/**
* beforeExecuteRoute($dispatcher) before init route
*
* @param $dispatcher
* @return bool
*/
public function beforeExecuteRoute($dispatcher)
{
//auth token
if ($this->cookies->has('remember')) {
// if user was remembered
$userId = $this->cookies->get('remember')->getValue();
$rememberToken = $this->cookies->get('rememberToken')->getValue();
$users = new Users();
$user = $users->findFirst(["id = ?0", "bind" => [$userId]]);
// create user auth token
$userToken = md5($user->getPassword() . $user->getSalt());
// set authentication for logged user
if ($rememberToken == $userToken) {
$this->session->set('auth', $user);
}
}
$auth = $this->session->get('auth');
// if the user is logged in
if (!$auth) {
$this->flashSession->error("You don't have access");
// dispatch to login page
return $dispatcher->forward(['controller' => 'auth', 'action' => 'index']);
}
$this->_user = $auth;
}
/**
* Shows the forgot password form
*/
public function forgotPasswordAction()
{
$form = new ForgotPasswordForm();
if ($this->request->isPost()) {
if ($form->isValid($this->request->getPost()) == false) {
foreach ($form->getMessages() as $message) {
$this->flash->error($message);
}
} else {
$user = Users::findFirstByEmail($this->request->getPost('email'));
if (!$user) {
$this->flash->success('Не найден аккаунт привязанный к этой почте');
} else {
$resetPassword = new ResetPasswords();
$resetPassword->usersId = $user->id;
if ($resetPassword->save()) {
$this->flash->success('Удачно! Пожалуйста проверте Вашу электронную почту для смены пароля');
} else {
foreach ($resetPassword->getMessages() as $message) {
$this->flash->error($message);
}
}
}
}
}
$this->view->form = $form;
}
public function activate()
{
$http = new Http();
$id = $http->get('id');
$date = $http->get('register');
if (!empty($id) && !empty($date)) {
$activation = new \models\Activation();
if ($activation->check($id, $date)) {
$user = new Users($id);
$user->setActive();
$user->writeData(true);
Location::To(URL . 'success/success/Aktywacja powiodła się możesz teraz się zalogować.');
} else {
Location::To(URL . 'error');
}
} else {
Location::To(URL . 'error');
}
}
public function complete()
{
$http = new Http();
$id = $http->get('id');
$rand = $http->get('rand');
$email = $http->get('email');
if ($http->isActive('change')) {
$id = $http->post('id');
$rand = $http->post('rand');
$email = $http->post('email');
}
if (!empty($id) && !empty($rand) && $email) {
$pass = new \models\PasswordRecovery($email);
if ($pass->checkUserToChange($id, $rand)) {
if ($http->isActive('change')) {
$pass_1 = $http->post('password');
$pass_2 = $http->post('password_2');
$passVal = new \lib\PassVal("Nieprawidłowe hasło", "Hasła nie są takie same.", 5, 15);
$validator = new \lib\Validator(array('password' => $passVal, 'password_2' => $passVal));
if ($validator->validate($http->post())) {
$user = new Users($id);
$user->setPassword($pass_1);
$user->writeData(true);
$pass->deleteUserToChange($id);
$message = 'Twoje hało zostalo zmienione .';
Location::To(URL . 'success/success/' . $message);
} else {
$this->errors = $validator->getErrors();
$this->render('changepassword', array('categories' => $this->categories, 'd_product' => $this->d_product, 'id' => $id, 'rand' => $rand, 'email' => $email, 'errors' => $this->errors));
}
}
$this->render('changepassword', array('categories' => $this->categories, 'd_product' => $this->d_product, 'id' => $id, 'rand' => $rand, 'email' => $email));
} else {
Location::To(URL . 'error');
}
} else {
Location::To(URL . 'error');
}
}
public function loginAction()
{
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
return $this->errorJSONResponse('Метод не доступен с этим HTTP-методом', 403);
}
if (!isset($_POST['email'], $_POST['pass'])) {
return $this->errorJSONResponse('Не хватает одного из параметров', 500);
}
$email = $_POST['email'];
$pass = $_POST['pass'];
/** @var Users $user */
$user = Users::getOne(['email' => $email]);
if (!$user || $user->pass !== md5($user->salt . $pass . $user->salt)) {
