public function step1()
{
$iAffId = (int) (new Cookie())->get(AffiliateCore::COOKIE_NAME);
$sRef = $this->session->exists('joinRef') ? $this->session->get('joinRef') : t('No reference');
// Statistics
$this->session->remove('joinRef');
$aData = ['email' => $this->httpRequest->post('mail'), 'username' => $this->httpRequest->post('username'), 'first_name' => $this->httpRequest->post('first_name'), 'reference' => $sRef, 'ip' => Ip::get(), 'hash_validation' => Various::genRnd(), 'current_date' => (new CDateTime())->get()->dateTime('Y-m-d H:i:s'), 'is_active' => $this->iActiveType, 'group_id' => (int) DbConfig::getSetting('defaultMembershipGroupId'), 'affiliated_id' => $iAffId];
$aData += ['password' => Security::hashPwd($this->httpRequest->post('password'))];
$iTimeDelay = (int) DbConfig::getSetting('timeDelayUserRegistration');
if (!$this->oUserModel->checkWaitJoin($aData['ip'], $iTimeDelay, $aData['current_date'])) {
\PFBC\Form::setError('form_join_user', Form::waitRegistrationMsg($iTimeDelay));
} elseif (!$this->oUserModel->join($aData)) {
\PFBC\Form::setError('form_join_user', t('An error occurred during registration!<br />
Please try again with other information in the form fields or come back later.'));
} else {
// Successful registration in the database for step 1!
/** Update the Affiliate Commission **/
if ($this->iActiveType == 0) {
// Only if the user's account is already activated.
AffiliateCore::updateJoinCom($iAffId, $this->config, $this->registry);
}
// Send email
$this->oRegistration->sendMail($aData);
$this->session->set('mail_step1', $this->httpRequest->post('mail'));
HeaderUrl::redirect(Uri::get('user', 'signup', 'step2'));
}
}
public function __construct()
{
parent::__construct();
$sIp = Ip::get();
$oAdminModel = new AdminModel();
$oSecurityModel = new SecurityModel();
$sEmail = $this->httpRequest->post('mail');
$sUsername = $this->httpRequest->post('username');
$sPassword = $this->httpRequest->post('password');
/*** Security IP Login ***/
$sIpLogin = DbConfig::getSetting('ipLogin');
/*** Check if the connection is not locked ***/
$bIsLoginAttempt = (bool) DbConfig::getSetting('isAdminLoginAttempt');
$iMaxAttempts = (int) DbConfig::getSetting('maxAdminLoginAttempts');
$iTimeDelay = (int) DbConfig::getSetting('loginAdminAttemptTime');
if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view, 'Admins')) {
\PFBC\Form::setError('form_admin_login', Form::loginAttemptsExceededMsg($iTimeDelay));
return;
// Stop execution of the method.
}
/*** Check Login ***/
$bIsLogged = $oAdminModel->adminLogin($sEmail, $sUsername, $sPassword);
$bIsIpBanned = !empty($sIpLogin) && $sIpLogin !== $sIp;
if (!$bIsLogged || $bIsIpBanned) {
sleep(2);
// Security against brute-force attack to avoid drowning the server and the database
if (!$bIsLogged) {
$oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Incorrect Email, Username or Password', 'Admins');
if ($bIsLoginAttempt) {
$oSecurityModel->addLoginAttempt('Admins');
}
$this->session->set('captcha_admin_enabled', 1);
// Enable Captcha
\PFBC\Form::setError('form_admin_login', t('"Email", "Username" or "Password" is Incorrect'));
} elseif ($bIsIpBanned) {
$this->session->set('captcha_admin_enabled', 1);
// Enable Captcha
\PFBC\Form::setError('form_admin_login', t('Incorrect Login!'));
$oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Bad Ip adress', 'Admins');
}
} else {
$oSecurityModel->clearLoginAttempts('Admins');
$this->session->remove('captcha_admin_enabled');
// Is disconnected if the user is logged on as "user" or "affiliate".
