/**
* crypt password
* Defines whether to use bcrypt or salted MD5
* @param $val
* @return string
*/
public function set_password($val)
{
$f3 = \Base::instance();
if (!$val) {
$userDetails = new self();
$userDetails->load(array('username = ?', $f3->get('POST.username')));
$val = $userDetails->password;
return $val;
} else {
$hash_engine = $f3->get('password_hash_engine');
switch ($hash_engine) {
case 'bcrypt':
$crypt = \Bcrypt::instance();
$val = $crypt->hash($val);
break;
case 'md5':
// fall-through
// fall-through
default:
$val = md5($val . $f3->get('password_md5_salt'));
break;
}
return $val;
}
}
public function post($f3)
{
if ($this->authForm->isValid($f3->get('POST'))) {
$users = $this->getDB('users');
$user = $users->findOne(array('email=?', $f3->get('POST.email')));
$crypt = \Bcrypt::instance();
if ($user->mailvalidation) {
$f3->set('SESSION.errormsg', 'Account nicht aktiviert!');
$f3->reroute('/auth');
} elseif ($crypt->verify($f3->get('POST.password'), $user->password)) {
$f3->set('SESSION.user', array('id' => $user->id, 'email' => $user->email, 'raidleader' => $user->raidleader, 'admin' => $user->admin));
if ($f3->get('GET.url')) {
$f3->reroute($f3->get('GET.url'));
} else {
$f3->reroute('/');
}
} else {
$f3->set('SESSION.errormsg', 'EMail oder Passwort falsch');
$f3->reroute('/auth');
}
} else {
$f3->set('SESSION.failedFields', array_keys($this->authForm->getFailedFields()));
$f3->set('SESSION.errormsg', implode("<br>", $this->authForm->getFailedFields()));
$f3->reroute('/auth');
}
}
/**
* @see SqlMapper::__set($key, $value);
*/
function __set($key, $value)
{
if ($key == "password") {
$value = Bcrypt::instance()->hash($value, $this->createSalt(), 14);
}
parent::__set($key, $value);
}
function Set($f3)
{
if (!\Check::confirm('POST.password')) {
$this->flash('Konfirmasi Password Tidak Cocok');
$f3->reroute($f3->get('URI'));
}
$post = $f3->get('POST');
$db_host = $post['DB_HOST'];
$db_name = $post['DB_NAME'];
$db_user = $post['DB_USER'];
$db_pass = $post['DB_PASS'];
$dsn = "mysql:host={$db_host};port=3306;dbname={$db_name}";
$db = new \DB\SQL($dsn, $db_user, $db_pass);
try {
$db->begin();
$db->exec(explode(';', $f3->read('installation/install.sql')));
$user = new \DB\SQL\Mapper($db, 'user');
$user->username = $post['username'];
$user->password = \Bcrypt::instance()->hash($post['password']);
$user->type = 1;
$user->save();
$key = bin2hex(openssl_random_pseudo_bytes(32));
$data = "[globals]\nDEBUG=0\nAUTOLOAD=\"controller/;model/\"\nUI=\"view/\"\nAPP_KEY=\"{$key}\"\nDB_SET=\"{$dsn}\"\nDB_USER=\"{$db_user}\"\nDB_PASS=\"{$db_pass}\"";
$f3->write('config/config.ini', $data);
$f3->write('config/route.ini', $f3->read('installation/route.ini'));
$db->commit();
$this->flash('Success... Silahkan Hapus Folder Installation', 'success');
} catch (Exception $e) {
$db->rollback();
$this->flash($e->getMessage());
$f3->reroute('/');
}
$f3->reroute('/');
}
/**
* Login Procedure
* @param $f3
* @param $params
*/
public function login($f3, $params)
{
if ($f3->exists('POST.username') && $f3->exists('POST.password')) {
sleep(3);
// login should take a while to kick-ass brute force attacks
$user = new \Model\User();
$user->load(array('username = ?', $f3->get('POST.username')));
if (!$user->dry()) {
// check hash engine
$hash_engine = $f3->get('password_hash_engine');
$valid = false;
if ($hash_engine == 'bcrypt') {
$valid = \Bcrypt::instance()->verify($f3->get('POST.password'), $user->password);
} elseif ($hash_engine == 'md5') {
$valid = md5($f3->get('POST.password') . $f3->get('password_md5_salt')) == $user->password;
}
if ($valid) {
@$f3->clear('SESSION');
//recreate session id
$f3->set('SESSION.user_id', $user->_id);
if ($f3->get('CONFIG.ssl_backend')) {
$f3->reroute('https://' . $f3->get('HOST') . $f3->get('BASE') . '/');
} else {
$f3->reroute('/cnc');
}
}
}
\Flash::instance()->addMessage('Wrong Username/Password', 'danger');
}
$this->response->setTemplate('templates/login.html');
}
static function _beforeSave($self)
{
$pass = $self->get('password');
$crypt = \Bcrypt::instance();
if ($crypt->needs_rehash($pass)) {
$self->set('password', $crypt->hash($pass));
}
}
public function login()
{
$fw = Base::instance();
if (!$this->map->dry()) {
return true;
} else {
$this->map->load([$this->prop['username'] . '=:u', ':u' => $fw['POST.' . $this->prop['username']]], ['limit' => 1]);
if ($this->map->dry() || !\Bcrypt::instance()->verify($fw['POST.' . $this->prop['password']], $this->map->get($this->prop['password']))) {
$fw['error'] = 'Login gagal!';
return false;
}
}
$this->isLogged = true;
return $this->setSession($this->map->get($this->prop['id']), $this->map->cast());
}
/**
* crypt password
* @param $val
* @return string
*/
public function set_password($val)
{
$f3 = \Base::instance();
$hash_engine = $f3->get('password_hash_engine');
switch ($hash_engine) {
