public function registerForm($request) { if (isset($_POST['XSRF'])) { if (\Kingboard\Lib\Form::getXSRFToken() == $_POST['XSRF']) { if (!isset($_POST['passwd']) || !isset($_POST['passwd2']) || !isset($_POST['login'])) { $this->_context['registration_failed'] = 'Please fill in all fields'; } elseif ($_POST['passwd'] != $_POST['passwd2']) { $this->_context['registration_failed'] = 'both Password fields need to have the same value'; } elseif (!is_null(\Kingboard\Model\User::findOne(array('username' => $_POST['login'])))) { $this->_context['registration_failed'] = 'email/login allready in use'; } elseif (!\Kingboard\Lib\Form::isEmail($_POST['login'])) { $this->_context['registration_failed'] = 'not a valid email adresse'; } else { $validationCode = sha1(time() . $_POST['login']); $user = new \Kingboard\Model\User(); $user->username = $_POST['login']; $user->password = hash('sha256', $_POST['passwd']); $user->status = \Kingboard\Model\User::STATUS_NEW; $user->validationCode = $validationCode; $user->save(); $body = file_get_contents(APP_PATH . '/templates/mails/verify_email.html'); $body = strtr($body, array("{{username}}" => $_POST['login'], "{{hostname}}" => \King23\Core\Registry::getInstance()->baseHost, "{{activationkey}}" => $validationCode)); $headers = "From: " . \King23\Core\Registry::getInstance()->sendFromEmail . "\r\n"; $headers .= "Reply-To: " . \King23\Core\Registry::getInstance()->sendFromEmail . "\r\n"; $headers .= "X-Mailer: PHP/" . phpversion(); mail($_POST['login'], "Kingboard Activation", $body, $headers); $this->redirect('/'); } } else { $this->_context['registration_failed'] = 'XSRF Token Invalid.'; } } return $this->render('user/registration.html', $_POST); }
public function delete(array $params) { if (\Kingboard\Lib\Form::getXSRFToken() != $params['xsrf']) { return $this->error('xsrf token missmatch'); } $user = \Kingboard\Lib\Auth\Auth::getUser(); if (isset($user['keys'])) { $keys = $user['keys']; unset($keys[$params['keyid']]); $user->keys = $keys; $user->save(); } $this->myKingboard(array()); }
/** * this method is the one that should be called when the * user returns from the OAuth2 Provider, and will use the auth class set * in config to process the data * @param array $params should contain one key named key, identifying which key from the config to use for this provider * @return string */ public function callback(array $params) { if ($_GET['state'] != \Kingboard\Lib\Form::getXSRFToken()) { return $this->error("XSRF Token mismatch"); } try { $config = \King23\Core\Registry::getInstance()->oAuth2ProviderList[$params["key"]]; $class = $config['auth_class']; $class::login($config); $this->redirect("/account/"); } catch (\Exception $e) { $this->_context['login_failed'] = $e->getMessage(); return $this->login($params); } }
/** * constructor, should be called by all derived views * will cause redirect if $loginrequired and not logged in * @param bool $loginrequired */ public function __construct($loginrequired = false) { if (isset($_COOKIE['PHPSESSID'])) { session_start(); } if ($loginrequired && !Auth::isLoggedIn()) { session_start(); $this->redirect("/login"); } parent::__construct(); $reg = Registry::getInstance(); $this->_context['images'] = $reg->imagePaths; $this->_context['baseHost'] = $reg->baseHost; $this->_context['disqus'] = $reg->disqus; // ownerID, if this is an owned board, this should be filled, for public boards this needs to be false $this->_context['ownerID'] = $reg->ownerID; // ownerType, if this is an owned board, this should be filled, for public boards this doesn't matter $this->_context['ownerType'] = $reg->ownerType; // when user is logged in we provide user object to all pages, false otherwise $this->_context['user'] = Auth::getUser(); // make sure all views have the XSRF Token available $this->_context['XSRF'] = Form::getXSRFToken(); // Global Kingboard information // pass version information $this->_context['Kingboard']['Version'] = Kingboard::VERSION; // ownerName, use Kingboard if not set if (!is_null($reg->ownerName) && $reg->ownerName) { $this->_context['Kingboard']['Name'] = $reg->ownerName; } else { $this->_context['Kingboard']['Name'] = Kingboard::NAME; } // release name $this->_context['Kingboard']['ReleaseName'] = Kingboard::RELEASE_NAME; // pick bootstrap theme path from public/css/themes folder $this->_context['theme'] = !is_null($reg->theme) ? $reg->theme : "default"; // set header image, fall back to default if non configured $this->_context['header_image'] = !is_null($reg->headerImage) ? $reg->headerImage : "/images/banner/kingboard.png"; $debugbar = $reg->debugbar; if (!is_null($debugbar)) { $jsrenderer = new JavascriptRenderer($debugbar, '/DebugBar'); $this->_context['debugbar_header'] = $jsrenderer->renderhead(); $this->_context['debugbar'] = $jsrenderer->render(); } // ingame browser check $this->_context['igb'] = $this->isIGB(); }