public function install($db_type)
{
$f3 = \Base::instance();
$db_type = strtoupper($db_type);
if ($db = storage::instance()->get($db_type)) {
$f3->set('DB', $db);
} else {
$f3->error(256, 'no valid DB specified');
}
// setup the models
\Model\Post::setup();
\Model\Tag::setup();
\Model\Comment::setup();
\Model\User::setup();
// create demo admin user
$user = new \Model\User();
$user->load(array('username = ?', 'admin'));
if ($user->dry()) {
$user->username = '******';
$user->name = 'Administrator';
$user->password = '******';
$user->save();
\Flash::instance()->addMessage('Admin User created,' . ' username: admin, password: fabulog', 'success');
}
\Flash::instance()->addMessage('Setup complete', 'success');
}
public function action_facebookConnect()
{
assert(Auth::guest());
$profile = Helper::facebook()->api('/me');
$user = Model\User::where_facebook_id($profile['id'])->first();
if (!$user) {
$user = new Model\User();
$user->facebook_id = $profile['id'];
$user->name = $profile['name'];
$user->save();
}
Auth::login($user->id);
?>
<html>
<head>
<script type="text/javascript">
if (window.opener) {
window.opener.location = '<?php
echo URL::to_route('login');
?>
';
window.close();
} else {
window.location = '<?php
echo URL::to_route('login');
?>
';
}
</script>
</head>
<body>
</body>
</html>
<?php
}
function update()
{
if (count($_POST) > 0) {
$user = new Model\User(array('username' => $_POST['username_old']));
$user->username = $_POST['username'];
$user->password = md5($_POST['password']);
$user->fullname = $_POST['fullname'];
$user->email = $_POST['email'];
$user->level = $_POST['level'];
$user->save();
}
}
public function addAction()
{
$this->_layoutRenderDisable();
$this->_view->form = $form = new \Core\Form('adduser');
if ($form->isValid()) {
$model = new \Model\User();
$model->save($form->getValues());
$this->_view->success = true;
} else {
$this->_view->success = false;
}
}
/**
* Installs tables with default user
* @param $db_type
*/
public function install($db_type)
{
$f3 = \Base::instance();
$db_type = strtoupper($db_type);
if ($db = DBHandler::instance()->get($db_type)) {
$f3->set('DB', $db);
} else {
$f3->error(256, 'no valid Database Type specified');
}
// setup the models
\Model\User::setup();
\Model\Payload::setup();
\Model\Webot::setup();
// create demo admin user
$user = new \Model\User();
$user->load(array('username = ?', 'mth3l3m3nt'));
if ($user->dry()) {
$user->username = '******';
$user->name = 'Framework Administrator';
$user->password = '******';
$user->email = '*****@*****.**';
$user->save();
//migrate payloads successfully
$payload_file = $f3->ROOT . $f3->BASE . '/db_dump_optional/mth3l3m3nt_payload';
if (file_exists($payload_file)) {
$payload = new \Model\Payload();
$payload_file_data = $f3->read($payload_file);
$payloadarray = json_decode($payload_file_data, true);
foreach ($payloadarray as $payloaddata) {
$payload->pName = $payloaddata['pName'];
$payload->pType = $payloaddata['pType'];
$payload->pCategory = $payloaddata['pCategory'];
$payload->pDescription = $payloaddata['pDescription'];
$payload->payload = $payloaddata['payload'];
$payload->save();
//ensures values set to null before continuing update
$payload->reset();
}
//migtate payloads
\Flash::instance()->addMessage('Payload StarterPack: ,' . 'All Starter Pack Payloads added New database', 'success');
} else {
\Flash::instance()->addMessage('Payload StarterPack: ,' . 'StarterPack Database not Found no payloads installed ', 'danger');
}
\Flash::instance()->addMessage('Admin User created,' . ' username: mth3l3m3nt, password: mth3l3m3nt', 'success');
}
\Flash::instance()->addMessage('New Database Setup Completed', 'success');
}
public function createAction()
{
// init
$this->init();
// if form submitted
if ($this->request->getPost('action') == 'save') {
// save new user
$user = new \Model\User();
$user->firstName = $this->request->getPost('firstName', 'string');
$user->lastName = $this->request->getPost('lastName', 'string');
$user->username = $this->request->getPost('username', 'string');
$user->password = $this->request->getPost('password', 'string');
$user->save();
// redirect
$this->response->redirect(ROOT . 'admin/users/', true);
}
// set main view
$this->view->setMainView('block-module-users/admin-create');
