public static function createNewRecoveryKey($username)
{
$recovery_key = CryptoHelper::generateRandomHex(50);
$user = User::where('active', 1)->where('username', $username)->first();
if ($user == null) {
return false;
}
$user->recovery_key = $recovery_key;
$user->save();
}
public function generateNewAPIKey(Request $request)
{
self::ensureAdmin();
$user_id = $request->input('user_id');
$user = UserHelper::getUserById($user_id);
if (!$user) {
abort(404, 'User not found.');
}
$new_api_key = CryptoHelper::generateRandomHex(env('_API_KEY_LENGTH'));
$user->api_key = $new_api_key;
$user->save();
return $user->api_key;
}
public function performSignup(Request $request)
{
if (env('POLR_ALLOW_ACCT_CREATION') == false) {
return redirect(route('index'))->with('error', 'Sorry, but registration is disabled.');
}
$username = $request->input('username');
$password = $request->input('password');
$email = $request->input('email');
if (!self::checkRequiredArgs([$username, $password, $email])) {
// missing a required argument
return redirect(route('signup'))->with('error', 'Please fill in all required fields.');
}
$ip = $request->ip();
$user_exists = UserHelper::userExists($username);
$email_exists = UserHelper::emailExists($email);
if ($user_exists || $email_exists) {
// if user or email email
return redirect(route('signup'))->with('error', 'Sorry, your email or username already exists. Try again.');
}
$email_valid = UserHelper::validateEmail($email);
if ($email_valid == false) {
return redirect(route('signup'))->with('error', 'Please use a valid email to sign up.');
}
$acct_activation_needed = env('POLR_ACCT_ACTIVATION');
if ($acct_activation_needed == false) {
// if no activation is necessary
$active = 1;
$response = redirect(route('login'))->with('success', 'Thanks for signing up! You may now log in.');
} else {
// email activation is necessary
$response = redirect(route('login'))->with('success', 'Thanks for signing up! Please confirm your email to continue..');
$active = 0;
}
$api_active = false;
$api_key = null;
if (env('SETTING_AUTO_API') == 'on') {
// if automatic API key assignment is on
$api_active = 1;
$api_key = CryptoHelper::generateRandomHex(env('_API_KEY_LENGTH'));
}
$user = UserFactory::createUser($username, $email, $password, $active, $ip, $api_key, $api_active);
if ($acct_activation_needed) {
Mail::send('emails.activation', ['username' => $username, 'recovery_key' => $user->recovery_key, 'ip' => $ip], function ($m) use($user) {
$m->from(env('MAIL_FROM_ADDRESS'), env('MAIL_FROM_NAME'));
$m->to($email, $username)->subject(env('APP_NAME') . ' account activation');
});
}
return $response;
}
public static function createUser($username, $email, $password, $active = 0, $ip = '127.0.0.1', $api_key = false, $api_active = 0)
{
$hashed_password = Hash::make($password);
$recovery_key = CryptoHelper::generateRandomHex(50);
$user = new User();
$user->username = $username;
$user->password = $hashed_password;
$user->email = $email;
$user->recovery_key = $recovery_key;
$user->active = $active;
$user->ip = $ip;
$user->api_key = $api_key;
$user->api_active = $api_active;
$user->save();
return $user;
}
public static function performSetup(Request $request)
{
if (env('POLR_SETUP_RAN')) {
return self::setupAlreadyRan();
}
$app_key = CryptoHelper::generateRandomHex(16);
$setup_auth_key = CryptoHelper::generateRandomHex(16);
$app_name = $request->input('app:name');
$app_protocol = $request->input('app:protocol');
$app_address = $request->input('app:external_url');
$app_protocol = $request->input('app:protocol');
$app_stylesheet = $request->input('app:stylesheet');
date_default_timezone_set('UTC');
$date_today = date('F jS, Y');
$polr_setup_ran = 'true';
$db_host = $request->input('db:host');
$db_port = $request->input('db:port');
$db_name = $request->input('db:name');
$db_username = $request->input('db:username');
$db_password = $request->input('db:password');
$st_public_interface = $request->input('setting:public_interface');
$polr_registration_setting = $request->input('setting:registration_permission');
if ($polr_registration_setting == 'no-verification') {
$polr_acct_activation = false;
$polr_allow_acct_creation = true;
} else {
if ($polr_registration_setting == 'none') {
$polr_acct_activation = false;
$polr_allow_acct_creation = false;
} else {
if ($polr_registration_setting == 'email') {
$polr_acct_activation = true;
$polr_allow_acct_creation = true;
} else {
return view('error', ['message' => 'Invalid registration settings']);
}
}
}
$acct_username = $request->input('acct:username');
$acct_email = $request->input('acct:email');
