public function register_user()
{
$username = $this->username;
$name = $this->name == null ? $this->username : $this->name;
$password = $this->password;
$mail = $this->mail;
$errors = array();
$hasher = new \CODOF\Pass(8, false);
$hash = $hasher->HashPassword($password);
if (strlen($hash) >= 20) {
$fields = array("username" => $username, "name" => $name, "pass" => $hash, "mail" => $mail, "created" => time(), "last_access" => time(), "user_status" => $this->user_status, "avatar" => $this->avatar, "no_posts" => $this->no_posts, "oauth_id" => $this->oauth_id);
$qry = 'INSERT INTO codo_users (username, name, pass, mail, created, last_access, user_status, avatar, no_posts, oauth_id) ' . 'VALUES(:username, :name, :pass, :mail, :created, :last_access, :user_status, :avatar, :no_posts, :oauth_id)';
$obj = $this->db->prepare($qry);
if (!$obj->execute($fields)) {
\CODOF\Log::error("Could not register user! \nError:\n " . print_r($obj->errorInfo(), true) . " \nData:\n" . print_r($fields, true));
$errors[] = "Could not register user";
} else {
$this->userid = $this->db->lastInsertId('id');
\DB::table(PREFIX . 'codo_user_roles')->insert(array('uid' => $this->userid, 'rid' => $this->rid, 'is_primary' => 1));
if ($this->user_status == 0) {
$this->add_signup_attempt($fields);
$this->send_mail($fields, $errors);
}
//TODO: CurrentUser -> store user
//dont know the security implications when $fields is passed with hook
\CODOF\Hook::call('on_user_registered');
}
}
return $errors;
}
/**
*
* Checks if username and password is not empty
* Checks if user exists and password matches
* Logs the user in
* remember_me() is called
*
* @return type
*/
public function process_login()
{
//don't neeed much validation since we use prepared queries
$username = strip_tags(trim($this->username));
$hasher = new \CODOF\Pass(8, false);
$password = $this->password;
$errors = array();
if (strlen($username) == 0) {
$errors[]["msg"] = _t("username field cannot be left empty");
}
if (strlen($password) == 0) {
$errors[]["msg"] = _t("password field cannot be left empty");
}
if (strlen($password) < 72 && empty($errors)) {
$user = User::getByUsername($username);
$ip = $_SERVER['REMOTE_ADDR'];
//cannot be trusted at all ;)
$ban = new Ban($this->db);
if ($user && $ban->is_banned(array($ip, $username, $user->mail))) {
$ban_len = '';
if ($ban->expires > 0) {
$ban_len = _t("until ") . date('d-m-Y h:m:s', $ban->expires);
}
return json_encode(array("msg" => _t("You have been banned ") . $ban_len));
}
if ($user && $hasher->CheckPassword($password, $user->pass)) {
User::login($user->id);
$user = User::get();
$user->rememberMe();
return json_encode(array("msg" => "success", "uid" => $user->id, "rid" => $user->rid, "role" => User::getRoleName($user->rid)));
} else {
\CODOF\Log::info('failed login attempt by ' . $username . 'wrong username/password');
return json_encode(array("msg" => _t("Wrong username or password")));
}
} else {
return json_encode($errors);
}
}
/**
* This function is called on every page load by the user .
*
* It checks for any cron that is scheduled to run
*
* @return boolean
*/
public function run($cron = null)
{
$crons = $this->acquire_lock($cron);
if (!$crons) {
$this->cleanUp();
//could not acquire lock because another cron is already running
//or the cron last completed is not older than cron_interval
return false;
}
//script must continue even if user aborts
@ignore_user_abort(true);
//parallel crons may cause write conflicts
if (!$this->serial) {
//write and end session
session_write_close();
}
//amount of time for which cron is allowed to run
set_time_limit($this->time_limit);
ob_start();
$this->add_core_hooks();
foreach ($crons as $cron) {
if ($cron['cron_name'] == 'core') {
//run all core jobs of cron
$this->run_jobs();
}
//there is no guarantee that user defined plugins wont produce
//errors .
try {
\CODOF\Hook::call('on_cron_' . $cron['cron_name']);
} catch (Exception $ex) {
}
}
$this->log = ob_get_clean();
//cron jobs done, set status as not running
$this->release_lock();
//below hook should not be used to run cron jobs
\CODOF\Hook::call('after_cron_run');
if ($this->log != '') {
\CODOF\Log::info('Cron:' . $this->log);
}
return true;
}
/**
*
* @param array|string $permissions true if all are allowed
* @param int $rid
* @param string $module
* @return boolean
*
* Checks if the user with $rid has
* permissions($permissions) for the module(default core)
*
* If an array of permissions are passed it returns true if all of them
* are satisfied
*/
public static function hasAllPermissions(array $permissions, $uid, $cid = 0, $tid = 0)
{
//Hook::call('has_permission', $permissions);
if (!isset(self::$permissions[$uid])) {
self::getPermissions($uid);
}
foreach ($permissions as $permission) {
if (!isset(self::$permissions[$uid][$permission])) {
\CODOF\Log::notice("Permission {$permission} not found in ACL");
return FALSE;
}
if ($cid > 0 && !isset(self::$permissions[$uid][$permission][$cid])) {
$cid = 0;
}
if ($tid > 0 && !isset(self::$permissions[$uid][$permission][$cid][$tid])) {
$tid = 0;
}
if (self::$permissions[$uid][$permission][$cid][$tid] !== self::GRANTED) {
return FALSE;
}
}
return TRUE;
}