}
/**
* Proceed request to update profile
*/
public function updAction()
{
\Auth::check();
try {
$oldUser = new \Model\User($_SESSION['uid']);
$newUser = new \Model\User();
$newUser->id = $_SESSION['uid'];
$newUser->fillPropertiesFromArray($_POST);
if (empty($newUser->password)) {
$newUser->setEncryptedPassword($oldUser->password);
}
$newUser->save();
} catch (\Exception\ModelInvalid $e) {
$this->show('profile', ['saveErrors' => $newUser->getValidationErrors(), 'user' => $oldUser, 'saved' => false]);
return;
} catch (\Exception $e) {
echo $e->getMessage();
$this->show('profile', ['saveErrors' => ['Ошибка загрузки профиля пользователя'], 'user' => $oldUser, 'saved' => false]);
return;
}
$this->makeHistoryChanges($oldUser, $newUser);
$this->show('profile', ['saveErrors' => [], 'user' => $newUser, 'saved' => true]);
}
$install_db = file_get_contents("db/database.sql");
$db->exec(explode(";", $install_db));
// Create admin user
$f3->set("db.instance", $db);
$security = \Helper\Security::instance();
$user = new \Model\User();
$user->role = "admin";
$user->rank = 5;
// superadmin
$user->name = "Admin";
$user->username = $post["user-username"] ?: "admin";
$user->email = $post["user-email"];
$user->salt = $security->salt();
$user->password = $security->hash($post["user-password"] ?: "admin", $user->salt);
$user->api_key = $security->salt_sha1();
$user->save();
} catch (PDOException $e) {
$f3->set("warning", $e->getMessage());
return false;
}
// Ensure required directories exist
if (!is_dir("tmp/cache")) {
mkdir("tmp/cache", 0777, true);
}
if (!is_dir("log")) {
mkdir("log", 0777, true);
}
// Build custom config string
$config = "[globals]";
if (!empty($post["language"])) {
$config .= "\nLANGUAGE={$post['language']}";
/**
* find the correct cmd, so we know where the user should be send
* @author Adrian Berger <*****@*****.**>
* @version 1.0.0
* @access private
* @param $database MySQLI Connection
* @param $template Twig Template
* @return $content Twig Template File
*/
public function doHandle($database, $template)
{
switch ($this->cmd) {
case 'json':
require_once 'Controller/json.class.php';
$JSON = new \Controller\JsonController();
$JSON->getData($database);
die;
break;
case 'logout':
// The complete login is done over the session, so we destroy the complete session to logout the user
session_unset();
session_destroy();
header('Location: ?cmd=login');
die;
break;
case 'login':
$loginContent = $template->loadTemplate('login.html');
// if submit is set, the user wants to login, so we try if he can or not
if (isset($_POST['submit'])) {
$user = new \Model\User('', $_POST['username'], '', '', $_POST['password'], '');
/* If the login data from the user are correct, we send him to survey, so he can answer the questions
if not, we tell him the data are wrong. We don't tell him what is wrong, because it will be
easier for hackers to find out correct data */
if ($user->checkLogin($database)) {
$user->saveUserIsLoggedIn($database);
header('Location: ?cmd=overview&message=hello');
die;
} else {
$content = $loginContent->render(array('ERROR_MESSAGE' => 'Login Daten sind falsch', "USERNAME" => $user->getName()));
}
} else {
$content = $loginContent->render(array());
}
break;
case 'passwordChange':
if (isset($_POST['submit'])) {
$user = new \Model\User($_SESSION['userId'], '', '', '', $_POST['password'], '');
$user->changePassword($database);
header('Location: ?cmd=passwordChange&message=changed');
die;
}
$model = $template->loadTemplate('changePassword.html');
$message = '';
if (isset($_GET['message']) && $_GET['message'] == "changed") {
$message = "Passwort wurde erfolgreich geändert";
}
$content = $model->render(array('MESSAGE' => $message));
break;
case 'register':
$registerContent = $template->loadTemplate('register.html');
// if submit is set, the user tries to register, so we check if we can register him or not
if (isset($_POST['submit'])) {
$user = new \Model\User('', $_POST['username'], $_POST['firstname'], $_POST['lastname'], $_POST['password'], $_POST['email']);
// we check the data again, for users which have turned of javascript in browser
$errorData = $user->checkregisterData($database);
// if all data are correct, we save the new user and send him to survey, so he can answer the questions
