public function logout($token)
{
$token = $this->feather->hooks->fire('logout_start', $token);
if ($this->feather->user->is_guest || !isset($token) || $token != Random::hash($this->feather->user->id . Random::hash($this->feather->request->getIp()))) {
Url::redirect($this->feather->urlFor('home'), 'Not logged in');
}
ModelAuth::delete_online_by_id($this->feather->user->id);
// Update last_visit (make sure there's something to update it with)
if (isset($this->feather->user->logged)) {
ModelAuth::set_last_visit($this->feather->user->id, $this->feather->user->logged);
}
ModelAuth::feather_setcookie(1, Random::hash(uniqid(rand(), true)), time() + 31536000);
$this->feather->hooks->fire('logout_end');
Url::redirect($this->feather->urlFor('home'), __('Logout redirect'));
}
public function logout($req, $res, $args)
{
$token = Container::get('hooks')->fire('controller.logout', $args['token']);
if (User::get()->is_guest || !isset($token) || $token != Random::hash(User::get()->id . Random::hash(Utils::getIp()))) {
return Router::redirect(Router::pathFor('home'), 'Not logged in');
}
ModelAuth::delete_online_by_id(User::get()->id);
// Update last_visit (make sure there's something to update it with)
if (isset(User::get()->logged)) {
ModelAuth::set_last_visit(User::get()->id, User::get()->logged);
}
ModelAuth::feather_setcookie('Bearer ', 1);
Container::get('hooks')->fire('controller.logout_end');
return Router::redirect(Router::pathFor('home'), __('Logout redirect'));
}
public function insert_user($user)
{
$user = Container::get('hooks')->fire('model.register.insert_user_start', $user);
// Insert the new user into the database. We do this now to get the last inserted ID for later use
$now = time();
$intial_group_id = ForumSettings::get('o_regs_verify') == '0' ? ForumSettings::get('o_default_user_group') : ForumEnv::get('FEATHER_UNVERIFIED');
$password_hash = Random::hash($user['password1']);
// Add the user
$user['insert'] = array('username' => $user['username'], 'group_id' => $intial_group_id, 'password' => $password_hash, 'email' => $user['email1'], 'email_setting' => ForumSettings::get('o_default_email_setting'), 'timezone' => ForumSettings::get('o_default_timezone'), 'dst' => 0, 'language' => $user['language'], 'style' => ForumSettings::get('o_default_style'), 'registered' => $now, 'registration_ip' => Utils::getIp(), 'last_visit' => $now);
$user = DB::for_table('users')->create()->set($user['insert']);
$user = Container::get('hooks')->fireDB('model.register.insert_user_query', $user);
$user = $user->save();
$new_uid = DB::get_db()->lastInsertId(ForumSettings::get('db_prefix') . 'users');
// If the mailing list isn't empty, we may need to send out some alerts
if (ForumSettings::get('o_mailing_list') != '') {
// If we previously found out that the email was banned
if (isset($user['banned_email'])) {
// Load the "banned email register" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/banned_email_register.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.register.insert_user_banned_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.register.insert_user_banned_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<email>', $user['email1'], $mail_message);
$mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.register.insert_user_banned_mail_message', $mail_message);
Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
}
// If we previously found out that the email was a dupe
if (!empty($dupe_list)) {
// Load the "dupe email register" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/dupe_email_register.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
$mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_message', $mail_message);
Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
}
// Should we alert people on the admin mailing list that a new user has registered?
if (ForumSettings::get('o_regs_report') == '1') {
// Load the "new user" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/new_user.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.register.insert_user_new_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.register.insert_user_new_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<base_url>', Router::pathFor('home'), $mail_message);
$mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<admin_url>', Router::pathFor('profileSection', ['id' => $new_uid, 'section' => 'admin']), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.register.insert_user_new_mail_message', $mail_message);
Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
}
}
// Must the user verify the registration or do we log him/her in right now?
