/** * Log this user in. This basically updates the user's sign-in time, and updates any old password hashes. * * You assign this user's id to $_SESSION["userfrosting"]["user_id"] after calling login, so that it will persist in the session. */ public function login() { // Add a sign in event (time is automatically set by database) $this->newEventSignIn(); // Update password if we had encountered an outdated hash if (Authentication::getPasswordHashType($this->password) != "modern") { // Hash the user's password and update $password_hash = Authentication::getPasswordHashType($password); if ($password_hash === null) { error_log("Notice: outdated password hash could not be updated because the new hashing algorithm is not supported. Are you running PHP >= 5.3.7?"); } else { $this->password = $password_hash; error_log("Notice: outdated password hash has been automatically updated to modern hashing."); } } // Save changes $this->save(); return $this; }
/** * Process UserFrosting registration. This function is copied form UserFrosting class and modified to register the user first * and then save the Open Authentication details * @return \UserFrosting\User */ public function ufRegister() { // POST: user_name, display_name, email, title, password, passwordc, captcha, spiderbro, csrf_token $post = $this->_app->request->post(); // Get the alert message stream $ms = $this->_app->alerts; // Check the honeypot. 'spiderbro' is not a real field, it is hidden on the main page and must be submitted with its default value for this to be processed. if (!$post['spiderbro'] || $post['spiderbro'] != "http://") { error_log("Possible spam received:" . print_r($this->_app->request->post(), true)); $ms->addMessage("danger", "Aww hellllls no!"); $this->_app->halt(500); // Don't let on about why the request failed ;-) } // Load the request schema $requestSchema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/register.json"); // Set up Fortress to process the request $rf = new \Fortress\HTTPRequestFortress($ms, $requestSchema, $post); // Security measure: do not allow registering new users until the master account has been created. if (!\UserFrosting\User::find($this->_app->config('user_id_master'))) { $ms->addMessageTranslated("danger", "MASTER_ACCOUNT_NOT_EXISTS"); $this->_app->halt(403); } // Check if registration is currently enabled if (!$this->_app->site->can_register) { $ms->addMessageTranslated("danger", "ACCOUNT_REGISTRATION_DISABLED"); $this->_app->halt(403); } // Prevent the user from registering if he/she is already logged in if (!$this->_app->user->isGuest()) { $ms->addMessageTranslated("danger", "ACCOUNT_REGISTRATION_LOGOUT"); $this->_app->halt(200); } // Sanitize data $rf->sanitize(); // Validate, and halt on validation errors. $error = !$rf->validate(true); // Get the filtered data $data = $rf->data(); // Check captcha, if required if ($this->_app->site->enable_captcha == "1") { if (!$data['captcha'] || md5($data['captcha']) != $_SESSION['userfrosting']['captcha']) { $ms->addMessageTranslated("danger", "CAPTCHA_FAIL"); $error = true; } } // Remove captcha, password confirmation from object data $rf->removeFields(['captcha', 'passwordc']); // Perform desired data transformations. Is this a feature we could add to Fortress? $data['display_name'] = trim($data['display_name']); $data['locale'] = $this->_app->site->default_locale; if ($this->_app->site->require_activation) { $data['flag_verified'] = 0; } else { $data['flag_verified'] = 1; } // Check if username or email already exists if (\UserFrosting\User::where('user_name', $data['user_name'])->first()) { $ms->addMessageTranslated("danger", "ACCOUNT_USERNAME_IN_USE", $data); $error = true; } if (\UserFrosting\User::where('email', $data['email'])->first()) { $ms->addMessageTranslated("danger", "ACCOUNT_EMAIL_IN_USE", $data); $error = true; } // Halt on any validation errors if ($error) { $this->_app->halt(400); } // Get default primary group (is_default = GROUP_DEFAULT_PRIMARY) $primaryGroup = \UserFrosting\Group::where('is_default', GROUP_DEFAULT_PRIMARY)->first(); // Check that a default primary group is actually set if (!$primaryGroup) { $ms->addMessageTranslated("danger", "ACCOUNT_REGISTRATION_BROKEN"); error_log("Account registration is not working because a default primary group has not been set."); $this->_app->halt(500); } $data['primary_group_id'] = $primaryGroup->id; // Set default title for new users $data['title'] = $primaryGroup->new_user_title; // Hash password $data['password'] = \UserFrosting\Authentication::hashPassword($data['password']); // Create the user $user = new \UserFrosting\User($data); // Add user to default groups, including default primary group $defaultGroups = \UserFrosting\Group::where('is_default', GROUP_DEFAULT)->get(); $user->addGroup($primaryGroup->id); foreach ($defaultGroups as $group) { $user->addGroup($group->id); } // Create sign-up event $user->newEventSignUp(); // Store new user to database $user->save(); if ($this->_app->site->require_activation) { // Create verification request event $user->newEventVerificationRequest(); $user->save(); // Re-save with verification event // Create and send verification email $twig = $this->_app->view()->getEnvironment(); $template = $twig->loadTemplate("mail/activate-new.twig"); $notification = new \UserFrosting\Notification($template); $notification->fromWebsite(); // Automatically sets sender and reply-to $notification->addEmailRecipient($user->email, $user->display_name, ["user" => $user]); try { $notification->send(); } catch (\phpmailerException $e) { $ms->addMessageTranslated("danger", "MAIL_ERROR"); error_log('Mailer Error: ' . $e->errorMessage()); //$this->_app->halt(500); } $ms->addMessageTranslated("success", "ACCOUNT_REGISTRATION_COMPLETE_TYPE2"); } else { // No activation required $ms->addMessageTranslated("success", "ACCOUNT_REGISTRATION_COMPLETE_TYPE1"); } // Srinivas : The OAuth function will need the user object, so that it can get the ID to save the OAuth record // Invoking this in OAuth to register using return $user; }