public function step1() { $iAffId = (int) (new Cookie())->get(AffiliateCore::COOKIE_NAME); $sRef = $this->session->exists('joinRef') ? $this->session->get('joinRef') : t('No reference'); // Statistics $this->session->remove('joinRef'); $aData = ['email' => $this->httpRequest->post('mail'), 'username' => $this->httpRequest->post('username'), 'first_name' => $this->httpRequest->post('first_name'), 'reference' => $sRef, 'ip' => Ip::get(), 'hash_validation' => Various::genRnd(), 'current_date' => (new CDateTime())->get()->dateTime('Y-m-d H:i:s'), 'is_active' => $this->iActiveType, 'group_id' => (int) DbConfig::getSetting('defaultMembershipGroupId'), 'affiliated_id' => $iAffId]; $aData += ['password' => Security::hashPwd($this->httpRequest->post('password'))]; $iTimeDelay = (int) DbConfig::getSetting('timeDelayUserRegistration'); if (!$this->oUserModel->checkWaitJoin($aData['ip'], $iTimeDelay, $aData['current_date'])) { \PFBC\Form::setError('form_join_user', Form::waitRegistrationMsg($iTimeDelay)); } elseif (!$this->oUserModel->join($aData)) { \PFBC\Form::setError('form_join_user', t('An error occurred during registration!<br /> Please try again with other information in the form fields or come back later.')); } else { // Successful registration in the database for step 1! /** Update the Affiliate Commission **/ if ($this->iActiveType == 0) { // Only if the user's account is already activated. AffiliateCore::updateJoinCom($iAffId, $this->config, $this->registry); } // Send email $this->oRegistration->sendMail($aData); $this->session->set('mail_step1', $this->httpRequest->post('mail')); HeaderUrl::redirect(Uri::get('user', 'signup', 'step2')); } }
public function __construct() { parent::__construct(); $sIp = Ip::get(); $oAdminModel = new AdminModel(); $oSecurityModel = new SecurityModel(); $sEmail = $this->httpRequest->post('mail'); $sUsername = $this->httpRequest->post('username'); $sPassword = $this->httpRequest->post('password'); /*** Security IP Login ***/ $sIpLogin = DbConfig::getSetting('ipLogin'); /*** Check if the connection is not locked ***/ $bIsLoginAttempt = (bool) DbConfig::getSetting('isAdminLoginAttempt'); $iMaxAttempts = (int) DbConfig::getSetting('maxAdminLoginAttempts'); $iTimeDelay = (int) DbConfig::getSetting('loginAdminAttemptTime'); if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view, 'Admins')) { \PFBC\Form::setError('form_admin_login', Form::loginAttemptsExceededMsg($iTimeDelay)); return; // Stop execution of the method. } /*** Check Login ***/ $bIsLogged = $oAdminModel->adminLogin($sEmail, $sUsername, $sPassword); $bIsIpBanned = !empty($sIpLogin) && $sIpLogin !== $sIp; if (!$bIsLogged || $bIsIpBanned) { sleep(2); // Security against brute-force attack to avoid drowning the server and the database if (!$bIsLogged) { $oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Incorrect Email, Username or Password', 'Admins'); if ($bIsLoginAttempt) { $oSecurityModel->addLoginAttempt('Admins'); } $this->session->set('captcha_admin_enabled', 1); // Enable Captcha \PFBC\Form::setError('form_admin_login', t('"Email", "Username" or "Password" is Incorrect')); } elseif ($bIsIpBanned) { $this->session->set('captcha_admin_enabled', 1); // Enable Captcha \PFBC\Form::setError('form_admin_login', t('Incorrect Login!')); $oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Bad Ip adress', 'Admins'); } } else { $oSecurityModel->clearLoginAttempts('Admins'); $this->session->remove('captcha_admin_enabled'); // Is disconnected if the user is logged on as "user" or "affiliate". if (UserCore::auth() || AffiliateCore::auth()) { $this->session->destroy(); } $iId = $oAdminModel->getId($sEmail, null, 'Admins'); $oAdminData = $oAdminModel->readProfile($iId, 'Admins'); // Regenerate the session ID to prevent the session fixation $this->session->regenerateId(); $aSessionData = array('admin_id' => $oAdminData->profileId, 'admin_email' => $oAdminData->email, 'admin_username' => $oAdminData->username, 'admin_first_name' => $oAdminData->firstName, 'admin_ip' => $sIp, 'admin_http_user_agent' => $this->browser->getUserAgent(), 'admin_token' => Various::genRnd($oAdminData->email)); $this->session->set($aSessionData); $oSecurityModel->addLoginLog($sEmail, $sUsername, '*****', 'Logged in!', 'Admins'); $oAdminModel->setLastActivity($oAdminData->profileId, 'Admins'); HeaderUrl::redirect(Uri::get(PH7_ADMIN_MOD, 'main', 'index'), t('You signup is successfully!')); } }
public function __construct() { parent::__construct(); // Admin Security, if you have forgotten your admin password, comment this code below if ($this->httpRequest->get('mod') == PH7_ADMIN_MOD && ($this->registry->action == 'forgot' || $this->registry->action == 'reset')) { Header::redirect(Uri::get(PH7_ADMIN_MOD, 'main', 'login'), t('For security reasons, you do not have the right to generate a new password. To disable this security option, you must go to the Permission file of "lost-password" module'), 'error'); } if ((UserCore::auth() || AffiliateCore::auth() || AdminCore::auth()) && ($this->registry->action == 'forgot' || $this->registry->action == 'reset')) { Header::redirect(Uri::get('lost-password', 'main', 'account'), $this->alreadyConnectedMsg(), 'error'); } }
public function account() { if (UserCore::auth()) { $sUrl = Uri::get('user', 'account', 'index'); } elseif (AffiliateCore::auth()) { $sUrl = Uri::get('affiliate', 'account', 'index'); } elseif (AdminCore::auth()) { $sUrl = Uri::get(PH7_ADMIN_MOD, 'main', 'index'); } else { $sUrl = $this->registry->site_url; } Header::redirect($sUrl); }
public function __construct() { parent::__construct(); $bAffAuth = AffiliateCore::auth(); $bAdminAuth = AdminCore::auth(); if (!$bAffAuth && ($this->registry->controller === 'AdsController' || $this->registry->action === 'logout')) { Header::redirect(Uri::get('affiliate', 'signup', 'step1'), $this->signUpMsg(), 'error'); } if (!$bAffAuth && !$bAdminAuth && ($this->registry->controller === 'AccountController' && $this->registry->action !== 'activate')) { Header::redirect(Uri::get('affiliate', 'signup', 'step1'), $this->signUpMsg(), 'error'); } if ($bAffAuth && ($this->registry->controller === 'SignupController' || $this->registry->action === 'activate' || $this->registry->action === 'resendactivation' || $this->registry->action === 'login')) { Header::redirect(Uri::get('affiliate', 'account', 'index'), $this->alreadyConnectedMsg(), 'error'); } if (!$bAdminAuth && $this->registry->controller === 'AdminController') { // For security reasons, we do not redirectionnons the user to hide the url of the administrative part. Header::redirect(Uri::get('affiliate', 'home', 'index'), $this->adminSignInMsg(), 'error'); } }