if (ForumSettings::get('o_regs_verify') == '1') {
// Load the "welcome" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/welcome.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_subject = str_replace('<board_title>', ForumSettings::get('o_board_title'), $mail_subject);
$mail_message = str_replace('<base_url>', Router::pathFor('home'), $mail_message);
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<password>', $user['password1'], $mail_message);
$mail_message = str_replace('<login_url>', Router::pathFor('login'), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_message', $mail_message);
Container::get('email')->feather_mail($user['email1'], $mail_subject, $mail_message);
return Router::redirect(Router::pathFor('home'), __('Reg email') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.');
}
$user_object = new \stdClass();
$user_object->id = $new_uid;
$user_object->username = $user['username'];
$expire = time() + ForumSettings::get('o_timeout_visit');
$jwt = AuthModel::generate_jwt($user_object, $expire);
AuthModel::feather_setcookie('Bearer ' . $jwt, $expire);
// Refresh cache
Container::get('cache')->store('users_info', Cache::get_users_info());
Container::get('hooks')->fire('model.register.insert_user');
return Router::redirect(Router::pathFor('home'), __('Reg complete'));
}
public function change_pass($id)
{
$id = Container::get('hooks')->fire('model.profile.change_pass_start', $id);
if (Input::query('key')) {
$key = Input::query('key');
$key = Container::get('hooks')->fire('model.profile.change_pass_key', $key);
// If the user is already logged in we shouldn't be here :)
if (!User::get()->is_guest) {
return Router::redirect(Router::pathFor('home'));
}
$cur_user = DB::for_table('users')->where('id', $id);
$cur_user = Container::get('hooks')->fireDB('model.profile.change_pass_user_query', $cur_user);
$cur_user = $cur_user->find_one();
if ($key == '' || $key != $cur_user['activate_key']) {
throw new Error(__('Pass key bad') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.', 400);
} else {
$query = DB::for_table('users')->where('id', $id)->find_one()->set('password', $cur_user['activate_string'])->set_expr('activate_string', 'NULL')->set_expr('activate_key', 'NULL');
$query = Container::get('hooks')->fireDB('model.profile.change_pass_activate_query', $query);
$query = $query->save();
return Router::redirect(Router::pathFor('home'), __('Pass updated'));
}
}
// Make sure we are allowed to change this user's password
if (User::get()->id != $id) {
$id = Container::get('hooks')->fire('model.profile.change_pass_key_not_id', $id);
if (!User::get()->is_admmod) {
// A regular user trying to change another user's password?
throw new Error(__('No permission'), 403);
} elseif (User::get()->g_moderator == '1') {
// A moderator trying to change a user's password?
$user['select'] = array('u.group_id', 'g.g_moderator');
$user = DB::for_table('users')->table_alias('u')->select_many($user['select'])->inner_join('groups', array('g.g_id', '=', 'u.group_id'), 'g')->where('u.id', $id);
$user = Container::get('hooks')->fireDB('model.profile.change_pass_user_query', $user);
$user = $user->find_one();
if (!$user) {
throw new Error(__('Bad request'), 404);
}
if (User::get()->g_mod_edit_users == '0' || User::get()->g_mod_change_passwords == '0' || $user['group_id'] == ForumEnv::get('FEATHER_ADMIN') || $user['g_moderator'] == '1') {
throw new Error(__('No permission'), 403);
}
}
}
if (Request::isPost()) {
$old_password = Input::post('req_old_password') ? Utils::trim(Input::post('req_old_password')) : '';
$new_password1 = Utils::trim(Input::post('req_new_password1'));
$new_password2 = Utils::trim(Input::post('req_new_password2'));
if ($new_password1 != $new_password2) {
throw new Error(__('Pass not match'), 400);
}
if (Utils::strlen($new_password1) < 6) {
throw new Error(__('Pass too short'), 400);
}
$cur_user = DB::for_table('users')->where('id', $id);
$cur_user = Container::get('hooks')->fireDB('model.profile.change_pass_find_user', $cur_user);
$cur_user = $cur_user->find_one();
$authorized = false;
if (!empty($cur_user['password'])) {