$acct_password = $request->input('acct:password');
$acct_group = "admin";
// if true, only logged in users can shorten
$st_shorten_permission = $request->input('setting:shorten_permission');
$st_index_redirect = $request->input('setting:index_redirect');
$st_password_recov = $request->input('setting:password_recovery');
$st_base = $request->input('setting:base');
$st_auto_api_key = $request->input('setting:auto_api_key');
$st_anon_api = $request->input('setting:anon_api');
$mail_host = $request->input('app:smtp_server');
$mail_port = $request->input('app:smtp_port');
$mail_username = $request->input('app:smtp_username');
$mail_password = $request->input('app:smtp_password');
$mail_from = $request->input('app:smtp_from');
$mail_from_name = $request->input('app:smtp_from_name');
if ($mail_host) {
$mail_enabled = true;
} else {
$mail_enabled = false;
}
$compiled_configuration = view('env', ['APP_KEY' => $app_key, 'APP_NAME' => $app_name, 'APP_PROTOCOL' => $app_protocol, 'APP_ADDRESS' => $app_address, 'APP_STYLESHEET' => $app_stylesheet, 'POLR_GENERATED_AT' => $date_today, 'POLR_SETUP_RAN' => $polr_setup_ran, 'DB_HOST' => $db_host, 'DB_PORT' => $db_port, 'DB_USERNAME' => $db_username, 'DB_PASSWORD' => $db_password, 'DB_DATABASE' => $db_name, 'ST_PUBLIC_INTERFACE' => $st_public_interface, 'POLR_ALLOW_ACCT_CREATION' => $polr_allow_acct_creation, 'POLR_ACCT_ACTIVATION' => $polr_acct_activation, 'ST_SHORTEN_PERMISSION' => $st_shorten_permission, 'ST_INDEX_REDIRECT' => $st_index_redirect, 'ST_PASSWORD_RECOV' => $st_password_recov, 'MAIL_ENABLED' => $mail_enabled, 'MAIL_HOST' => $mail_host, 'MAIL_PORT' => $mail_port, 'MAIL_USERNAME' => $mail_username, 'MAIL_PASSWORD' => $mail_password, 'MAIL_FROM_ADDRESS' => $mail_from, 'MAIL_FROM_NAME' => $mail_from_name, 'ST_BASE' => $st_base, 'ST_AUTO_API' => $st_auto_api_key, 'ST_ANON_API' => $st_anon_api, 'TMP_SETUP_AUTH_KEY' => $setup_auth_key])->render();
$handle = fopen('../.env', 'w');
if (fwrite($handle, $compiled_configuration) === FALSE) {
$response = view('error', ['message' => 'Could not write configuration to disk.']);
} else {
Cache::flush();
$setup_finish_arguments = json_encode(['acct_username' => $acct_username, 'acct_email' => $acct_email, 'acct_password' => $acct_password, 'setup_auth_key' => $setup_auth_key]);
$response = redirect(route('setup_finish'));
// set cookie with information needed for finishSetup, expire in 60 seconds
// we use PHP's setcookie rather than Laravel's cookie capabilities because
// our app key changes and Laravel encrypts cookies.
setcookie('setup_arguments', $setup_finish_arguments, time() + 60);
}
fclose($handle);
return $response;
}
public static function createLink($long_url, $is_secret = false, $custom_ending = null, $link_ip = '127.0.0.1', $creator = false, $return_object = false)
{
/**
* Given parameters needed to create a link, generate appropriate ending and
* return formatted link.
*
* @param string $custom_ending
* @param boolean (optional) $is_secret
* @param string (optional) $custom_ending
* @param string $link_ip
* @param string $creator
* @return string $formatted_link
*/
$is_already_short = LinkHelper::checkIfAlreadyShortened($long_url);
if ($is_already_short) {
throw new \Exception('Sorry, but your link already
looks like a shortened URL.');
}
if (!$is_secret && !$custom_ending && ($existing_link = LinkHelper::longLinkExists($long_url))) {
// if link is not specified as secret, is non-custom, and
// already exists in Polr, lookup the value and return
return self::formatLink($existing_link);
}
if ($custom_ending) {
// has custom ending
$ending_conforms = LinkHelper::validateEnding($custom_ending);
if (!$ending_conforms) {
throw new \Exception('Sorry, but custom endings
can only contain alphanumeric characters');
}
$ending_in_use = LinkHelper::linkExists($custom_ending);
if ($ending_in_use) {
throw new \Exception('Sorry, but this URL ending is already in use.');
}
$link_ending = $custom_ending;
} else {
// no custom ending
$link_ending = LinkHelper::findSuitableEnding();
}
$link = new Link();
$link->short_url = $link_ending;
$link->long_url = $long_url;
$link->ip = $link_ip;
$link->is_custom = $custom_ending != null;
if ($creator) {
// if user is logged in, save user as creator
$link->creator = $creator;
}
if ($is_secret) {
$rand_bytes_num = intval(env('POLR_SECRET_BYTES'));
$secret_key = CryptoHelper::generateRandomHex($rand_bytes_num);
$link->secret_key = $secret_key;
} else {
$secret_key = false;
}
$link->save();
$formatted_link = self::formatLink($link_ending, $secret_key);
if ($return_object) {
return $link;
}
return $formatted_link;
}
