Ejemplo n.º 1
0
 public function testHash()
 {
     $helper = \Helper\Security::instance();
     $string = "Hello world!";
     $hash = $helper->hash($string);
     $result = $helper->hash($string, $hash["salt"]);
     $this->assertEquals($result, $hash["hash"]);
 }
Ejemplo n.º 2
0
 /**
  * Create a new session
  * @param int $user_id
  * @param bool $auto_save
  */
 public function __construct($user_id = null, $auto_save = true)
 {
     // Run model constructor
     parent::__construct();
     if ($user_id !== null) {
         $this->user_id = $user_id;
         $this->token = \Helper\Security::instance()->salt_sha2();
         $this->ip = \Base::instance()->get("IP");
         $this->created = date("Y-m-d H:i:s");
         if ($auto_save) {
             $this->save();
         }
     }
 }
Ejemplo n.º 3
0
// Check for GD library
if (!function_exists("imagecreatetruecolor")) {
    $f3->set("warning", "GD library is not available. Profile pictures and file thumbnails will not work until it is installed.");
}
// Run installation process if post data received
if ($_POST) {
    $post = $_POST;
    try {
        // Connect to database
        $db = new \DB\SQL("mysql:host=" . $post["db-host"] . ";port=" . $post["db-port"] . ";dbname=" . $post["db-name"], $post["db-user"], $post["db-pass"]);
        // Run installation scripts
        $install_db = file_get_contents("db/database.sql");
        $db->exec(explode(";", $install_db));
        // Create admin user
        $f3->set("db.instance", $db);
        $security = \Helper\Security::instance();
        $user = new \Model\User();
        $user->role = "admin";
        $user->rank = 5;
        // superadmin
        $user->name = "Admin";
        $user->username = $post["user-username"] ?: "admin";
        $user->email = $post["user-email"];
        $user->salt = $security->salt();
        $user->password = $security->hash($post["user-password"] ?: "admin", $user->salt);
        $user->api_key = $security->salt_sha1();
        $user->save();
    } catch (PDOException $e) {
        $f3->set("warning", $e->getMessage());
        return false;
    }
Ejemplo n.º 4
0
 public function user_save($f3)
 {
     $security = \Helper\Security::instance();
     $user = new \Model\User();
     // Load current user if set, otherwise validate fields for new user
     if ($user_id = $f3->get("POST.user_id")) {
         $f3->set("title", $f3->get("dict.edit_user"));
         $user->load($user_id);
         $f3->set("this_user", $user);
     } else {
         $f3->set("title", $f3->get("dict.new_user"));
         // Verify a password is being set
         if (!$f3->get("POST.password")) {
             $f3->set("error", "User already exists with this username");
             $this->_render("admin/users/edit.html");
             return;
         }
         // Check for existing users with same info
         $user->load(array("username = ?", $f3->get("POST.username")));
         if ($user->id) {
             $f3->set("error", "User already exists with this username");
             $this->_render("admin/users/edit.html");
             return;
         }
         $user->load(array("email = ?", $f3->get("POST.email")));
         if ($user->id) {
             $f3->set("error", "User already exists with this email address");
             $this->_render("admin/users/edit.html");
             return;
         }
         // Set new user fields
         $user->api_key = $security->salt_sha1();
         $user->created_date = $this->now();
     }
     // Validate password if being set
     if ($f3->get("POST.password")) {
         if ($f3->get("POST.password") != $f3->get("POST.password_confirm")) {
             $f3->set("error", "Passwords do not match");
             $this->_render("admin/users/edit.html");
             return;
         }
         if (strlen($f3->get("POST.password")) < 6) {
             $f3->set("error", "Passwords must be at least 6 characters");
             $this->_render("admin/users/edit.html");
             return;
         }
         // Check if giving user temporary or permanent password
         if ($f3->get("POST.temporary_password")) {
             $user->salt = null;
             $user->password = $security->hash($f3->get("POST.password"), "");
         } else {
             $user->salt = $security->salt();
             $user->password = $security->hash($f3->get("POST.password"), $user->salt);
         }
     }
     // Set basic fields
     $user->username = $f3->get("POST.username");
     $user->email = $f3->get("POST.email");
     $user->name = $f3->get("POST.name");
     if ($user->id != $f3->get("user.id")) {
         // Don't allow user to change own rank
         $user->rank = $f3->get("POST.rank");
     }
     $user->role = $user->rank < 4 ? 'user' : 'admin';