if ($errorData == "") {
$user->save($database);
$user->saveUserIsLoggedIn($database);
header('Location: ?cmd=overview&message=hello');
die;
} else {
$content = $registerContent->render(array('ERROR_MESSAGE' => $errorData, 'USERNAME' => $user->getName(), 'FIRSTNAME' => $user->getFirstname(), 'LASTNAME' => $user->getLastname(), 'E_MAIL' => $user->getEmail()));
}
} else {
$content = $registerContent->render(array());
}
break;
case 'overview':
require_once 'htmlpurifier/library/HTMLPurifier.auto.php';
$config = \HTMLPurifier_Config::createDefault();
$config->set('HTML.AllowedElements', array('br', 'img', 'p'));
$config->set('HTML.AllowedAttributes', array('img.src', 'img.alt'));
$purifier = new \HTMLPurifier($config);
if (isset($_GET['act']) && isset($_SESSION['userName'])) {
switch ($_GET['act']) {
case 'edit':
$post = new \Model\Post($_GET['id'], '', '', '', '');
$post->getById($database);
if ($post->getUserId() == $_SESSION['userId']) {
if (isset($_POST['submit'])) {
if (isset($_POST['title']) && isset($_POST['content'])) {
$post->setContent($_POST['content']);
$post->setTitle($_POST['title']);
$post->update($database, $purifier);
header('Location: ?cmd=overview&message=edited');
die;
}
} else {
$model = $template->loadTemplate('modifyPost.html');
$content = $model->render(array('HEADING' => 'Eintrag bearbeiten', 'TITLE' => $post->getTitle(), 'POSTCONTENT' => $post->getContent(), 'ACT' => 'edit&id=' . $post->getId()));
}
} else {
header('Location: ?cmd=overview');
die;
}
break;
case 'delete':
$post = new \Model\Post($_GET['id'], '', '', '', '');
$post->getById($database);
if ($post->getUserId() == $_SESSION['userId']) {
$post->delete($database);
}
header('Location: ?cmd=overview&message=deleted');
die;
break;
case 'add':
if (isset($_POST['submit'])) {
if (isset($_POST['title']) && isset($_POST['content'])) {
$post = new \Model\Post('', $_POST['title'], $_POST['content'], $_SESSION['userId'], time());
$post->save($database, $purifier);
header('Location: ?cmd=overview&message=added');
die;
}
}
$model = $template->loadTemplate('modifyPost.html');
$content = $model->render(array('HEADING' => 'Neuer Eintrag', 'ACT' => 'add'));
default:
break;
}
} else {
$message = '';
if (isset($_GET['message']) && isset($_SESSION['userName'])) {
switch ($_GET['message']) {
case 'deleted':
$message = 'Eintrag wurde gelöscht';
break;
case 'added':
$message = 'Eintrag wurde erstellt';
break;
case 'edited':
$message = 'Eintrag wurde geändert';
break;
case 'hello':
$message = 'Um einen neuen Eintarg zu erstellen, klicken sie auf das Plus oben rechts';
break;
}
} else {
if (!isset($_SESSION['infoWindow'])) {
$_SESSION['infoWindow'] = 'shown';
$message = 'Bitte melden Sie sich an um einen Eintrag zu erstellen';
}
}
$list = new \Model\PostList($database, $template);
$model = $template->loadTemplate('postList.html');
$content = $model->render(array('POSTS' => $list->getList($database, $template), 'MESSAGE' => $message));
}
break;
default:
header('Location: ?cmd=overview');
die;
break;
}
return $content;
}
public function group_ajax($f3)
{
if (!$f3->get("AJAX")) {
$f3->error(400);
}
$group = new \Model\User();
$group->load(array("id = ? AND deleted_date IS NULL AND role = 'group'", $f3->get("POST.group_id")));
if (!$group->id) {
$f3->error(404);
return;
}
switch ($f3->get('POST.action')) {
case "add_member":
foreach ($f3->get("POST.user") as $user_id) {
$user_group = new \Model\User\Group();
$user_group->load(array("user_id = ? AND group_id = ?", $user_id, $f3->get("POST.group_id")));
if (!$user_group->id) {
$user_group->group_id = $f3->get("POST.group_id");
$user_group->user_id = $user_id;
$user_group->save();
} else {
// user already in group
}
}
break;
case "remove_member":
$user_group = new \Model\User\Group();
$user_group->load(array("user_id = ? AND group_id = ?", $f3->get("POST.user_id"), $f3->get("POST.group_id")));
$user_group->delete();
$this->_printJson(array("deleted" => 1));
break;
case "change_title":
$group->name = trim($f3->get("POST.name"));
$group->username = \Web::instance()->slug($group->name);
$group->save();
$this->_printJson(array("changed" => 1));
break;
}
}
public function reset_forced($f3)
{
$user = new \Model\User();
$user->loadCurrent();
