/**
* Require a user to be logged in. Redirects to /login if a session is not found.
* @param int $rank
* @return int|bool
*/
protected function _requireLogin($rank = \Model\User::RANK_CLIENT)
{
$f3 = \Base::instance();
if ($id = $f3->get("user.id")) {
if ($f3->get("user.rank") >= $rank) {
return $id;
} else {
$f3->error(403);
$f3->unload();
return false;
}
} else {
if ($f3->get("site.demo") && is_numeric($f3->get("site.demo"))) {
$user = new \Model\User();
$user->load($f3->get("site.demo"));
if ($user->id) {
$session = new \Model\Session($user->id);
$session->setCurrent();
$f3->reroute("/");
return;
} else {
$f3->set("error", "Auto-login failed, demo user was not found.");
}
}
if (empty($_GET)) {
$f3->reroute("/login?to=" . urlencode($f3->get("PATH")));
} else {
$f3->reroute("/login?to=" . urlencode($f3->get("PATH")) . urlencode("?" . http_build_query($_GET)));
}
$f3->unload();
return false;
}
}
public function registerpost($f3)
{
// Exit immediately if public registrations are disabled
if (!$f3->get("site.public_registration")) {
$f3->error(400);
return;
}
$errors = array();
$user = new \Model\User();
// Check for existing users
$user->load(array("email=?", $f3->get("POST.register-email")));
if ($user->id) {
$user->reset();
$errors[] = "A user already exists with this email address.";
}
$user->load(array("username=?", $f3->get("POST.register-username")));
if ($user->id) {
$user->reset();
$errors[] = "A user already exists with this username.";
}
// Validate user data
if (!$f3->get("POST.register-name")) {
$errors[] = "Name is required";
}
if (!preg_match("/^[0-9a-z]{4,}\$/i", $f3->get("POST.register-username"))) {
$errors[] = "Usernames must be at least 4 characters and can only contain letters and numbers.";
}
if (!filter_var($f3->get("POST.register-email"), FILTER_VALIDATE_EMAIL)) {
$errors[] = "A valid email address is required.";
}
if (strlen($f3->get("POST.register-password")) < 6) {
$errors[] = "Password must be at least 6 characters.";
}
// Show errors or create new user
if ($errors) {
$f3->set("register.error", implode("<br>", $errors));
$this->_render("index/login.html");
} else {
$user->reset();
$user->username = trim($f3->get("POST.register-username"));
$user->email = trim($f3->get("POST.register-email"));
$user->name = trim($f3->get("POST.register-name"));
$security = \Helper\Security::instance();
extract($security->hash($f3->get("POST.register-password")));
$user->password = $hash;
$user->salt = $salt;
$user->task_color = sprintf("#%02X%02X%02X", mt_rand(0, 0xff), mt_rand(0, 0xff), mt_rand(0, 0xff));
$user->save();
// Create a session and use it
$session = new \Model\Session($user->id);
$session->setCurrent();
$f3->reroute("/");
}
}