return $this->errorJSONResponse('Такого пользователя не существует', 501);
}
return $this->successJSONResponse('Пользователь успешно авторизован', ['UID' => $user->id, 'token' => $user->authenticated == 1 ? $user->token : $user->generateToken()]);
}
public function beforeExecuteRoute($dispatcher)
{
$action = $dispatcher->getActionName();
$controller = $dispatcher->getControllerName();
if (\Models\Users::isAuthorized()) {
foreach (\Models\Users::getInstance()->getGroups() as $group) {
if (static::getInstanceAccess()->isAllowed($group->getName(), $controller, $action) == \Phalcon\Acl::ALLOW) {
return true;
}
}
$this->forward('errors/Forbidden');
} else {
if (static::getInstanceAccess()->isAllowed('guest', $controller, $action) == \Phalcon\Acl::ALLOW) {
return true;
}
$this->redirect('/login/');
}
return true;
}
public function addAction()
{
$this->tag->setTitle('Add post');
$form = new \Forms\Blogs\Posts\Add();
if ($this->request->isPost()) {
if ($form->isValid($this->request->getPost())) {
$post = new \Models\Blogs\Posts();
$post->setUser(\Models\Users::getInstance());
if (static::fillModelByFormFromRequest($post, $form, 'blogs')->create()) {
static::flash('success', 'Post added!');
$form->setEntity($post);
} else {
static::flash('error', $post->getMessages());
}
} else {
static::flash('warning', $form->getMessages());
}
}
$this->view->form = $form;
}
public function submitAction()
{
if ($this->request->isPost()) {
$form = new \Forms\Login();
if ($form->isValid($this->request->getPost())) {
if (\Models\Users::login($this->request->getPost('email'), $this->request->getPost('password'), $this->request->getPost('remember') ? 1 : 0)) {
$user = \Models\Users::findFirst($this->session->get('user'));
static::flash('success', sprintf('Welcome %s!', ucfirst($user->name)));
static::redirect('/cabinet/');
return true;
} else {
static::flash('error', 'E-Mail or Password not valid.');
}
} else {
static::flash('warning', $form->getMessages());
}
}
static::forward('login/index');
return false;
}
public function submitAction()
{
if ($this->request->isPost()) {
$form = new \Forms\Register();
if ($form->isValid($this->request->getPost())) {
$user = \Models\Users::register($this->request->getPost('email'), $this->request->getPost('password'), array('name' => $this->request->getPost('name'), 'lastname' => $this->request->getPost('lastname')));
if ($user->getId()) {
static::flash('success', 'Thank you for registering!');
static::redirect('/login/');
return true;
} else {
static::flash('error', $user->getMessages());
}
} else {
static::flash('warning', $form->getMessages());
}
}
static::forward('register/index');
return false;
}
public function indexAction()
{
$this->tag->setTitle('Cabinet');
$user = \Models\Users::getInstance();
$form = new \Forms\Cabinet\Edit();
if ($this->request->isPost()) {
$form = new \Forms\Cabinet\Edit();
if ($form->isValid($this->request->getPost())) {
static::fillModelByFormFromRequest($user, $form, 'users');
if ($user->save()) {
static::flash('success', 'Saved');
} else {
static::flash('error', $user->getMessages());
}
} else {
static::flash('warning', $form->getMessages());
}
} else {
$form->setEntity($user);
}
$this->view->form = $form;
}
/**
* Deletes a User
*
* @param int $id
*/
public function deleteAction($id)
{
$model = Users::findFirstById($id);
if (!$model) {
$this->flash->error("Пользователь не найден");
return $this->dispatcher->forward(array('action' => 'index'));
}
if (!$model->delete()) {
$this->flash->error($model->getMessages());
} else {
$this->flash->success("Пользователь удален");
}
return $this->dispatcher->forward(array('action' => 'index'));
}
public function message()
{
$http = new Http();
$id = $http->post('id');
if ($http->isActive('user_id')) {
$user_id = $http->post('user_id');
$user = new Users($user_id);
$messages_m = new Messages($user_id);
} else {
$message_m = new Message($id);
$message_m->setReaded(true);
$message_m->writeData(true);