if ($f3->get("POST.password1") != $f3->get("POST.password2")) {
$f3->set("reset.error", "The given passwords don't match.");
} elseif (strlen($f3->get("POST.password1")) < 6) {
$f3->set("reset.error", "The given password is too short. Passwords must be at least 6 characters.");
} else {
// Save new password and redirect to dashboard
$security = \Helper\Security::instance();
$user->salt = $security->salt();
$user->password = $security->hash($f3->get("POST.password1"), $user->salt);
$user->save();
$f3->reroute("/");
return;
}
$this->_render("index/reset_forced.html");
}
public function avatar($f3, $params)
{
$f3 = \Base::instance();
$user = new \Model\User();
$user->load($this->_userId);
if (!$user->id) {
$f3->error(404);
return;
}
$web = \Web::instance();
$f3->set("UPLOADS", 'uploads/avatars/');
if (!is_dir($f3->get("UPLOADS"))) {
mkdir($f3->get("UPLOADS"), 0777, true);
}
$overwrite = true;
$slug = true;
//Make a good name
$parts = pathinfo($_FILES['avatar']['name']);
$_FILES['avatar']['name'] = $user->id . "-" . substr(sha1($user->id), 0, 4) . "." . $parts["extension"];
$f3->set("avatar_filename", $_FILES['avatar']['name']);
$web->receive(function ($file) use($f3, $user) {
if ($file['size'] > $f3->get("files.maxsize")) {
return false;
}
$user->avatar_filename = $f3->get("avatar_filename");
$user->save();
return true;
}, $overwrite, $slug);
// Clear cached profile picture data
$cache = \Cache::instance();
$cache->clear($f3->hash("GET /avatar/48/{$user->id}.png") . ".url");
$cache->clear($f3->hash("GET /avatar/96/{$user->id}.png") . ".url");
$cache->clear($f3->hash("GET /avatar/128/{$user->id}.png") . ".url");
$f3->reroute("/user");
}
if (empty($_POST['phone'])) {
$errors['phone'] = 'empty';
$valid = false;
} else {
if (!is_numeric($_POST['phone'])) {
$errors['phone'] = 'invalid';
$valid = false;
}
}
// email check
if ($user->findBy('email', $email)) {
$errors['email'] = 'invalid';
$valid = false;
}
if ($valid) {
if ($user->save(array('fb_id' => $fbId, 'email' => $email, 'f_name' => $fName, 'l_name' => $lName, 'province' => $province, 'phone' => $phone, 'profession' => $profession))) {
header("Location: login?fb_id=" . $fbId);
exit;
}
}
} else {
$fName = isset($_GET['fname']) ? $_GET['fname'] : '';
$lName = isset($_GET['lname']) ? $_GET['lname'] : '';
$email = isset($_GET['email']) ? $_GET['email'] : '';
$fbId = isset($_GET['fb_id']) ? $_GET['fb_id'] : '';
}
?>
<div id="register" class="center-block text-center">
<div id="register-form">
<form action="" method="POST">
<div class="form-group <?php
/**
* POST /auth.json
*/
public function auth($f3)
{
switch ($f3->get('POST.action')) {
case 'salt':
$user = new \Model\User();
$user->load(['username = ?', $f3->get('POST.username')]);
if ($user->id) {
$this->_json(['salt' => $user->password_salt]);
} else {
$this->_json(['salt' => null, 'error' => 'User does not exist.']);
}
break;
case 'auth':
// Verify login
$user = new \Model\User();
$user->load(['username = ?', $f3->get('POST.username')]);
if ($user->id && password_verify($f3->get('POST.password_hash'), $user->password_hash)) {
// Re-hash passphrase if it doesn't meet the current security settings
if (password_needs_rehash($user->password_hash, PASSWORD_DEFAULT, ['cost' => \App::config()['security']['bcrypt_cost']])) {
$user->password_hash = password_hash($f3->get('POST.password_hash'), PASSWORD_DEFAULT, ['cost' => \App::config()['security']['bcrypt_cost']]);
$user->save();
}
// Generate and return session token
$token = \Helper\Security::generateToken($user->id);
$this->_json(['user_id' => $user->id, 'token' => $token]);
} else {
$this->_json(['error' => 'Invalid username or password.']);
}
break;
}
}
<?php
include_once '../../base.php';
$data = array_map('trim', $_POST);
$username = trim(strip_tags($data['username']));
$email = trim(strip_tags($data['email']));
$json['status'] = 0;
if ($username) {
$user = Model\User::findUserByName($username);
if (!$user) {
$pwd = $data['password'];
$new_user = new Model\User();
$new_user->init(array('user_name' => $username, 'user_pwd' => $data['password'], 'email' => $email));
$new_user->save();
$json['status'] = 1;
$json['message'] = "用户 {$username} 注册成功!";
} else {
$json['message'] = "该用户名已被注册。 ";
}
} else {
$json['message'] = "用户名无效,请重新输入。";
}
echo json_encode($json);