public function step1() { $sBirthDate = $this->dateTime->get($this->httpRequest->post('birth_date'))->date('Y-m-d'); $iAffId = (int) (new Cookie())->get(AffiliateCore::COOKIE_NAME); $aData = ['email' => $this->httpRequest->post('mail'), 'username' => $this->httpRequest->post('username'), 'password' => $this->httpRequest->post('password'), 'first_name' => $this->httpRequest->post('first_name'), 'last_name' => $this->httpRequest->post('last_name'), 'sex' => $this->httpRequest->post('sex'), 'birth_date' => $sBirthDate, 'country' => $this->httpRequest->post('country'), 'city' => $this->httpRequest->post('city'), 'state' => $this->httpRequest->post('state'), 'zip_code' => $this->httpRequest->post('zip_code'), 'ip' => Ip::get(), 'hash_validation' => Various::genRnd(), 'current_date' => (new CDateTime())->get()->dateTime('Y-m-d H:i:s'), 'is_active' => $this->iActiveType, 'affiliated_id' => $iAffId]; $oAffModel = new AffiliateModel(); $iTimeDelay = (int) DbConfig::getSetting('timeDelayUserRegistration'); if (!$oAffModel->checkWaitJoin($aData['ip'], $iTimeDelay, $aData['current_date'], 'Affiliates')) { \PFBC\Form::setError('form_join_aff', Form::waitRegistrationMsg($iTimeDelay)); } elseif (!$oAffModel->join($aData)) { \PFBC\Form::setError('form_join_aff', t('An error occurred during registration!<br /> Please try again with other information in the form fields or come back later.')); } else { // Successful registration in the database! /** Update the Affiliate Commission **/ if ($this->iActiveType == 0) { // Only if the user's account is already activated. AffiliateCore::updateJoinCom($iAffId, $this->config, $this->registry); } // Send an email and sets the welcome message. \PFBC\Form::setSuccess('form_join_aff', t('Your affiliate account has been created! %0%', (new Registration())->sendMail($aData)->getMsg())); } unset($oAffModel); }
private function _moderateRegistration($iId, $iStatus) { if (isset($iId, $iStatus)) { if ($oUser = $this->oAdminModel->readProfile($iId)) { if ($iStatus == 0) { // We leave the user in disapproval, after we can ban or delete it. $sSubject = t('Your membership account has been declined'); $this->sMsg = t('Sorry, Your membership account has been declined.'); } elseif ($iStatus == 1) { // Approve User $this->oAdminModel->approve($oUser->profileId, 1); /** Update the Affiliate Commission **/ AffiliateCore::updateJoinCom($oUser->affiliatedId, $this->config, $this->registry); $sSubject = t('Your membership account has been activated'); $this->sMsg = t('Congratulations! Your account has been approved by our team of administrators.<br />You can now %0% to meeting new people!', '<a href="' . Uri::get('user', 'main', 'login') . '"><b>' . t('log in') . '</b></a>'); } else { // Error... $this->sMsg = null; } if (!empty($this->sMsg)) { // Set message $this->view->content = t('Dear %0%,', $oUser->firstName) . '<br />' . $this->sMsg; $this->view->footer = t('You are receiving this mail because we received an application for registration with the email "%0%" has been provided in the form of %site_name% (%site_url%).', $oUser->email) . '<br />' . t('If you think someone has used your email address without your knowledge to create an account on %site_name%, please contact us using our contact form available on our website.'); // Send email $sMessageHtml = $this->view->parseMail(PH7_PATH_SYS . 'global/' . PH7_VIEWS . PH7_TPL_NAME . '/mail/sys/core/moderate_registration.tpl', $oUser->email); $aInfo = ['to' => $oUser->email, 'subject' => $sSubject]; (new Framework\Mail\Mail())->send($aInfo, $sMessageHtml); $this->oAdmin->clearReadProfileCache($oUser->profileId); $sOutputMsg = t('Done!'); } else { $sOutputMsg = t('Error! Bad argument in the url.'); } } else { $sOutputMsg = t('The user is not found!'); } } else { $sOutputMsg = t('Error! Missing argument in the url.'); } return $sOutputMsg; }
