public function loginpost($f3) { $user = new \Model\User(); // Load user by username or email address if (strpos($f3->get("POST.username"), "@")) { $user->load(array("email=? AND deleted_date IS NULL", $f3->get("POST.username"))); } else { $user->load(array("username=? AND deleted_date IS NULL", $f3->get("POST.username"))); } // Verify password $security = \Helper\Security::instance(); if ($security->hash($f3->get("POST.password"), $user->salt ?: "") == $user->password) { // Create a session and use it $session = new \Model\Session($user->id); $session->setCurrent(); if ($user->salt) { if (!$f3->get("POST.to")) { $f3->reroute("/"); } else { $f3->reroute($f3->get("POST.to")); } } else { $f3->set("user", $user->cast()); $this->_render("index/reset_forced.html"); } } else { if ($f3->get("POST.to")) { $f3->set("to", $f3->get("POST.to")); } $f3->set("login.error", "Invalid login information, try again."); $this->_render("index/login.html"); } }
/** * Require an API key. Sends an HTTP 401 if one is not supplied. * @return int|bool */ protected function _requireAuth() { $f3 = \Base::instance(); $user = new \Model\User(); // Use the logged in user if there is one if ($f3->get("user.api_key")) { $key = $f3->get("user.api_key"); } else { $key = false; } // Check all supported key methods if (!empty($_GET["key"])) { $key = $_GET["key"]; } elseif ($f3->get("HEADERS.X-Redmine-API-Key")) { $key = $f3->get("HEADERS.X-Redmine-API-Key"); } elseif ($f3->get("HEADERS.X-API-Key")) { $key = $f3->get("HEADERS.X-API-Key"); } elseif ($f3->get("HEADERS.X-Api-Key")) { $key = $f3->get("HEADERS.X-Api-Key"); } $user->load(array("api_key = ?", $key)); if ($key && $user->id && $user->api_key) { $f3->set("user", $user->cast()); $f3->set("user_obj", $user); return $user->id; } else { $f3->error(401); return false; } }
/** * Require a user to be logged in. Redirects to /login if a session is not found. * @param int $rank * @return int|bool */ protected function _requireLogin($rank = \Model\User::RANK_CLIENT) { $f3 = \Base::instance(); if ($id = $f3->get("user.id")) { if ($f3->get("user.rank") >= $rank) { return $id; } else { $f3->error(403); $f3->unload(); return false; } } else { if ($f3->get("site.demo") && is_numeric($f3->get("site.demo"))) { $user = new \Model\User(); $user->load($f3->get("site.demo")); if ($user->id) { $session = new \Model\Session($user->id); $session->setCurrent(); $f3->set("user", $user->cast()); $f3->set("user_obj", $user); return; } else { $f3->set("error", "Auto-login failed, demo user was not found."); } } if (empty($_GET)) { $f3->reroute("/login?to=" . urlencode($f3->get("PATH"))); } else { $f3->reroute("/login?to=" . urlencode($f3->get("PATH")) . urlencode("?" . http_build_query($_GET))); } $f3->unload(); return false; } }
public function group_delete($f3, $params) { $group = new \Model\User(); $group->load($params["id"]); $group->delete(); if ($f3->get("AJAX")) { $this->_printJson(array("deleted" => 1) + $group->cast()); } else { $f3->reroute("/admin/groups"); } }
function cast($obj = NULL) { $ox = parent::cast($obj); $user = new \Model\User($ox['uid']); return array_merge($ox, array("user" => $user->cast())); }
$f3->config($homedir . "app/dict/en.ini"); $test = new Test(); // No output for routes $f3->set("QUIET", true); $f3->set("HALT", false); $f3->mock("GET /login"); $test->expect(!$f3->get("ERROR"), "GET /login"); $f3->mock("POST /login", array("username" => "admin", "password" => "admin")); $test->expect(!$f3->get("ERROR"), "POST /login"); $f3->mock("GET /ping"); $test->expect(!$f3->get("ERROR"), "GET /ping (no session)"); // Build a fake session $user = new Model\User(); $user->load(1); $types = new \Model\Issue\Type(); $f3->mset(array("user" => $user->cast(), "user_obj" => $user, "plugins" => array(), "issue_types" => $types->find())); $test->expect($user->id == 1, "Force user authentication"); $f3->mock("GET /ping"); $test->expect(!$f3->get("ERROR"), "GET /ping (active session)"); $f3->mock("GET /"); $test->expect(!$f3->get("ERROR"), "GET /"); $f3->mock("GET /issues/1"); $test->expect($f3->get("PARAMS.id") == 1 && !$f3->get("ERROR"), "GET /issues/1"); $f3->mock("GET /issues/1/history"); $test->expect($f3->get("PARAMS.id") == 1 && !$f3->get("ERROR"), "GET /issues/1/history"); $f3->mock("GET /issues/1/watchers"); $test->expect($f3->get("PARAMS.id") == 1 && !$f3->get("ERROR"), "GET /issues/1/watchers"); $f3->mock("GET /issues/1/related"); $test->expect($f3->get("PARAMS.id") == 1 && !$f3->get("ERROR"), "GET /issues/1/related"); $f3->mock("GET /backlog"); $test->expect(!$f3->get("ERROR"), "GET /backlog");
<?php // Init Composer autoloader require_once 'vendor/autoload.php'; // Init app $fw = Base::instance(); $fw->mset(array('AUTOLOAD' => 'app/', 'CACHE' => true, 'ESCAPE' => false, 'PREFIX' => 'dict.', 'PACKAGE' => 'Reader', 'UI' => 'app/view/')); // Init config if (is_file('config.php')) { $fw->mset(require 'config.php'); } else { throw new Exception('No config.php file found.'); } // Init db $db = new DB\SQL('mysql:host=' . $fw->get('db.host') . ';port=3306;dbname=' . $fw->get('db.database'), $fw->get('db.user'), $fw->get('db.password')); $fw->set('db.instance', $db); // Initialize user $userId = $fw->get('SESSION.user_id'); if ($userId) { $user = new \Model\User(); $user->load($userId); if ($user->id) { $fw->set('user', $user->cast()); $fw->set('user_obj', $user); } }