if (UserCore::auth() || AffiliateCore::auth()) {
$this->session->destroy();
}
$iId = $oAdminModel->getId($sEmail, null, 'Admins');
$oAdminData = $oAdminModel->readProfile($iId, 'Admins');
// Regenerate the session ID to prevent the session fixation
$this->session->regenerateId();
$aSessionData = array('admin_id' => $oAdminData->profileId, 'admin_email' => $oAdminData->email, 'admin_username' => $oAdminData->username, 'admin_first_name' => $oAdminData->firstName, 'admin_ip' => $sIp, 'admin_http_user_agent' => $this->browser->getUserAgent(), 'admin_token' => Various::genRnd($oAdminData->email));
$this->session->set($aSessionData);
$oSecurityModel->addLoginLog($sEmail, $sUsername, '*****', 'Logged in!', 'Admins');
$oAdminModel->setLastActivity($oAdminData->profileId, 'Admins');
HeaderUrl::redirect(Uri::get(PH7_ADMIN_MOD, 'main', 'index'), t('You signup is successfully!'));
}
}
public function __construct()
{
parent::__construct();
// Admin Security, if you have forgotten your admin password, comment this code below
if ($this->httpRequest->get('mod') == PH7_ADMIN_MOD && ($this->registry->action == 'forgot' || $this->registry->action == 'reset')) {
Header::redirect(Uri::get(PH7_ADMIN_MOD, 'main', 'login'), t('For security reasons, you do not have the right to generate a new password. To disable this security option, you must go to the Permission file of "lost-password" module'), 'error');
}
if ((UserCore::auth() || AffiliateCore::auth() || AdminCore::auth()) && ($this->registry->action == 'forgot' || $this->registry->action == 'reset')) {
Header::redirect(Uri::get('lost-password', 'main', 'account'), $this->alreadyConnectedMsg(), 'error');
}
}
public function account()
{
if (UserCore::auth()) {
$sUrl = Uri::get('user', 'account', 'index');
} elseif (AffiliateCore::auth()) {
$sUrl = Uri::get('affiliate', 'account', 'index');
} elseif (AdminCore::auth()) {
$sUrl = Uri::get(PH7_ADMIN_MOD, 'main', 'index');
} else {
$sUrl = $this->registry->site_url;
}
Header::redirect($sUrl);
}
public function __construct()
{
parent::__construct();
$bAffAuth = AffiliateCore::auth();
$bAdminAuth = AdminCore::auth();
if (!$bAffAuth && ($this->registry->controller === 'AdsController' || $this->registry->action === 'logout')) {
Header::redirect(Uri::get('affiliate', 'signup', 'step1'), $this->signUpMsg(), 'error');
}
if (!$bAffAuth && !$bAdminAuth && ($this->registry->controller === 'AccountController' && $this->registry->action !== 'activate')) {
Header::redirect(Uri::get('affiliate', 'signup', 'step1'), $this->signUpMsg(), 'error');
}
if ($bAffAuth && ($this->registry->controller === 'SignupController' || $this->registry->action === 'activate' || $this->registry->action === 'resendactivation' || $this->registry->action === 'login')) {
Header::redirect(Uri::get('affiliate', 'account', 'index'), $this->alreadyConnectedMsg(), 'error');
}
if (!$bAdminAuth && $this->registry->controller === 'AdminController') {
// For security reasons, we do not redirectionnons the user to hide the url of the administrative part.
Header::redirect(Uri::get('affiliate', 'home', 'index'), $this->adminSignInMsg(), 'error');
}
}
public function step1()
{
$sBirthDate = $this->dateTime->get($this->httpRequest->post('birth_date'))->date('Y-m-d');
$iAffId = (int) (new Cookie())->get(AffiliateCore::COOKIE_NAME);
$aData = ['email' => $this->httpRequest->post('mail'), 'username' => $this->httpRequest->post('username'), 'password' => $this->httpRequest->post('password'), 'first_name' => $this->httpRequest->post('first_name'), 'last_name' => $this->httpRequest->post('last_name'), 'sex' => $this->httpRequest->post('sex'), 'birth_date' => $sBirthDate, 'country' => $this->httpRequest->post('country'), 'city' => $this->httpRequest->post('city'), 'state' => $this->httpRequest->post('state'), 'zip_code' => $this->httpRequest->post('zip_code'), 'ip' => Ip::get(), 'hash_validation' => Various::genRnd(), 'current_date' => (new CDateTime())->get()->dateTime('Y-m-d H:i:s'), 'is_active' => $this->iActiveType, 'affiliated_id' => $iAffId];
$oAffModel = new AffiliateModel();
$iTimeDelay = (int) DbConfig::getSetting('timeDelayUserRegistration');
if (!$oAffModel->checkWaitJoin($aData['ip'], $iTimeDelay, $aData['current_date'], 'Affiliates')) {
\PFBC\Form::setError('form_join_aff', Form::waitRegistrationMsg($iTimeDelay));
} elseif (!$oAffModel->join($aData)) {
\PFBC\Form::setError('form_join_aff', t('An error occurred during registration!<br /> Please try again with other information in the form fields or come back later.'));
} else {
// Successful registration in the database!
