is_guest = false;
    }
    translate('common');
    translate('index');
}
Beispiel #11
0
?>
</span>
                                    </td>
                                </tr>
                                <tr>
                                    <th scope="row"><?php 
_e('SMTP password label');
?>
</th>
                                    <td>
                                        <label><input type="checkbox" name="form_smtp_change_pass" value="1" />&#160;<?php 
_e('SMTP change password help');
?>
</label>
<?php 
$smtp_pass = !empty(ForumSettings::get('o_smtp_pass')) ? Random::key(Utils::strlen(ForumSettings::get('o_smtp_pass')), true) : '';
?>
                                        <input type="password" name="form_smtp_pass1" size="25" maxlength="50" value="<?php 
echo $smtp_pass;
?>
" />
                                        <input type="password" name="form_smtp_pass2" size="25" maxlength="50" value="<?php 
echo $smtp_pass;
?>
" />
                                        <span><?php 
_e('SMTP password help');
?>
</span>
                                    </td>
                                </tr>
Beispiel #12
0
 public static function load_admin_user(array $data)
 {
     $now = time();
     return $user = array('group_id' => 1, 'username' => $data['username'], 'password' => Random::hash($data['password']), 'email' => $data['email'], 'language' => $data['default_lang'], 'style' => $data['default_style'], 'num_posts' => 1, 'last_post' => $now, 'registered' => $now, 'registration_ip' => Utils::getIp(), 'last_visit' => $now);
 }
Beispiel #13
0
 public function password_forgotten()
 {
     $this->hook->fire('password_forgotten_start');
     if (!$this->user->is_guest) {
         header('Location: ' . Url::base());
         exit;
     }
     // Start with a clean slate
     $errors = array();
     if ($this->feather->request()->isPost()) {
         // Validate the email address
         $email = strtolower(Utils::trim($this->request->post('req_email')));
         if (!$this->email->is_valid_email($email)) {
             $errors[] = __('Invalid email');
         }
         // Did everything go according to plan?
         if (empty($errors)) {
             $result['select'] = array('id', 'username', 'last_email_sent');
             $result = DB::for_table('users')->select_many($result['select'])->where('email', $email);
             $result = $this->hook->fireDB('password_forgotten_query', $result);
             $result = $result->find_many();
             if ($result) {
                 // Load the "activate password" template
                 $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/activate_password.tpl'));
                 $mail_tpl = $this->hook->fire('mail_tpl_password_forgotten', $mail_tpl);
                 // The first row contains the subject
                 $first_crlf = strpos($mail_tpl, "\n");
                 $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
                 $mail_message = trim(substr($mail_tpl, $first_crlf));
                 // Do the generic replacements first (they apply to all emails sent out here)
                 $mail_message = str_replace('<base_url>', Url::base() . '/', $mail_message);
                 $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
                 $mail_message = $this->hook->fire('mail_message_password_forgotten', $mail_message);
                 // Loop through users we found
                 foreach ($result as $cur_hit) {
                     if ($cur_hit->last_email_sent != '' && time() - $cur_hit->last_email_sent < 3600 && time() - $cur_hit->last_email_sent >= 0) {
                         throw new Error(sprintf(__('Email flood'), intval((3600 - (time() - $cur_hit->last_email_sent)) / 60)), 429);
                     }
                     // Generate a new password and a new password activation code
                     $new_password = Random::pass(12);
                     $new_password_key = Random::pass(8);
                     $query['update'] = array('activate_string' => Random::hash($new_password), 'activate_key' => $new_password_key, 'last_email_sent' => time());
                     $query = DB::for_table('users')->where('id', $cur_hit->id)->find_one()->set($query['update']);
                     $query = $this->hook->fireDB('password_forgotten_mail_query', $query);
                     $query = $query->save();
                     // Do the user specific replacements to the template
                     $cur_mail_message = str_replace('<username>', $cur_hit->username, $mail_message);
                     $cur_mail_message = str_replace('<activation_url>', $this->feather->urlFor('profileAction', ['id' => $cur_hit->id, 'action' => 'change_pass']) . '?key=' . $new_password_key, $cur_mail_message);
                     $cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message);
                     $cur_mail_message = $this->hook->fire('cur_mail_message_password_forgotten', $cur_mail_message);
                     $this->email->feather_mail($email, $mail_subject, $cur_mail_message);
                 }
                 throw new Error(__('Forget mail') . ' <a href="mailto:' . Utils::escape($this->config['o_admin_email']) . '">' . Utils::escape($this->config['o_admin_email']) . '</a>.', 400);
             } else {
                 $errors[] = __('No email match') . ' ' . Utils::escape($email) . '.';
             }
         }
     }
