public function __construct($sTable) { parent::__construct(); $oUserModel = new UserCoreModel(); $sMail = $this->httpRequest->post('mail'); if (!($iProfileId = $oUserModel->getId($sMail, null, $sTable))) { sleep(1); // Security against brute-force attack to avoid drowning the server and the database \PFBC\Form::setError('form_forgot_password', t('Oops, this "%0%" is not associated with any %site_name% account. Please, make sure that you entered the e-mail address used in creating your account.', escape(substr($sMail, 0, PH7_MAX_EMAIL_LENGTH)))); } else { $oUserModel->setNewHashValidation($iProfileId, Various::genRnd(), $sTable); (new UserCore())->clearReadProfileCache($iProfileId, $sTable); // Clean the profile data (for the new hash) $oData = $oUserModel->readProfile($iProfileId, $sTable); /** We place the text outside of Uri::get() otherwise special characters will be deleted and the parameters passed in the url will be unusable thereafter. **/ $sResetUrl = Uri::get('lost-password', 'main', 'reset', $this->httpRequest->get('mod')) . PH7_SH . $oData->email . PH7_SH . $oData->hashValidation; $this->view->content = t('Hello %0%!<br />Somebody (from the IP address %1%) has requested a new password for their account.', $oData->username, Ip::get()) . '<br />' . t('If you requested for this, click on the link below, otherwise ignore this email and your password will remain unchanged.') . '<br /><a href="' . $sResetUrl . '">' . $sResetUrl . '</a>'; $sMessageHtml = $this->view->parseMail(PH7_PATH_SYS . 'global/' . PH7_VIEWS . PH7_TPL_NAME . '/mail/sys/mod/lost-password/confirm-lost-password.tpl', $oData->email); $aInfo = ['to' => $oData->email, 'subject' => t('Request for new password - %site_name%')]; unset($oData); if (!(new Mail())->send($aInfo, $sMessageHtml)) { \PFBC\Form::setError('form_forgot_password', Form::errorSendingEmail()); } else { \PFBC\Form::setSuccess('form_forgot_password', t('Successfully requested a new password, email sent!')); } } unset($oUserModel); }
public function __construct() { parent::__construct(); $oUserModel = new UserCoreModel(); $oSecurityModel = new SecurityModel(); $sEmail = $this->httpRequest->post('mail'); $sPassword = $this->httpRequest->post('password'); /** Check if the connection is not locked **/ $bIsLoginAttempt = (bool) DbConfig::getSetting('isUserLoginAttempt'); $iMaxAttempts = (int) DbConfig::getSetting('maxUserLoginAttempts'); $iTimeDelay = (int) DbConfig::getSetting('loginUserAttemptTime'); if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view)) { \PFBC\Form::setError('form_login_user', Form::loginAttemptsExceededMsg($iTimeDelay)); return; // Stop execution of the method. } // Check Login $sLogin = $oUserModel->login($sEmail, $sPassword); if ($sLogin === 'email_does_not_exist' || $sLogin === 'password_does_not_exist') { sleep(1); // Security against brute-force attack to avoid drowning the server and the database if ($sLogin === 'email_does_not_exist') { $this->session->set('captcha_enabled', 1); // Enable Captcha \PFBC\Form::setError('form_login_user', t('Oops! "%0%" is not associated with any %site_name% account.', escape(substr($sEmail, 0, PH7_MAX_EMAIL_LENGTH)))); $oSecurityModel->addLoginLog($sEmail, 'Guest', 'No Password', 'Failed! Incorrect Username'); } elseif ($sLogin === 'password_does_not_exist') { $oSecurityModel->addLoginLog($sEmail, 'Guest', $sPassword, 'Failed! Incorrect Password'); if ($bIsLoginAttempt) { $oSecurityModel->addLoginAttempt(); } $this->session->set('captcha_enabled', 1); // Enable Captcha $sWrongPwdTxt = t('Oops! This password you entered is incorrect.') . '<br />'; $sWrongPwdTxt .= t('Please try again (make sure your caps lock is off).') . '<br />'; $sWrongPwdTxt .