public static function createNewRecoveryKey($username) { $recovery_key = CryptoHelper::generateRandomHex(50); $user = User::where('active', 1)->where('username', $username)->first(); if ($user == null) { return false; } $user->recovery_key = $recovery_key; $user->save(); }
public function generateNewAPIKey(Request $request) { self::ensureAdmin(); $user_id = $request->input('user_id'); $user = UserHelper::getUserById($user_id); if (!$user) { abort(404, 'User not found.'); } $new_api_key = CryptoHelper::generateRandomHex(env('_API_KEY_LENGTH')); $user->api_key = $new_api_key; $user->save(); return $user->api_key; }
public function performSignup(Request $request) { if (env('POLR_ALLOW_ACCT_CREATION') == false) { return redirect(route('index'))->with('error', 'Sorry, but registration is disabled.'); } $username = $request->input('username'); $password = $request->input('password'); $email = $request->input('email'); if (!self::checkRequiredArgs([$username, $password, $email])) { // missing a required argument return redirect(route('signup'))->with('error', 'Please fill in all required fields.'); } $ip = $request->ip(); $user_exists = UserHelper::userExists($username); $email_exists = UserHelper::emailExists($email); if ($user_exists || $email_exists) { // if user or email email return redirect(route('signup'))->with('error', 'Sorry, your email or username already exists. Try again.'); } $email_valid = UserHelper::validateEmail($email); if ($email_valid == false) { return redirect(route('signup'))->with('error', 'Please use a valid email to sign up.'); } $acct_activation_needed = env('POLR_ACCT_ACTIVATION'); if ($acct_activation_needed == false) { // if no activation is necessary $active = 1; $response = redirect(route('login'))->with('success', 'Thanks for signing up! You may now log in.'); } else { // email activation is necessary $response = redirect(route('login'))->with('success', 'Thanks for signing up! Please confirm your email to continue..'); $active = 0; } $api_active = false; $api_key = null; if (env('SETTING_AUTO_API') == 'on') { // if automatic API key assignment is on $api_active = 1; $api_key = CryptoHelper::generateRandomHex(env('_API_KEY_LENGTH')); } $user = UserFactory::createUser($username, $email, $password, $active, $ip, $api_key, $api_active); if ($acct_activation_needed) { Mail::send('emails.activation', ['username' => $username, 'recovery_key' => $user->recovery_key, 'ip' => $ip], function ($m) use($user) { $m->from(env('MAIL_FROM_ADDRESS'), env('MAIL_FROM_NAME')); $m->to($email, $username)->subject(env('APP_NAME') . ' account activation'); }); } return $response; }
public static function createUser($username, $email, $password, $active = 0, $ip = '127.0.0.1', $api_key = false, $api_active = 0) { $hashed_password = Hash::make($password); $recovery_key = CryptoHelper::generateRandomHex(50); $user = new User(); $user->username = $username; $user->password = $hashed_password; $user->email = $email; $user->recovery_key = $recovery_key; $user->active = $active; $user->ip = $ip; $user->api_key = $api_key; $user->api_active = $api_active; $user->save(); return $user; }
public static function performSetup(Request $request) { if (env('POLR_SETUP_RAN')) { return self::setupAlreadyRan(); } $app_key = CryptoHelper::generateRandomHex(16); $setup_auth_key = CryptoHelper::generateRandomHex(16); $app_name = $request->input('app:name'); $app_protocol = $request->input('app:protocol'); $app_address = $request->input('app:external_url'); $app_protocol = $request->input('app:protocol'); $app_stylesheet = $request->input('app:stylesheet'); date_default_timezone_set('UTC'); $date_today = date('F jS, Y'); $polr_setup_ran = 'true'; $db_host = $request->input('db:host'); $db_port = $request->input('db:port'); $db_name = $request->input('db:name'); $db_username = $request->input('db:username'); $db_password = $request->input('db:password'); $st_public_interface = $request->input('setting:public_interface'); $polr_registration_setting = $request->input('setting:registration_permission'); if ($polr_registration_setting == 'no-verification') { $polr_acct_activation = false; $polr_allow_acct_creation = true; } else { if ($polr_registration_setting == 'none') { $polr_acct_activation = false; $polr_allow_acct_creation = false; } else { if ($polr_registration_setting == 'email') { $polr_acct_activation = true; $polr_allow_acct_creation = true; } else { return view('error', ['message' => 'Invalid registration settings']); } } } $acct_username = $request->input('acct:username'); $acct_email = $request->input('acct:email'); $acct_password = $request->input('acct:password'); $acct_group = "admin"; // if true, only logged in users can shorten $st_shorten_permission = $request->input('setting:shorten_permission'); $st_index_redirect = $request->input('setting:index_redirect'); $st_password_recov = $request->input('setting:password_recovery'); $st_base = $request->input('setting:base'); $st_auto_api_key = $request->input('setting:auto_api_key'); $st_anon_api = $request->input('setting:anon_api'); $mail_host = $request->input('app:smtp_server'); $mail_port = $request->input('app:smtp_port'); $mail_username = $request->input('app:smtp_username'); $mail_password = $request->input('app:smtp_password'); $mail_from = $request->input('app:smtp_from'); $mail_from_name = $request->input('app:smtp_from_name'); if ($mail_host) { $mail_enabled = true; } else { $mail_enabled = false; } $compiled_configuration = view('env', ['APP_KEY' => $app_key, 'APP_NAME' => $app_name, 'APP_PROTOCOL' => $app_protocol, 'APP_ADDRESS' => $app_address, 'APP_STYLESHEET' => $app_stylesheet, 'POLR_GENERATED_AT' => $date_today, 'POLR_SETUP_RAN' => $polr_setup_ran, 'DB_HOST' => $db_host, 'DB_PORT' => $db_port, 'DB_USERNAME' => $db_username, 'DB_PASSWORD' => $db_password, 'DB_DATABASE' => $db_name, 'ST_PUBLIC_INTERFACE' => $st_public_interface, 'POLR_ALLOW_ACCT_CREATION' => $polr_allow_acct_creation, 'POLR_ACCT_ACTIVATION' => $polr_acct_activation, 'ST_SHORTEN_PERMISSION' => $st_shorten_permission, 'ST_INDEX_REDIRECT' => $st_index_redirect, 'ST_PASSWORD_RECOV' => $st_password_recov, 'MAIL_ENABLED' => $mail_enabled, 'MAIL_HOST' => $mail_host, 'MAIL_PORT' => $mail_port, 'MAIL_USERNAME' => $mail_username, 'MAIL_PASSWORD' => $mail_password, 'MAIL_FROM_ADDRESS' => $mail_from, 'MAIL_FROM_NAME' => $mail_from_name, 'ST_BASE' => $st_base, 'ST_AUTO_API' => $st_auto_api_key, 'ST_ANON_API' => $st_anon_api, 'TMP_SETUP_AUTH_KEY' => $setup_auth_key])->render(); $handle = fopen('../.env', 'w'); if (fwrite($handle, $compiled_configuration) === FALSE) { $response = view('error', ['message' => 'Could not write configuration to disk.']); } else { Cache::flush(); $setup_finish_arguments = json_encode(['acct_username' => $acct_username, 'acct_email' => $acct_email, 'acct_password' => $acct_password, 'setup_auth_key' => $setup_auth_key]); $response = redirect(route('setup_finish')); // set cookie with information needed for finishSetup, expire in 60 seconds // we use PHP's setcookie rather than Laravel's cookie capabilities because // our app key changes and Laravel encrypts cookies. setcookie('setup_arguments', $setup_finish_arguments, time() + 60); } fclose($handle); return $response; }
public static function createLink($long_url, $is_secret = false, $custom_ending = null, $link_ip = '127.0.0.1', $creator = false, $return_object = false) { /** * Given parameters needed to create a link, generate appropriate ending and * return formatted link. * * @param string $custom_ending * @param boolean (optional) $is_secret * @param string (optional) $custom_ending * @param string $link_ip * @param string $creator * @return string $formatted_link */ $is_already_short = LinkHelper::checkIfAlreadyShortened($long_url); if ($is_already_short) { throw new \Exception('Sorry, but your link already looks like a shortened URL.'); } if (!$is_secret && !$custom_ending && ($existing_link = LinkHelper::longLinkExists($long_url))) { // if link is not specified as secret, is non-custom, and // already exists in Polr, lookup the value and return return self::formatLink($existing_link); } if ($custom_ending) { // has custom ending $ending_conforms = LinkHelper::validateEnding($custom_ending); if (!$ending_conforms) { throw new \Exception('Sorry, but custom endings can only contain alphanumeric characters'); } $ending_in_use = LinkHelper::linkExists($custom_ending); if ($ending_in_use) { throw new \Exception('Sorry, but this URL ending is already in use.'); } $link_ending = $custom_ending; } else { // no custom ending $link_ending = LinkHelper::findSuitableEnding(); } $link = new Link(); $link->short_url = $link_ending; $link->long_url = $long_url; $link->ip = $link_ip; $link->is_custom = $custom_ending != null; if ($creator) { // if user is logged in, save user as creator $link->creator = $creator; } if ($is_secret) { $rand_bytes_num = intval(env('POLR_SECRET_BYTES')); $secret_key = CryptoHelper::generateRandomHex($rand_bytes_num); $link->secret_key = $secret_key; } else { $secret_key = false; } $link->save(); $formatted_link = self::formatLink($link_ending, $secret_key); if ($return_object) { return $link; } return $formatted_link; }