public function register_user() { $username = $this->username; $name = $this->name == null ? $this->username : $this->name; $password = $this->password; $mail = $this->mail; $errors = array(); $hasher = new \CODOF\Pass(8, false); $hash = $hasher->HashPassword($password); if (strlen($hash) >= 20) { $fields = array("username" => $username, "name" => $name, "pass" => $hash, "mail" => $mail, "created" => time(), "last_access" => time(), "user_status" => $this->user_status, "avatar" => $this->avatar, "no_posts" => $this->no_posts, "oauth_id" => $this->oauth_id); $qry = 'INSERT INTO codo_users (username, name, pass, mail, created, last_access, user_status, avatar, no_posts, oauth_id) ' . 'VALUES(:username, :name, :pass, :mail, :created, :last_access, :user_status, :avatar, :no_posts, :oauth_id)'; $obj = $this->db->prepare($qry); if (!$obj->execute($fields)) { \CODOF\Log::error("Could not register user! \nError:\n " . print_r($obj->errorInfo(), true) . " \nData:\n" . print_r($fields, true)); $errors[] = "Could not register user"; } else { $this->userid = $this->db->lastInsertId('id'); \DB::table(PREFIX . 'codo_user_roles')->insert(array('uid' => $this->userid, 'rid' => $this->rid, 'is_primary' => 1)); if ($this->user_status == 0) { $this->add_signup_attempt($fields); $this->send_mail($fields, $errors); } //TODO: CurrentUser -> store user //dont know the security implications when $fields is passed with hook \CODOF\Hook::call('on_user_registered'); } } return $errors; }
/** * * Checks if username and password is not empty * Checks if user exists and password matches * Logs the user in * remember_me() is called * * @return type */ public function process_login() { //don't neeed much validation since we use prepared queries $username = strip_tags(trim($this->username)); $hasher = new \CODOF\Pass(8, false); $password = $this->password; $errors = array(); if (strlen($username) == 0) { $errors[]["msg"] = _t("username field cannot be left empty"); } if (strlen($password) == 0) { $errors[]["msg"] = _t("password field cannot be left empty"); } if (strlen($password) < 72 && empty($errors)) { $user = User::getByUsername($username); $ip = $_SERVER['REMOTE_ADDR']; //cannot be trusted at all ;) $ban = new Ban($this->db); if ($user && $ban->is_banned(array($ip, $username, $user->mail))) { $ban_len = ''; if ($ban->expires > 0) { $ban_len = _t("until ") . date('d-m-Y h:m:s', $ban->expires); } return json_encode(array("msg" => _t("You have been banned ") . $ban_len)); } if ($user && $hasher->CheckPassword($password, $user->pass)) { User::login($user->id); $user = User::get(); $user->rememberMe(); return json_encode(array("msg" => "success", "uid" => $user->id, "rid" => $user->rid, "role" => User::getRoleName($user->rid))); } else { \CODOF\Log::info('failed login attempt by ' . $username . 'wrong username/password'); return json_encode(array("msg" => _t("Wrong username or password"))); } } else { return json_encode($errors); } }
/** * This function is called on every page load by the user . * * It checks for any cron that is scheduled to run * * @return boolean */ public function run($cron = null) { $crons = $this->acquire_lock($cron); if (!$crons) { $this->cleanUp(); //could not acquire lock because another cron is already running //or the cron last completed is not older than cron_interval return false; } //script must continue even if user aborts @ignore_user_abort(true); //parallel crons may cause write conflicts if (!$this->serial) { //write and end session session_write_close(); } //amount of time for which cron is allowed to run set_time_limit($this->time_limit); ob_start(); $this->add_core_hooks(); foreach ($crons as $cron) { if ($cron['cron_name'] == 'core') { //run all core jobs of cron $this->run_jobs(); } //there is no guarantee that user defined plugins wont produce //errors . try { \CODOF\Hook::call('on_cron_' . $cron['cron_name']); } catch (Exception $ex) { } } $this->log = ob_get_clean(); //cron jobs done, set status as not running $this->release_lock(); //below hook should not be used to run cron jobs \CODOF\Hook::call('after_cron_run'); if ($this->log != '') { \CODOF\Log::info('Cron:' . $this->log); } return true; }
/** * * @param array|string $permissions true if all are allowed * @param int $rid * @param string $module * @return boolean * * Checks if the user with $rid has * permissions($permissions) for the module(default core) * * If an array of permissions are passed it returns true if all of them * are satisfied */ public static function hasAllPermissions(array $permissions, $uid, $cid = 0, $tid = 0) { //Hook::call('has_permission', $permissions); if (!isset(self::$permissions[$uid])) { self::getPermissions($uid); } foreach ($permissions as $permission) { if (!isset(self::$permissions[$uid][$permission])) { \CODOF\Log::notice("Permission {$permission} not found in ACL"); return FALSE; } if ($cid > 0 && !isset(self::$permissions[$uid][$permission][$cid])) { $cid = 0; } if ($tid > 0 && !isset(self::$permissions[$uid][$permission][$cid][$tid])) { $tid = 0; } if (self::$permissions[$uid][$permission][$cid][$tid] !== self::GRANTED) { return FALSE; } } return TRUE; }