/** Update the Affiliate Commission **/
if ($this->iActiveType == 0) {
// Only if the user's account is already activated.
AffiliateCore::updateJoinCom($iAffId, $this->config, $this->registry);
}
// Send an email and sets the welcome message.
\PFBC\Form::setSuccess('form_join_aff', t('Your affiliate account has been created! %0%', (new Registration())->sendMail($aData)->getMsg()));
}
unset($oAffModel);
}
private function _moderateRegistration($iId, $iStatus)
{
if (isset($iId, $iStatus)) {
if ($oUser = $this->oAdminModel->readProfile($iId)) {
if ($iStatus == 0) {
// We leave the user in disapproval, after we can ban or delete it.
$sSubject = t('Your membership account has been declined');
$this->sMsg = t('Sorry, Your membership account has been declined.');
} elseif ($iStatus == 1) {
// Approve User
$this->oAdminModel->approve($oUser->profileId, 1);
/** Update the Affiliate Commission **/
AffiliateCore::updateJoinCom($oUser->affiliatedId, $this->config, $this->registry);
$sSubject = t('Your membership account has been activated');
$this->sMsg = t('Congratulations! Your account has been approved by our team of administrators.<br />You can now %0% to meeting new people!', '<a href="' . Uri::get('user', 'main', 'login') . '"><b>' . t('log in') . '</b></a>');
} else {
// Error...
$this->sMsg = null;
}
if (!empty($this->sMsg)) {
// Set message
$this->view->content = t('Dear %0%,', $oUser->firstName) . '<br />' . $this->sMsg;
$this->view->footer = t('You are receiving this mail because we received an application for registration with the email "%0%" has been provided in the form of %site_name% (%site_url%).', $oUser->email) . '<br />' . t('If you think someone has used your email address without your knowledge to create an account on %site_name%, please contact us using our contact form available on our website.');
// Send email
$sMessageHtml = $this->view->parseMail(PH7_PATH_SYS . 'global/' . PH7_VIEWS . PH7_TPL_NAME . '/mail/sys/core/moderate_registration.tpl', $oUser->email);
$aInfo = ['to' => $oUser->email, 'subject' => $sSubject];
(new Framework\Mail\Mail())->send($aInfo, $sMessageHtml);
$this->oAdmin->clearReadProfileCache($oUser->profileId);
$sOutputMsg = t('Done!');
} else {
$sOutputMsg = t('Error! Bad argument in the url.');
}
} else {
$sOutputMsg = t('The user is not found!');
}
} else {
$sOutputMsg = t('Error! Missing argument in the url.');
}
return $sOutputMsg;
}
<?php
/**
* @author Pierre-Henry Soria <*****@*****.**>
* @copyright (c) 2012-2016, Pierre-Henry Soria. All Rights Reserved.
* @license GNU General Public License; See PH7.LICENSE.txt and PH7.COPYRIGHT.txt in the root directory.