$old_password_hash = Random::hash($old_password);
if ($cur_user['password'] == $old_password_hash || User::get()->is_admmod) {
$authorized = true;
}
}
if (!$authorized) {
throw new Error(__('Wrong pass'), 403);
}
$new_password_hash = Random::hash($new_password1);
$update_password = DB::for_table('users')->where('id', $id)->find_one()->set('password', $new_password_hash);
$update_password = Container::get('hooks')->fireDB('model.profile.change_pass_query', $update_password);
$update_password = $update_password->save();
if (User::get()->id == $id) {
$expire = time() + ForumSettings::get('o_timeout_visit');
$jwt = AuthModel::generate_jwt(User::get(), $expire);
AuthModel::feather_setcookie('Bearer ' . $jwt, $expire);
}
Container::get('hooks')->fire('model.profile.change_pass');
return Router::redirect(Router::pathFor('profileSection', array('id' => $id, 'section' => 'essentials')), __('Pass updated redirect'));
}
}
public function __invoke($req, $res, $next)
{
$authCookie = Container::get('cookie')->get(ForumSettings::get('cookie_name'));
if ($jwt = $this->get_cookie_data($authCookie)) {
$user = AuthModel::load_user($jwt->data->userId);
$expires = $jwt->exp > Container::get('now') + ForumSettings::get('o_timeout_visit') ? Container::get('now') + 1209600 : Container::get('now') + ForumSettings::get('o_timeout_visit');
$user->is_guest = false;
$user->is_admmod = $user->g_id == ForumEnv::get('FEATHER_ADMIN') || $user->g_moderator == '1';
if (!$user->disp_topics) {
$user->disp_topics = ForumSettings::get('o_disp_topics_default');
}
if (!$user->disp_posts) {
$user->disp_posts = ForumSettings::get('o_disp_posts_default');
}
if (!file_exists(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . $user->language)) {
$user->language = ForumSettings::get('o_default_lang');
}
if (!file_exists(ForumEnv::get('FEATHER_ROOT') . 'style/themes/' . $user->style . '/style.css')) {
$user->style = ForumSettings::get('o_default_style');
}
// Refresh cookie to avoid re-logging between idle
$jwt = AuthModel::generate_jwt($user, $expires);
AuthModel::feather_setcookie('Bearer ' . $jwt, $expires);
// Add user to DIC
Container::set('user', $user);
$this->update_online();
} else {
$user = AuthModel::load_user(1);
$user->disp_topics = ForumSettings::get('o_disp_topics_default');
$user->disp_posts = ForumSettings::get('o_disp_posts_default');
$user->timezone = ForumSettings::get('o_default_timezone');
$user->dst = ForumSettings::get('o_default_dst');
$user->language = ForumSettings::get('o_default_lang');
$user->style = ForumSettings::get('o_default_style');
$user->is_guest = true;
$user->is_admmod = false;
// Update online list
if (!$user->logged) {
$user->logged = time();
// With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
switch (ForumSettings::get('db_type')) {
case 'mysql':
case 'mysqli':
case 'mysql_innodb':
case 'mysqli_innodb':
case 'sqlite':
case 'sqlite3':
DB::for_table('online')->raw_execute('REPLACE INTO ' . ForumSettings::get('db_prefix') . 'online (user_id, ident, logged) VALUES(1, :ident, :logged)', array(':ident' => Utils::getIp(), ':logged' => $user->logged));
break;
default:
DB::for_table('online')->raw_execute('INSERT INTO ' . ForumSettings::get('db_prefix') . 'online (user_id, ident, logged) SELECT 1, :ident, :logged WHERE NOT EXISTS (SELECT 1 FROM ' . ForumSettings::get('db_prefix') . 'online WHERE ident=:ident)', array(':ident' => Utils::getIp(), ':logged' => $user->logged));
break;
}
} else {
DB::for_table('online')->where('ident', Utils::getIp())->update_many('logged', time());
}
// $jwt = AuthModel::generate_jwt($user, Container::get('now') + 31536000);
// AuthModel::feather_setcookie('Bearer '.$jwt, Container::get('now') + 31536000);
// Add $user as guest to DIC
Container::set('user', $user);
}
translate('common');
// Load bans from cache
if (!Container::get('cache')->isCached('bans')) {
Container::get('cache')->store('bans', Cache::get_bans());
}
// Add bans to the container
Container::set('bans', Container::get('cache')->retrieve('bans'));
// Check if current user is banned
$this->check_bans();
// Update online list
$this->update_users_online();
return $next($req, $res);
}