case 'bcrypt':
$crypt = \Bcrypt::instance();
$val = $crypt->hash($val);
break;
case 'md5':
// fall-through
// fall-through
default:
$val = md5($val . $f3->get('password_md5_salt'));
break;
}
return $val;
}
static function pass($pass, $hash)
{
return (bool) Bcrypt::instance()->verify($pass, $hash);
}
/**
* verify a user by his password
* @param $password
* @return bool
*/
public function verify($password)
{
$valid = false;
if (!$this->dry()) {
$valid = (bool) \Bcrypt::instance()->verify($password, $this->password);
}
return $valid;
}
public function post($f3)
{
if ($f3->get('PARAMS.userid') && !$this->editOrViewAllowed($f3->get('PARAMS.userid'))) {
$f3->set('SESSION.errormsg', 'Nicht erlaubt!');
$f3->reroute('/user/edit/' . $f3->get('SESSION.user.id'));
}
switch ($f3->get('PARAMS.action')) {
case 'create':
$newUser = $this->getDB('users');
$crypt = \Bcrypt::instance();
if ($this->userRegistrationForm->isValid($f3->get('POST'))) {
$userDB = $this->getDB('users');
if ($userDB->findone(array('email=?', $f3->get('POST.email')))) {
$f3->set('SESSION.errormsg', 'EMail ungültig oder bereits registriert!');
$f3->reroute('/user/create');
}
if ($f3->get('POST.password') !== $f3->get('POST.password2')) {
$f3->set('SESSION.failedFields', array('password', 'password2'));
$f3->set('SESSION.errormsg', 'Passwörter stimmen nicht überein');
$f3->reroute('/user/create');
}
$newUser->copyfrom('POST');
$newUser->password = $crypt->hash($f3->get('POST.password', $f3->get('crypt.SALT')));
$newUser->mailvalidation = $this->generateMailValidationKey();
$newUser->save();
// Send Mail
$f3->set('newuser', $newUser);
$this->mail->setSubject("RaidPlaner Registration")->sendMessage("registration", array($newUser->email));
$f3->set('SESSION.successmsg', 'Benutzer erstellt! Prüfe deine EMails um die EMail-Adresse zu bestätigen.');
//$f3->reroute('/auth');
} else {
$f3->set('SESSION.failedFields', array_keys($this->userRegistrationForm->getFailedFields()));
$f3->set('SESSION.errormsg', implode("<br>", $this->userRegistrationForm->getFailedFields()));
$f3->reroute('/user/create');
}
break;
case 'edit':
$userDB = $this->getDB('users');
$user = $userDB->findone(array('id=', $f3->get('PARAMS.userid')));
$crypt = \Bcrypt::instance();
if ($this->userEditForm->isValid($f3->get('POST'))) {
if ($f3->get('POST.password') !== $f3->get('POST.password2')) {
$f3->set('SESSION.failedFields', array('password', 'password2'));
$f3->set('SESSION.errormsg', 'Passwörter stimmen nicht überein');
$f3->reroute('/user/edit/' . $f3->get('PARAMS.userid'));
}
$user->password = $crypt->hash($f3->get('POST.password', $f3->get('crypt.SALT')));
$user->save();
$f3->set('SESSION.successmsg', 'Daten geändert!');
$f3->reroute('/user/edit/' . $f3->get('PARAMS.userid'));
} else {
$f3->set('SESSION.failedFields', array_keys($this->userEditForm->getFailedFields()));
$f3->set('SESSION.errormsg', implode("<br>", $this->userEditForm->getFailedFields()));
$f3->reroute('/user/edit/' . $f3->get('PARAMS.userid'));
}
break;
case 'delete':
$charactersDB = $this->getDB('characters');
$charactersDB->erase(array('userid=?', $f3->get('PARAMS.userid')));
$usersDB = $this->getDB('users');
$usersDB->erase(array('id=?', $f3->get('PARAMS.userid')));
$f3->reroute('/user/list');
break;
}
}
public function setEncryptPassword($f3)
{
$crypt = \Bcrypt::instance();
$pwd = "music123";
echo $crypt->hash($pwd);
}
echo json_encode(["status" => "ERR", "description" => "Invalid username or password."]);
}
} else {
// Send error: wrong username or password
echo json_encode(["status" => "ERR", "description" => "Invalid username or password."]);
}
});
$f3->route('GET /api/unauthorized', function () {
header('Content-type: application-json');
echo json_encode(["status" => "ERR", "description" => "You don't have access to this service."]);
});
// DEVELOPMENT ONLY
// REGISTER USER
$f3->route('GET /api/@user/@password', function ($f3) {
header('Content-type: application/json');
$db = new DB\SQL($f3->get('main_db'), $f3->get('main_username'), $f3->get('main_password'));
$crypt = Bcrypt::instance();
$success = $db->exec("INSERT INTO users (username, password) VALUES (:username, :password)", [':username' => $f3->get('PARAMS.user'), ':password' => $crypt->hash($f3->get('PARAMS.password'))]);
if ($success) {
echo json_encode(["status" => "OK"]);
} else {
echo json_encode(["status" => "ERR", "description" => "Invalid username or password."]);
}
});
// Route: POST /api/sms
// Args:
// - recipient_phone_number: string
// - message_content: string
$f3->route('POST /api/sms', 'API->sendSMS');
// Run the app
$f3->run();
/**
* This method should not be called directly. Models that need to hash or
* verify hashes should use the aliased methods hash() and verify().
*
* @return object
*/
private function crypt()
{
return \Bcrypt::instance();
}