     $user->task_color = ltrim($f3->get("POST.task_color"), "#");
     // Save user
     $user->save();
     $f3->reroute("/admin/users#" . $user->id);
 }
Ejemplo n.º 5
0
 public function reset_forced($f3)
 {
     $user = new \Model\User();
     $user->loadCurrent();
     if ($f3->get("POST.password1") != $f3->get("POST.password2")) {
         $f3->set("reset.error", "The given passwords don't match.");
     } elseif (strlen($f3->get("POST.password1")) < 6) {
         $f3->set("reset.error", "The given password is too short. Passwords must be at least 6 characters.");
     } else {
         // Save new password and redirect to dashboard
         $security = \Helper\Security::instance();
         $user->salt = $security->salt();
         $user->password = $security->hash($f3->get("POST.password1"), $user->salt);
         $user->save();
         $f3->reroute("/");
         return;
     }
     $this->_render("index/reset_forced.html");
 }
Ejemplo n.º 6
0
        default:
            if (ob_get_level()) {
                include "app/view/error/inline.html";
            } else {
                include "app/view/error/500.html";
            }
    }
});
// Connect to database
$f3->set("db.instance", new DB\SQL("mysql:host=" . $f3->get("db.host") . ";port=" . $f3->get("db.port") . ";dbname=" . $f3->get("db.name"), $f3->get("db.user"), $f3->get("db.pass")));
// Load final configuration
\Model\Config::loadAll();
// Ensure database is up to date
$version = \Helper\Security::instance()->checkDatabaseVersion();
if ($version !== true) {
    \Helper\Security::instance()->updateDatabase($version);
}
// Minify static resources
// Cache for 1 week
$f3->route("GET /minify/@type/@files", function (Base $f3, $args) {
    $f3->set("UI", $args["type"] . "/");
    echo Web::instance()->minify($args["files"]);
}, $f3->get("cache_expire.minify"));
// Initialize plugins and any included locales
$pluginDir = scandir("app/plugin");
$plugins = array();
$locales = "";
foreach ($pluginDir as $pluginName) {
    if ($pluginName != "." && $pluginName != ".." && is_dir("app/plugin/{$pluginName}") && is_file("app/plugin/{$pluginName}/base.php") && is_dir("app/plugin/{$pluginName}/dict")) {
        $locales .= ";app/plugin/{$pluginName}/dict/";
    }
Ejemplo n.º 7
0
 public function save($f3, $params)
 {
     $f3 = \Base::instance();
     $post = array_map("trim", $f3->get("POST"));
     $user = new \Model\User();
     $user->load($this->_userId);
     if (!empty($post["old_pass"])) {
         $security = \Helper\Security::instance();
         // Update password
         if ($security->hash($post["old_pass"], $user->salt) == $user->password) {
             if (strlen($post["new_pass"]) >= 6) {
                 if ($post["new_pass"] == $post["new_pass_confirm"]) {
                     $user->salt = $security->salt();
                     $user->password = $security->hash($post["new_pass"], $user->salt);
                     $f3->set("success", "Password updated successfully.");
                 } else {
                     $f3->set("error", "New passwords do not match");
                 }
             } else {
                 $f3->set("error", "New password must be at least 6 characters.");
             }
         } else {
             $f3->set("error", "Current password entered is not valid.");
         }
     } else {
         // Update profile
         if (!empty($post["name"])) {
             $user->name = filter_var($post["name"], FILTER_SANITIZE_STRING);
         } else {
             $error = "Please enter your name.";
         }
         if (preg_match("/^([\\p{L}\\.\\-\\d]+)@([\\p{L}\\-\\.\\d]+)((\\.(\\p{L})+)+)\$/im", $post["email"])) {
             $user->email = $post["email"];
         } else {
             $error = $post["email"] . " is not a valid email address.";
         }
         if (empty($error) && ctype_xdigit(ltrim($post["task_color"], "#"))) {
             $user->task_color = ltrim($post["task_color"], "#");
         } elseif (empty($error)) {
             $error = $post["task_color"] . " is not a valid color code.";
         }
         if (empty($post["theme"])) {
             $user->theme = null;
         } else {
             $user->theme = $post["theme"];
         }
         if (empty($post["language"])) {
             $user->language = null;
         } else {
             $user->language = $post["language"];
         }
         if (empty($error)) {
             $f3->set("success", "Profile updated successfully.");
         } else {
             $f3->set("error", $error);
         }
     }
     $user->save();
     $f3->set("title", $f3->get("dict.my_account"));
     $f3->set("menuitem", "user");
     // Use new user values for page
     $user->loadCurrent();
     $f3->set("languages", $this->_languages);
     $this->_loadThemes();
     $this->_render("user/account.html");
 }