= t('Forgot your password? <a href="%0%">Request a new one</a>.', Uri::get('lost-password', 'main', 'forgot', 'user')); \PFBC\Form::setError('form_login_user', $sWrongPwdTxt); } } else { $oSecurityModel->clearLoginAttempts(); $this->session->remove('captcha_enabled'); $iId = $oUserModel->getId($sEmail); $oUserData = $oUserModel->readProfile($iId); if ($this->httpRequest->postExists('remember')) { // We hash again the password (new Framework\Cookie\Cookie())->set(array('member_remember' => Security::hashCookie($oUserData->password), 'member_id' => $oUserData->profileId)); } $oUser = new UserCore(); if (true !== ($mStatus = $oUser->checkAccountStatus($oUserData))) { \PFBC\Form::setError('form_login_user', $mStatus); } else { $oUser->setAuth($oUserData, $oUserModel, $this->session); Header::redirect(Uri::get('user', 'account', 'index'), t('You are successfully logged!')); } } }
/** * @return void */ public function __construct() { parent::__construct(); // Import the library Import::lib('Service.Twitter.tmhOAuth'); Import::lib('Service.Twitter.tmhUtilities'); $this->_oTwOAuth = new \tmhOAuth(Config::getInstance()->values['module.api']['twitter.consumer_key'], Config::getInstance()->values['module.api']['twitter.consumer_secret_key']); // determine the authentication status // default to 0 $this->_iState = 0; if (isset($_COOKIE['access_token'], $_COOKIE['access_token_secret'])) { // 2 (authenticated) if the cookies are set $this->_iState = 2; } elseif (isset($_SESSION['authstate'])) { // otherwise use value stored in session $this->_iState = (int) $_SESSION['authstate']; } if ($this->_iState == 1) { // if we are in the process of authentication we continue $this->auth(); } elseif ($this->_iState == 2 && !$this->auth()) { // verify authentication, clearing cookies if it fails $this->endSession(); } if ($this->auth()) { $aProfile = $this->_oTwOAuth->extract_params($this->_oTwOAuth->response['response']); if (empty($aProfile['error'])) { // User info is ok? Here we will be connect the user and/or adding the login and registering routines... $oUserModel = new UserCoreModel(); if (!($iId = $oUserModel->getId($aProfile['email']))) { // Add User if it does not exist in our database $this->add(escape($aProfile, true), $oUserModel); // Add User Avatar $this->setAvatar($aProfile); $this->oDesign->setFlashMsg(t('You have now been registered! %0%', (new Registration())->sendMail($this->_aUserInfo, true)->getMsg())); $this->sUrl = Uri::get('connect', 'main', 'register'); } else { // Login $this->setLogin($iId, $oUserModel); $this->sUrl = Uri::get('connect', 'main', 'home'); } unset($oUserModel); } else { // For testing purposes, if there was an error, let's kill the script $this->oDesign->setFlashMsg(t('Oops! An error has occurred. Please try again later.')); $this->sUrl = Uri::get('connect', 'main', 'index'); } } else { $this->sUrl = Uri::get('connect', 'main', 'index'); } }
/** * Constructor. * * @param object \PH7\Framework\Session\Session $oSession * @param object \PH7\Framework\Mvc\Request\Http $oHttpRequest * @param object \PH7\Framework\Registry\Registry $oRegistry * @return void */ public function __construct(Session $oSession, HttpRequest $oHttpRequest, Registry $oRegistry) { parent::__construct(); /*** Import the libraries ***/ Import::lib('Service.Google.OAuth.Google_Client'); Import::lib('Service.Google.OAuth.contrib.Google_Oauth2Service'); $oClient = new \Google_Client(); $oClient->setApplicationName($oRegistry->site_name); $this->_setConfig($oClient); $oOauth = new \Google_Oauth2Service($oClient); if ($oHttpRequest->getExists('code')) { $oClient->authenticate(); $oSession->set('token', $oClient->getAccessToken()); $this->sUrl = Uri::get('connect', 'main', 'home'); } if ($oSession->exists('token')) { $oClient->setAccessToken($oSession->get('token', false)); } if ($oClient->getAccessToken()) { // User info is ok? Here we will be connect the user and/or adding the login and registering routines... $oUserModel = new UserCoreModel(); // Get information of user $aUserData = $oOauth->userinfo->get(); if (!