<?php /** * @author Pierre-Henry Soria <*****@*****.**> * @copyright (c) 2012-2016, Pierre-Henry Soria. All Rights Reserved. * @license GNU General Public License; See PH7.LICENSE.txt and PH7.COPYRIGHT.txt in the root directory. * @package PH7 / App / System / Core / Asset / Ajax / Popup */ namespace PH7; defined('PH7') or exit('Restricted access'); use PH7\Framework\Mvc\Request\Http, PH7\Framework\Layout\Html\Design, PH7\Framework\Url\Url, PH7\Framework\Mvc\Router\Uri, PH7\Framework\Url\Header; if (AdminCore::auth() || UserCore::auth() || AffiliateCore::auth()) { $oHttpRequest = new Http(); $oDesign = new Design(); $oDesign->htmlHeader(); $oDesign->usefulHtmlHeader(); echo '<div class="center">'; if ($oHttpRequest->getExists(array('mod', 'ctrl', 'act', 'id'))) { $sLabel = $oHttpRequest->get('label'); $sMod = $oHttpRequest->get('mod'); $sCtrl = $oHttpRequest->get('ctrl'); $sAct = $oHttpRequest->get('act'); $mId = $oHttpRequest->get('id'); ConfirmCoreForm::display(array('label' => Url::decode($sLabel), 'module' => $sMod, 'controller' => $sCtrl, 'action' => $sAct, 'id' => $mId)); } else { echo '<p>' . t('Bad parameters in the URL!') . '</p>'; } echo '</div>'; $oDesign->htmlFooter(); unset($oHttpRequest, $oDesign);
/** * Gets The Current Session Token. * * @access protected * @return mixed (string | boolean) The "token" if a user is logged or "true" if no user is logged. */ protected function currentSess() { if (\PH7\UserCore::auth()) { $sToken = $this->_oSession->get('member_token'); } elseif (\PH7\AdminCore::auth()) { $sToken = $this->_oSession->get('admin_token'); } elseif (\PH7\AffiliateCore::auth()) { $sToken = $this->_oSession->get('affiliate_token'); } else { $sToken = true; } // If nobody is logged on, we did not need to do this test, so it returns true return $sToken; }
/** * Display accurate homepage URL. * * @return void The homepage URL output. */ public function homePageUrl() { if (\PH7\AdminCore::auth()) { $this->url(PH7_ADMIN_MOD, 'main', 'index'); } elseif (\PH7\AffiliateCore::auth()) { $this->url('affiliate', 'account', 'index'); } else { echo PH7_URL_ROOT; } }
/** * Message and Redirection for Activate Account. * * @param string $sEmail * @param string $sHash * @param object \PH7\Framework\Config\Config $oConfig * @param object \PH7\Framework\Registry\Registry $oRegistry * @param string $sMod (user, affiliate, newsletter). Default 'user' * @return void */ public function activateAccount($sEmail, $sHash, Framework\Config\Config $oConfig, Framework\Registry\Registry $oRegistry, $sMod = 'user') { $sTable = Framework\Mvc\Model\Engine\Util\Various::convertModToTable($sMod); $sRedirectLoginUrl = $sMod == 'newsletter' ? PH7_URL_ROOT : ($sMod == 'affiliate' ? Uri::get('affiliate', 'home', 'login') : Uri::get('user', 'main', 'login')); $sRedirectIndexUrl = $sMod == 'newsletter' ? PH7_URL_ROOT : ($sMod == 'affiliate' ? Uri::get('affiliate', 'home', 'index') : Uri::get('user', 'main', 'index')); $sSuccessMsg = $sMod == 'newsletter' ? t('Your subscription to our newsletters has been successfully validated!') : t('Your account has been successfully validated. You can now login!'); if (isset($sEmail, $sHash)) { $oUserModel = new AffiliateCoreModel(); if ($oUserModel->validateAccount($sEmail, $sHash, $sTable)) { $iId = $oUserModel->getId($sEmail, null, $sTable); if ($sMod != 'newsletter') { $this->clearReadProfileCache($iId, $sTable); } /** Update the Affiliate Commission **/ $iAffId = $oUserModel->getAffiliatedId($iId); AffiliateCore::updateJoinCom($iAffId, $oConfig, $oRegistry); Header::redirect($sRedirectLoginUrl, $sSuccessMsg); } else { Header::redirect($sRedirectLoginUrl, t('Oops! The URL is either invalid or you already have activated your account.'), 'error'); } unset($oUserModel); } else { Header::redirect($sRedirectIndexUrl, t('Invalid approach, please use the link that has been send to your email.'), 'error'); } }