$messages_m = new Messages($message_m->getUserId());
$user = new Users($message_m->getUserId());
}
$messages = $messages_m->getMessages(false, false, true);
$array_messages = array();
if (!empty($messages)) {
foreach ($messages as $key => $m) {
if (!$m->getDisplaySeller()) {
continue;
}
$array_messages[$key]['id'] = $m->getId();
$array_messages[$key]['message'] = $m->getMessage();
$array_messages[$key]['date'] = $m->getDate();
}
}
echo $this->render('adminmessage', array('messages' => $array_messages, 'user' => $user->getLogin(), 'user_id' => $user->getId()));
}
public function beforeCreate()
{
$this->setUser(\Models\Users::getInstance());
}
public function indexAction()
{
\Models\Users::logout();
static::redirect('login');
}
public function user()
{
return \Models\Users::getInstance();
}
<?php
namespace controllers;
use models\Country;
use models\Users;
use PDOException;
require __DIR__ . '/autoload.php';
try {
$data = Country::findAll();
var_dump($data);
$data = Users::findAll();
var_dump($data);
} catch (PDOException $e) {
echo 'Подключение не удалось: ' . $e->getMessage();
}
/**
* Help method which update last activity time of user
*
* @param string $sessionHash
*/
private function updateSession($sessionHash = null)
{
$this->mUsers->updateSession($this->currentUser(), $sessionHash);
}
/**
* LogIn action
*/
public function indexAction()
{
if ($this->request->isPost()) {
if ($this->security->checkToken()) {
// The token is ok, check authorization
$login = $this->request->getPost('username');
$password = $this->request->getPost('password');
$remember = $this->request->getPost('remember');
$users = new Users();
$user = $users->findFirst(["login = ?0", "bind" => [$login]]);
if ($user) {
if ($this->security->checkHash($password, $user->getPassword())) {
// Check if the "remember me" was selected
if (isset($remember)) {
$this->cookies->set('remember', $user->getId(), time() + $this->_config->rememberKeep);
$this->cookies->set('rememberToken', md5($user->getPassword() . $user->getSalt()), time() + $this->_config->rememberKeep);
}
// set authentication for logged user
$this->session->set('auth', $user);
// update auth params
$user->setDateLastvisit(date('Y-m-d H:i:s'))->setIp($this->request->getClientAddress())->setUa($this->request->getUserAgent())->save();
$referrer = parse_url($this->request->getHTTPReferer(), PHP_URL_PATH);
if ($this->_logger) {
$this->_logger->log('Authenticate success from ' . $this->request->getClientAddress());
}
// full http redirect to the referrer page
if ($referrer != $this->request->getURI()) {
return $this->response->redirect($referrer);
} else {
return $this->response->redirect('dashboard');
}
} else {
// Wrong authenticate data (password or login)
$this->flashSession->error("Wrong authenticate data");
if ($this->_logger) {
$this->_logger->error('Authenticate failed from ' . $this->request->getClientAddress() . '. Wrong authenticate data');
}
$this->response->redirect('dashboard/auth');
$this->view->disable();
}
} else {
// user does not exist in database
$this->flashSession->error("The user not found");
if ($this->_logger) {
$this->_logger->error('Authenticate failed from ' . $this->request->getClientAddress() . '. The user ' . $login . ' not found');
}
$this->response->redirect('dashboard/auth');
$this->view->disable();
}
} else {
// CSRF protection
if ($this->_logger) {
$this->_logger->error('Authenticate failed from ' . $this->request->getClientAddress() . '. CSRF attack');
}
$this->flashSession->error("Invalid access token");
$this->response->redirect('dashboard/auth');
$this->view->disable();
}
}
$this->view->setMainView('non-auth-layout');
}
/**
* Get the entity related to user in the active identity
*
* @return \Models\Users
*/
public function getUser()
{
$identity = $this->session->get('auth');
if (isset($identity['id'])) {
$user = Users::findFirstById($identity['id']);
if ($user == false) {
throw new Exception('Такого пользователя не существует');
}
return $user;
}
return false;
}
