public function loginpost($f3)
{
$user = new \Model\User();
// Load user by username or email address
if (strpos($f3->get("POST.username"), "@")) {
$user->load(array("email=? AND deleted_date IS NULL", $f3->get("POST.username")));
} else {
$user->load(array("username=? AND deleted_date IS NULL", $f3->get("POST.username")));
}
// Verify password
$security = \Helper\Security::instance();
if ($security->hash($f3->get("POST.password"), $user->salt ?: "") == $user->password) {
// Create a session and use it
$session = new \Model\Session($user->id);
$session->setCurrent();
if ($user->salt) {
if (!$f3->get("POST.to")) {
$f3->reroute("/");
} else {
$f3->reroute($f3->get("POST.to"));
}
} else {
$f3->set("user", $user->cast());
$this->_render("index/reset_forced.html");
}
} else {
if ($f3->get("POST.to")) {
$f3->set("to", $f3->get("POST.to"));
}
$f3->set("login.error", "Invalid login information, try again.");
$this->_render("index/login.html");
}
}
/**
* Require an API key. Sends an HTTP 401 if one is not supplied.
* @return int|bool
*/
protected function _requireAuth()
{
$f3 = \Base::instance();
$user = new \Model\User();
// Use the logged in user if there is one
if ($f3->get("user.api_key")) {
$key = $f3->get("user.api_key");
} else {
$key = false;
}
// Check all supported key methods
if (!empty($_GET["key"])) {
$key = $_GET["key"];
} elseif ($f3->get("HEADERS.X-Redmine-API-Key")) {
$key = $f3->get("HEADERS.X-Redmine-API-Key");
} elseif ($f3->get("HEADERS.X-API-Key")) {
$key = $f3->get("HEADERS.X-API-Key");
} elseif ($f3->get("HEADERS.X-Api-Key")) {
$key = $f3->get("HEADERS.X-Api-Key");
}
$user->load(array("api_key = ?", $key));
if ($key && $user->id && $user->api_key) {
$f3->set("user", $user->cast());
$f3->set("user_obj", $user);
return $user->id;
} else {
$f3->error(401);
return false;
}
}
/**
* Require a user to be logged in. Redirects to /login if a session is not found.
* @param int $rank
* @return int|bool
*/
protected function _requireLogin($rank = \Model\User::RANK_CLIENT)
{
$f3 = \Base::instance();
if ($id = $f3->get("user.id")) {
if ($f3->get("user.rank") >= $rank) {
return $id;
} else {
$f3->error(403);
$f3->unload();
return false;
}
} else {
if ($f3->get("site.demo") && is_numeric($f3->get("site.demo"))) {
$user = new \Model\User();
$user->load($f3->get("site.demo"));
if ($user->id) {
$session = new \Model\Session($user->id);
$session->setCurrent();
$f3->set("user", $user->cast());
$f3->set("user_obj", $user);
return;
} else {
$f3->set("error", "Auto-login failed, demo user was not found.");
}
}
if (empty($_GET)) {
$f3->reroute("/login?to=" . urlencode($f3->get("PATH")));
} else {
$f3->reroute("/login?to=" . urlencode($f3->get("PATH")) . urlencode("?" . http_build_query($_GET)));
}
$f3->unload();
return false;
}
}
public function group_delete($f3, $params)
{
$group = new \Model\User();
$group->load($params["id"]);
$group->delete();
if ($f3->get("AJAX")) {
$this->_printJson(array("deleted" => 1) + $group->cast());
} else {
$f3->reroute("/admin/groups");
}
}
function cast($obj = NULL)
{
$ox = parent::cast($obj);
$user = new \Model\User($ox['uid']);
return array_merge($ox, array("user" => $user->cast()));
}
$f3->config($homedir . "app/dict/en.ini");
$test = new Test();
// No output for routes
$f3->set("QUIET", true);
$f3->set("HALT", false);
$f3->mock("GET /login");
$test->expect(!$f3->get("ERROR"), "GET /login");
$f3->mock("POST /login", array("username" => "admin", "password" => "admin"));
$test->expect(!$f3->get("ERROR"), "POST /login");
$f3->mock("GET /ping");
$test->expect(!$f3->get("ERROR"), "GET /ping (no session)");
// Build a fake session
$user = new Model\User();
$user->load(1);
$types = new \Model\Issue\Type();
$f3->mset(array("user" => $user->cast(), "user_obj" => $user, "plugins" => array(), "issue_types" => $types->find()));
$test->expect($user->id == 1, "Force user authentication");
$f3->mock("GET /ping");
$test->expect(!$f3->get("ERROR"), "GET /ping (active session)");
$f3->mock("GET /");
$test->expect(!$f3->get("ERROR"), "GET /");
$f3->mock("GET /issues/1");
$test->expect($f3->get("PARAMS.id") == 1 && !$f3->get("ERROR"), "GET /issues/1");
$f3->mock("GET /issues/1/history");
$test->expect($f3->get("PARAMS.id") == 1 && !$f3->get("ERROR"), "GET /issues/1/history");
$f3->mock("GET /issues/1/watchers");
$test->expect($f3->get("PARAMS.id") == 1 && !$f3->get("ERROR"), "GET /issues/1/watchers");
$f3->mock("GET /issues/1/related");
$test->expect($f3->get("PARAMS.id") == 1 && !$f3->get("ERROR"), "GET /issues/1/related");
$f3->mock("GET /backlog");
$test->expect(!$f3->get("ERROR"), "GET /backlog");
<?php
// Init Composer autoloader
require_once 'vendor/autoload.php';
// Init app
$fw = Base::instance();
$fw->mset(array('AUTOLOAD' => 'app/', 'CACHE' => true, 'ESCAPE' => false, 'PREFIX' => 'dict.', 'PACKAGE' => 'Reader', 'UI' => 'app/view/'));
// Init config
if (is_file('config.php')) {
$fw->mset(require 'config.php');
} else {
throw new Exception('No config.php file found.');
}
// Init db
$db = new DB\SQL('mysql:host=' . $fw->get('db.host') . ';port=3306;dbname=' . $fw->get('db.database'), $fw->get('db.user'), $fw->get('db.password'));
$fw->set('db.instance', $db);
// Initialize user
$userId = $fw->get('SESSION.user_id');
if ($userId) {
$user = new \Model\User();
$user->load($userId);
if ($user->id) {
$fw->set('user', $user->cast());
$fw->set('user_obj', $user);
}
}
