public function action_lostpw() { $this->template->page_title = 'Passwort vergessen'; $this->template->content = View::factory('user/lostpw'); $replies = new stdClass(); $recaptcha_config = (object) Kohana::$config->load('recaptcha'); $this->template->content->captcha = recaptcha_get_html($recaptcha_config->recaptcha_pubkey); if (Request::POST === $this->request->method()) { $resp = recaptcha_check_answer($recaptcha_config->recaptcha_privkey, $_SERVER["REMOTE_ADDR"], $this->request->post('recaptcha_challenge_field'), $this->request->post('recaptcha_response_field')); $continue = false; $using = ''; if (filter_var($this->request->post('email'), FILTER_VALIDATE_EMAIL) && $this->request->post('email') === $this->request->post('email_confirm')) { $continue = true; $using = 'mail'; } else { if ($this->request->post('username')) { $continue = true; $using = 'username'; } } // correct captcha? if ($resp->is_valid && $continue) { // Key = ID+Register-Date+1hour switch ($using) { case 'mail': $restore_user = ORM::factory('User')->where('email', '=', $this->request->post('email'))->find(); break; case 'username': $restore_user = ORM::factory('User')->where('username', '=', $this->request->post('username'))->find(); break; } if ($restore_user->loaded()) { $encryption = Kohana_Encrypt::instance(); $encryption->_key = '>;`];#k7>T}7f?$>{u"XK^K~Db/.P!//'; $confirmation_key = $encryption->encode($restore_user->id . '-' . $restore_user->email . '-' . (time() + 3600)); $confirmation_key = base64_encode($confirmation_key); $confirmation_url = '<a href="' . $this->project_config->project_url . '/lostpw/' . $confirmation_key . '">' . $this->project_config->project_url . '/lostpw/' . $confirmation_key . '</a>'; // SWIFTMAILER MAGIC $swc = (object) Kohana::$config->load('smtp.default'); $transport = Swift_SmtpTransport::newInstance($swc->host, $swc->port, $swc->ssl ? 'ssl' : null)->setUsername($swc->user)->setPassword($swc->password); $mailer = Swift_Mailer::newInstance($transport); $body = $swc->body_lostPassword; $body = str_replace('%USERNAME%', $restore_user->username, $body); $body = str_replace('%CONFIRMATION_URL%', $confirmation_url, $body); $body = str_replace('%PROJECTURL%', $this->project_config->project_url, $body); $message = Swift_Message::newInstance(__('Dein neues Kennwort für') . ' ' . $this->project_config->project_name)->setFrom($swc->from)->setTo(array($restore_user->email))->setBody($body, 'text/html'); $result = $mailer->send($message); $replies->confirmation_sent = true; ORM::factory('Log')->log('resetpw_confirm', 'sent confirmation to: ' . $restore_user->email); } else { $replies->user_does_not_exist = true; ORM::factory('Log')->log('resetpw_error', 'user does not exist: ' . $this->request->post('email')); } } else { $replies->input_invalid = true; } } if (Request::GET === $this->request->method()) { if (strlen($this->request->param('restore_key')) > 10) { $encryption = Kohana_Encrypt::instance(); $encryption->_key = '>;`];#k7>T}7f?$>{u"XK^K~Db/.P!//'; $restore_key = $encryption->decode(base64_decode($this->request->param('restore_key'))); if (preg_match('/^[\\d]+\\-(.*?)\\-[\\d]+$/', $restore_key)) { list($user_id, $user_email, $valid_until) = explode('-', $restore_key); if ($valid_until > time()) { $restore_user = ORM::factory('User')->where('id', '=', $user_id)->where('email', '=', $user_email)->find(); if ($restore_user->loaded()) { $new_password = helper::pwgen(8); $restore_user->password = $new_password; $restore_user->save(); // SWIFTMAILER MAGIC $swc = (object) Kohana::$config->load('smtp.default'); $transport = Swift_SmtpTransport::newInstance($swc->host, $swc->port, $swc->ssl ? 'ssl' : null)->setUsername($swc->user)->setPassword($swc->password); $mailer = Swift_Mailer::newInstance($transport); $body = $swc->body_newPassword; $body = str_replace('%USERNAME%', $restore_user->username, $body); $body = str_replace('%PASSWORD%', $new_password, $body); $message = Swift_Message::newInstance(__('Dein neues Kennwort für') . ' ' . $this->project_config->project_name)->setFrom($swc->from)->setTo(array($restore_user->email))->setBody($body, 'text/html'); $result = $mailer->send($message); $replies->password_changed = true; ORM::factory('Log')->log('restore', 'user restored password: '******'/login'); } } else { $replies->url_expired = true; ORM::factory('Log')->log('restore_error', 'called expired url: #' . "{$user_id}/{$user_email}/{$valid_until}"); } } else { $replies->hacking = true; ORM::factory('Log')->log('restore_error', 'possible hacking attempt! Key: ' . $this->request->param('restore_key')); } } } $this->template->content->replies = $replies; }
public function action_edit() { $this->template->page_title = 'Bearbeiten'; $id = (int) base64_decode($this->request->param('id')); if (!$id) { $this->redirect('/diary'); } $diaries = array(); foreach (ORM::factory('Diary')->getDiaries() as $diary) { switch ($diary->type) { case 'public': $dtype = 'Öffentlich'; break; default: $dtype = 'Privat'; break; } $diaries[$diary->id] = $diary->name . ' (' . $dtype . ')'; } if (Request::GET === $this->request->method()) { $entry = ORM::factory('Diary')->getEntry($id); $this->template->content = View::factory('diary/edit'); $this->template->content->diaries = $diaries; // DECRYPT 4 EDIT $this->template->content->decrypt = false; if ($entry->encrypted) { $encrypt = Kohana_Encrypt::instance(); $encrypt->_key = helper::pbkdf2(Session::instance()->get('upw'), $this->encryption_config->key); $private_key = $encrypt->decode($this->user->private_key); $encrypt = Kohana_Encrypt::instance(); $encrypt->_key = helper::pbkdf2($private_key, $this->encryption_config->key); $entry->content = $encrypt->decode($entry->content); $entry->headline = $encrypt->decode($entry->headline); } $this->template->content->entry = $entry; } // SAVE if (Request::POST === $this->request->method()) { try { $entry = ORM::factory('Entry')->where('id', '=', $id)->where('user_id', '=', $this->user->id)->find(); $entry->values($this->request->post(), array('headline', 'content')); $entry->user_id = $this->user->id; $entry->encrypted = '0'; $entry->html = '1'; // 2013-05-31+ // allowed to use diary? if (array_key_exists($this->request->post('diary'), $diaries)) { $entry->diary = $this->request->post('diary'); $diary = ORM::factory('Diary', $entry->diary); } // ENCRYPTION! if ($diary->type === 'private') { $encrypt = Kohana_Encrypt::instance(); $encrypt->_key = helper::pbkdf2(Session::instance()->get('upw'), $this->encryption_config->key); $private_key = $encrypt->decode($this->user->private_key); $encryption = Kohana_Encrypt::instance(); $encryption->_key = helper::pbkdf2($private_key, $this->encryption_config->key); $entry->content = $encryption->encode($entry->content); $entry->headline = $encryption->encode($entry->headline); $entry->encrypted = '1'; } $entry->save(); $this->redirect('/diary'); } catch (ORM_Validation_Exception $e) { $this->redirect('diary/edit/' . base64_encode($id)); } } $this->template->breadcrumbs[] = 'Bearbeiten'; }