* @package PH7 / App / System / Core / Asset / Ajax / Popup
*/
namespace PH7;
defined('PH7') or exit('Restricted access');
use PH7\Framework\Mvc\Request\Http, PH7\Framework\Layout\Html\Design, PH7\Framework\Url\Url, PH7\Framework\Mvc\Router\Uri, PH7\Framework\Url\Header;
if (AdminCore::auth() || UserCore::auth() || AffiliateCore::auth()) {
$oHttpRequest = new Http();
$oDesign = new Design();
$oDesign->htmlHeader();
$oDesign->usefulHtmlHeader();
echo '<div class="center">';
if ($oHttpRequest->getExists(array('mod', 'ctrl', 'act', 'id'))) {
$sLabel = $oHttpRequest->get('label');
$sMod = $oHttpRequest->get('mod');
$sCtrl = $oHttpRequest->get('ctrl');
$sAct = $oHttpRequest->get('act');
$mId = $oHttpRequest->get('id');
ConfirmCoreForm::display(array('label' => Url::decode($sLabel), 'module' => $sMod, 'controller' => $sCtrl, 'action' => $sAct, 'id' => $mId));
} else {
echo '<p>' . t('Bad parameters in the URL!') . '</p>';
}
echo '</div>';
$oDesign->htmlFooter();
unset($oHttpRequest, $oDesign);
/**
* Gets The Current Session Token.
*
* @access protected
* @return mixed (string | boolean) The "token" if a user is logged or "true" if no user is logged.
*/
protected function currentSess()
{
if (\PH7\UserCore::auth()) {
$sToken = $this->_oSession->get('member_token');
} elseif (\PH7\AdminCore::auth()) {
$sToken = $this->_oSession->get('admin_token');
} elseif (\PH7\AffiliateCore::auth()) {
$sToken = $this->_oSession->get('affiliate_token');
} else {
$sToken = true;
}
// If nobody is logged on, we did not need to do this test, so it returns true
return $sToken;
}
/**
* Display accurate homepage URL.
*
* @return void The homepage URL output.
*/
public function homePageUrl()
{
if (\PH7\AdminCore::auth()) {
$this->url(PH7_ADMIN_MOD, 'main', 'index');
} elseif (\PH7\AffiliateCore::auth()) {
$this->url('affiliate', 'account', 'index');
} else {
echo PH7_URL_ROOT;
}
}
/**
* Message and Redirection for Activate Account.
*
* @param string $sEmail
* @param string $sHash
* @param object \PH7\Framework\Config\Config $oConfig
* @param object \PH7\Framework\Registry\Registry $oRegistry
* @param string $sMod (user, affiliate, newsletter). Default 'user'
* @return void
*/
public function activateAccount($sEmail, $sHash, Framework\Config\Config $oConfig, Framework\Registry\Registry $oRegistry, $sMod = 'user')
{
$sTable = Framework\Mvc\Model\Engine\Util\Various::convertModToTable($sMod);
$sRedirectLoginUrl = $sMod == 'newsletter' ? PH7_URL_ROOT : ($sMod == 'affiliate' ? Uri::get('affiliate', 'home', 'login') : Uri::get('user', 'main', 'login'));
$sRedirectIndexUrl = $sMod == 'newsletter' ? PH7_URL_ROOT : ($sMod == 'affiliate' ? Uri::get('affiliate', 'home', 'index') : Uri::get('user', 'main', 'index'));
$sSuccessMsg = $sMod == 'newsletter' ? t('Your subscription to our newsletters has been successfully validated!') : t('Your account has been successfully validated. You can now login!');
if (isset($sEmail, $sHash)) {
$oUserModel = new AffiliateCoreModel();
if ($oUserModel->validateAccount($sEmail, $sHash, $sTable)) {
$iId = $oUserModel->getId($sEmail, null, $sTable);
if ($sMod != 'newsletter') {
$this->clearReadProfileCache($iId, $sTable);
}
/** Update the Affiliate Commission **/
$iAffId = $oUserModel->getAffiliatedId($iId);
AffiliateCore::updateJoinCom($iAffId, $oConfig, $oRegistry);
Header::redirect($sRedirectLoginUrl, $sSuccessMsg);
} else {
Header::redirect($sRedirectLoginUrl, t('Oops! The URL is either invalid or you already have activated your account.'), 'error');
}
unset($oUserModel);
} else {
Header::redirect($sRedirectIndexUrl, t('Invalid approach, please use the link that has been send to your email.'), 'error');
}
}