($iId = $oUserModel->getId($aUserData['email']))) { // Add User if it does not exist in our database $this->add(escape($aUserData, true), $oUserModel); // Add User Avatar if (!empty($aUserData['picture'])) { $this->setAvatar($aUserData['picture']); } $this->oDesign->setFlashMsg(t('You have now been registered! %0%', (new Registration())->sendMail($this->_aUserInfo, true)->getMsg())); $this->sUrl = Uri::get('connect', 'main', 'register'); } else { // Login $this->setLogin($iId, $oUserModel); $this->sUrl = Uri::get('connect', 'main', 'home'); } // Add the access token $oSession->set('token', $oClient->getAccessToken()); unset($oUserModel); } else { $this->sUrl = $oClient->createAuthUrl(); } unset($oClient, $oOauth); }
/** * @return void */ public function __construct() { parent::__construct(); // Import the library Import::lib('Service.Microsoft.Live.oauth_client'); Import::lib('Service.Microsoft.Live.http'); $this->_oClient = new \oauth_client_class(); $this->_setConfig(); /* API permissions */ $this->_oClient->scope = 'wl.basic wl.emails wl.birthday'; if ($bSuccess = $this->_oClient->Initialize()) { if ($bSuccess = $this->_oClient->Process()) { if (strlen($this->_oClient->authorization_error)) { $this->_oClient->error = $this->_oClient->authorization_error; $bSuccess = false; } elseif (strlen($this->_oClient->access_token)) { $bSuccess = $this->_oClient->CallAPI('https://apis.live.net/v5.0/me', 'GET', array(), array('FailOnAccessError' => true), $oUserData); } } $bSuccess = $this->_oClient->Finalize($bSuccess); } if ($this->_oClient->exit) { exit(1); } if ($bSuccess) { // User info is ok? Here we will be connect the user and/or adding the login and registering routines... $oUserModel = new UserCoreModel(); if (!($iId = $oUserModel->getId($oUserData->emails->account))) { // Add User if it does not exist in our database $this->add(escape($oUserData, true), $oUserModel); $this->oDesign->setFlashMsg(t('You have now been registered! %0%', (new Registration())->sendMail($this->_aUserInfo, true)->getMsg())); $this->sUrl = Uri::get('connect', 'main', 'register'); } else { // Login $this->setLogin($iId, $oUserModel); $this->sUrl = Uri::get('connect', 'main', 'home'); } unset($oUserModel); } else { // For testing purposes, if there was an error, let's kill the script $this->oDesign->setFlashMsg(t('Oops! An error has occurred. Please try again later.')); $this->sUrl = Uri::get('connect', 'main', 'index'); } }
/** * @return void */ public function __construct() { parent::__construct(); Import::lib('Service.Facebook.Facebook'); // Import the library $oFb = new \Facebook(array('appId' => Config::getInstance()->values['module.api']['facebook.id'], 'secret' => Config::getInstance()->values['module.api']['facebook.secret_key'])); $sUserId = $oFb->getUser(); if ($sUserId) { try { // Proceed knowing you have a logged in user who's authenticated. $aProfile = $oFb->api('/me'); } catch (\FacebookApiException $oE) { Framework\Error\CException\PH7Exception::launch($oE); $sUserId = null; } if ($aProfile) { // User info is ok? Here we will be connect the user and/or adding the login and registering routines... $oUserModel = new UserCoreModel(); if (!