     $errors = $this->hook->fire('password_forgotten', $errors);
     return $errors;
 }
Beispiel #14
0
function authenticate_user($user, $password, $password_is_hash = false)
{
    global $feather;
    // Check if there's a user matching $user and $password
    $select_check_cookie = array('u.*', 'g.*', 'o.logged', 'o.idle');
    $result = DB::for_table('users')->table_alias('u')->select_many($select_check_cookie)->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->left_outer_join('online', array('o.user_id', '=', 'u.id'), 'o');
    if (is_int($user)) {
        $result = $result->where('u.id', intval($user));
    } else {
        $result = $result->where('u.username', $user);
    }
    $result = $result->find_result_set();
    foreach ($result as $feather->user) {
    }
    if (!isset($feather->user->id) || $password_is_hash && $password != $feather->user->password || !$password_is_hash && \FeatherBB\Core\Random::hash($password) != $feather->user->password) {
        set_default_user();
    } else {
        $feather->user->is_guest = false;
    }
    load_textdomain('featherbb', FEATHER_ROOT . 'featherbb/lang/' . $feather->user->language . '/common.mo');
    load_textdomain('featherbb', FEATHER_ROOT . 'featherbb/lang/' . $feather->user->language . '/index.mo');
}
Beispiel #15
0
 public function forget()
 {
     if (!$this->feather->user->is_guest) {
         Url::redirect($this->feather->urlFor('home'), 'Already logged in');
     }
     if ($this->feather->request->isPost()) {
         // Validate the email address
         $email = strtolower(Utils::trim($this->feather->request->post('req_email')));
         if (!$this->feather->email->is_valid_email($email)) {
             throw new Error(__('Invalid email'), 400);
         }
         $user = ModelAuth::get_user_from_email($email);
         if ($user) {
             // Load the "activate password" template
             $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->feather->user->language . '/mail_templates/activate_password.tpl'));
             $mail_tpl = $this->feather->hooks->fire('mail_tpl_password_forgotten', $mail_tpl);
             // The first row contains the subject
             $first_crlf = strpos($mail_tpl, "\n");
             $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
             $mail_message = trim(substr($mail_tpl, $first_crlf));
             // Do the generic replacements first (they apply to all emails sent out here)
             $mail_message = str_replace('<base_url>', Url::base() . '/', $mail_message);
             $mail_message = str_replace('<board_mailer>', $this->feather->forum_settings['o_board_title'], $mail_message);
             $mail_message = $this->feather->hooks->fire('mail_message_password_forgotten', $mail_message);
             if ($user->last_email_sent != '' && time() - $user->last_email_sent < 3600 && time() - $user->last_email_sent >= 0) {
                 throw new Error(sprintf(__('Email flood'), intval((3600 - (time() - $user->last_email_sent)) / 60)), 429);
             }
             // Generate a new password and a new password activation code
             $new_password = Random::pass(12);
             $new_password_key = Random::pass(8);
             ModelAuth::set_new_password($new_password, $new_password_key, $user->id);
             // Do the user specific replacements to the template
             $cur_mail_message = str_replace('<username>', $user->username, $mail_message);
             $cur_mail_message = str_replace('<activation_url>', $this->feather->urlFor('profileAction', ['action' => 'change_pass']) . '?key=' . $new_password_key, $cur_mail_message);
             $cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message);
             $cur_mail_message = $this->feather->hooks->fire('cur_mail_message_password_forgotten', $cur_mail_message);
             $this->feather->email->feather_mail($email, $mail_subject, $cur_mail_message);
             Url::redirect($this->feather->urlFor('home'), __('Forget mail') . ' <a href="mailto:' . $this->feather->utils->escape($this->feather->forum_settings['o_admin_email']) . '">' . $this->feather->utils->escape($this->feather->forum_settings['o_admin_email']) . '</a>.', 200);
         } else {
             throw new Error(__('No email match') . ' ' . Utils::escape($email) . '.', 400);
         }
     }
     $this->feather->template->setPageInfo(array('active_page' => 'login', 'title' => array(Utils::escape($this->feather->forum_settings['o_board_title']), __('Request pass')), 'required_fields' => array('req_email' => __('Email')), 'focus_element' => array('request_pass', 'req_email')))->addTemplate('login/password_forgotten.php')->display();
 }
Beispiel #16
0
?>
</span>
									</td>
								</tr>
								<tr>
									<th scope="row"><?php 
_e('SMTP password label');
?>
</th>
									<td>
										<label><input type="checkbox" name="form_smtp_change_pass" value="1" />&#160;<?php 
_e('SMTP change password help');
?>
</label>
<?php 
$smtp_pass = !empty($feather->forum_settings['o_smtp_pass']) ? Random::key(Utils::strlen($feather->forum_settings['o_smtp_pass']), true) : '';
?>
										<input type="password" name="form_smtp_pass1" size="25" maxlength="50" value="<?php 
echo $smtp_pass;
?>
" />
										<input type="password" name="form_smtp_pass2" size="25" maxlength="50" value="<?php 
echo $smtp_pass;
?>
" />
										<span><?php 
_e('SMTP password help');
?>
</span>
									</td>
								</tr>