($iId = $oUserModel->getId($aProfile['email']))) { // Add User if it does not exist in our database $this->add(escape($aProfile, true), $oUserModel); // Add User Avatar $this->setAvatar($sUserId); $this->oDesign->setFlashMsg(t('You have now been registered! %0%', (new Registration())->sendMail($this->_aUserInfo, true)->getMsg())); $this->sUrl = Uri::get('connect', 'main', 'register'); } else { // Login $this->setLogin($iId, $oUserModel); $this->sUrl = Uri::get('connect', 'main', 'home'); } unset($oUserModel); } else { // For testing purposes, if there was an error, let's kill the script $this->oDesign->setFlashMsg(t('Oops! An error has occurred. Please try again later.')); $this->sUrl = Uri::get('connect', 'main', 'index'); } } else { // There's no active session, let's generate one $this->sUrl = $oFb->getLoginUrl(array('scope' => 'email,user_birthday,user_relationships,user_relationship_details,user_hometown,user_location,user_interests,user_about_me,user_likes,user_website')); } unset($oFb); }
public function __construct() { parent::__construct(); $oUserModel = new UserCoreModel(); $oMailModel = new MailModel(); $bIsAdmin = AdminCore::auth() && !UserCore::auth() && !$this->session->exists('login_user_as'); $sMessage = $this->httpRequest->post('message', Http::ONLY_XSS_CLEAN); $sCurrentTime = $this->dateTime->get()->dateTime('Y-m-d H:i:s'); $iTimeDelay = (int) DbConfig::getSetting('timeDelaySendMail'); $sRecipient = $this->httpRequest->post('recipient'); $iRecipientId = $oUserModel->getId(null, $sRecipient); $iSenderId = (int) ($bIsAdmin ? PH7_ADMIN_ID : $this->session->get('member_id')); if ($iSenderId == $iRecipientId) { \PFBC\Form::setError('form_compose_mail', t('Oops! You can not send a message to yourself.')); } elseif ($sRecipient == PH7_ADMIN_USERNAME) { \PFBC\Form::setError('form_compose_mail', t('Oops! You cannot reply to administrator! If you want to contact us, please use our <a href="%0%">contact form</a>.', Uri::get('contact', 'contact', 'index'))); } elseif (!(new ExistsCoreModel())->id($iRecipientId, 'Members')) { \PFBC\Form::setError('form_compose_mail', t('Oops! The username "%0%" does not exist.', escape(substr($this->httpRequest->post('recipient'), 0, PH7_MAX_USERNAME_LENGTH), true))); } elseif (!$bIsAdmin && !$oMailModel->checkWaitSend($iSenderId, $iTimeDelay, $sCurrentTime)) { \PFBC\Form::setError('form_compose_mail', Form::waitWriteMsg($iTimeDelay)); } elseif (!$bIsAdmin && $oMailModel->isDuplicateContent($iSenderId, $sMessage)) { \PFBC\Form::setError('form_compose_mail', Form::duplicateContentMsg()); } else { $mSendMsg = $oMailModel->sendMsg($iSenderId, $iRecipientId, $this->httpRequest->post('title'), $sMessage, $sCurrentTime); if (false === $mSendMsg) { \PFBC\Form::setError('form_compose_mail', t('Problem while sending the message. Please try again later.')); } else { // If the notification is accepted and the message recipient isn't connected NOW, we send a message. if (!$oUserModel->isNotification($iRecipientId, 'newMsg') && $oUserModel->isOnline($iRecipientId, 0)) { $this->view->content = t('Hello %0%!<br />You have received a new message from <strong>%1%</strong>.<br /> <a href="%2%">Click here</a> to read your message.', $this->httpRequest->post('recipient'), $this->session->get('member_username'), Uri::get('mail', 'main', 'inbox', $mSendMsg)); $sRecipientEmail = $oUserModel->getEmail($iRecipientId); $sMessageHtml = $this->view->parseMail(PH7_PATH_SYS . 'global/' . PH7_VIEWS . PH7_TPL_NAME . '/mail/sys/mod/mail/new_msg.tpl', $sRecipientEmail); $aInfo = ['to' => $sRecipientEmail, 'subject' => t('New private message from %0% on %site_name%', $this->session->get('member_first_name'))]; (new Mail())->send($aInfo, $sMessageHtml); } $sUrl = $bIsAdmin ? Uri::get(PH7_ADMIN_MOD, 'user', 'browse') : Uri::get('mail', 'main', 'index'); Header::redirect($sUrl, t('Your message has been sent successfully!')); } unset($oUserModel, $oMailModel); } }
protected function isOnline($sUsername) { $oUserModel = new UserCoreModel(); $iProfileId = $oUserModel->getId(null, $sUsername); $bIsOnline = $oUserModel->isOnline($iProfileId, Framework\Mvc\Model\DbConfig::getSetting('userTimeout')); unset($oUserModel); return $bIsOnline; }