public function index() { $session = Session::instance(); $this->template->header->this_body = 'crowdmap-home'; $beta_session_thing = $session->get('real_deal'); if ($beta_session_thing == 2) { $this->template->content = new View('mhi/beta_signup'); } else { $this->template->content = new View('mhi/mhi'); } $this->template->header->js .= new View('mhi/mhi_js'); $this->template->header->js_files = array(html::script('media/js/mhi/jquery.cycle.min')); $mhi_user_id = $session->get('mhi_user_id'); $form = array('username' => '', 'password' => ''); // Copy the form as errors, so the errors will be stored with keys corresponding to the form field names $errors = $form; $form_error = FALSE; // Set up the validation object $_POST = Validation::factory($_POST)->pre_filter('trim')->add_rules('username', 'required')->add_rules('password', 'required'); if ($_POST->validate() or $mhi_user_id != FALSE) { // Sanitize $_POST data removing all inputs without rules $postdata_array = $_POST->safe_array(); // MHI user not already logged in, so do it if ($mhi_user_id == FALSE) { $mhi_user = new Mhi_User_Model(); $mhi_user_id = $mhi_user->login($postdata_array['username'], $postdata_array['password']); } // If success (already logged in or login successful), move on if ($mhi_user_id != FALSE) { url::redirect('mhi/manage'); } else { $_POST->add_error('username', 'Login Error'); // Repopulate the form fields $form = arr::overwrite($form, $_POST->as_array()); // Populate the error fields, if any // We need to already have created an error message file, for Kohana to use // Pass the error message file name to the errors() method $errors = arr::overwrite($errors, $_POST->errors('auth')); $form_error = TRUE; } } $this->template->header->errors = $errors; $this->template->header->form = $form; $this->template->header->form_error = $form_error; }
static function save_user($a) { // Check if MHI user already exists $count = ORM::factory('mhi_user')->where('email', $a['email'])->count_all(); if ($count != 0) { throw new Kohana_User_Exception('DB Entry Error', "Email address for MHI user already exists. Pole sana."); } $salt = Kohana::config('auth.salt_pattern'); $mhi_user = ORM::factory('mhi_user'); $mhi_user->firstname = $a['firstname']; $mhi_user->lastname = $a['lastname']; $mhi_user->email = $a['email']; $mhi_user->password = sha1($a['password'] . $salt); $mhi_user->save(); // Log the new user in so they will be authenticated after creation Mhi_User_Model::login($a['email'], sha1($a['password'] . $salt)); $result = ORM::factory('mhi_user')->where('email', $a['email'])->find_all(); $id = 0; foreach ($result as $res) { $id = $res->id; } return $id; }
public function processcreation() { // Used to populate form fields. Will assign values on error $errors = array(); $form = array('signup_first_name' => '', 'signup_last_name' => '', 'signup_email' => '', 'signup_password' => '', 'signup_subdomain' => '', 'signup_instance_name' => '', 'signup_instance_tagline' => ''); $form_error = array(); // Process Form if ($_POST) { $sfn = isset($_POST['signup_first_name']) ? $_POST['signup_first_name'] : ''; $sln = isset($_POST['signup_last_name']) ? $_POST['signup_last_name'] : ''; $sem = isset($_POST['signup_email']) ? $_POST['signup_email'] : ''; $spw = isset($_POST['signup_password']) ? $_POST['signup_password'] : ''; $form = array('signup_first_name' => $sfn, 'signup_last_name' => $sln, 'signup_email' => $sem, 'signup_password' => $spw, 'signup_subdomain' => strtolower($_POST['signup_subdomain']), 'signup_instance_name' => $_POST['signup_instance_name'], 'signup_instance_tagline' => $_POST['signup_instance_tagline']); $post = Validation::factory($_POST); // Trim whitespaces $post->pre_filter('trim'); $session = Session::instance(); $mhi_user_id = $session->get('mhi_user_id'); $blocked_subdomains = Kohana::config('mhi.blocked_subdomains'); // These rules are only required if we aren't already logged in if ($mhi_user_id == FALSE) { $post->add_rules('signup_first_name', 'required'); $post->add_rules('signup_last_name', 'required'); $post->add_rules('signup_email', 'required', 'email'); $post->add_rules('signup_password', 'required'); } else { $post->add_rules('verify_password', 'required'); } $post->add_rules('signup_subdomain', 'required', 'alpha_dash'); $post->add_rules('signup_instance_name', 'required'); $post->add_rules('signup_instance_tagline', 'required'); // If we pass validation AND it's not one of the blocked subdomains if ($post->validate()) { $mhi_user = new Mhi_User_Model(); $db_genesis = new DBGenesis(); $mhi_site_database = new Mhi_Site_Database_Model(); $mhi_site = new Mhi_Site_Model(); // Setup DB name variable $base_db = $db_genesis->current_db(); $new_db_name = $base_db . '_' . strtolower($post->signup_subdomain); // Do some graceful validation if (!isset($post->signup_tos)) { return array('errors' => $errors, 'form' => $form, 'form_error' => array('signup_tos' => 'You must accept the Website Terms of Use.')); } if (strlen($post->signup_subdomain) < 4 or strlen($post->signup_subdomain) > 32) { // ERROR: subdomain length falls outside the char length bounds allowed. return array('errors' => $errors, 'form' => $form, 'form_error' => array('signup_subdomain' => 'Subdomain must be between at least 4 characters and no more than 32 characters long. Please try again.')); } if ($mhi_site->domain_exists($post->signup_subdomain)) { // ERROR: Domain already assigned in MHI DB. return array('errors' => $errors, 'form' => $form, 'form_error' => array('signup_subdomain' => 'This subdomain has already been taken. Please try again.')); } if ($mhi_site_database->db_assigned($new_db_name) or $db_genesis->db_exists($new_db_name)) { // ERROR: Database already exists and/or is already assigned in the MHI DB return array('errors' => $errors, 'form' => $form, 'form_error' => array('signup_subdomain' => 'This subdomain is not allowed. Please try again.')); } if (in_array(strtolower($post->signup_subdomain), $blocked_subdomains)) { // ERROR: Blocked Subdomain return array('errors' => $errors, 'form' => $form, 'form_error' => array('signup_subdomain' => 'This subdomain is not allowed. Please try again.')); } // Check passwords if logged in and create user if not if ($mhi_user_id != FALSE) { // Get user info $user = $mhi_user->get($mhi_user_id); $salt = Kohana::config('auth.salt_pattern'); $verify_password = sha1($post->verify_password . $salt); if ($verify_password != $user->password) { // ERROR: Passwords do not match. return array('errors' => $errors, 'form' => $form, 'form_error' => array('password' => 'Password doesn\'t match. Please try again.')); } $user_id = $mhi_user_id; $email = $user->email; $name = $user->firstname . ' ' . $user->lastname; $password = $post->verify_password; } else { // Save new user $user_id = $mhi_user->save_user(array('firstname' => $post->signup_first_name, 'lastname' => $post->signup_last_name, 'email' => $post->signup_email, 'password' => $post->signup_password)); $email = $post->signup_email; $name = $post->signup_first_name . ' ' . $post->signup_last_name; $password = $post->signup_password; // Log new user in $mhi_user_id = $mhi_user->login($email, $password); Mhi_Log_Model::log($mhi_user_id, 6); } // Set up DB and Site // Create site $site_id = $mhi_site->save_site(array('user_id' => $user_id, 'site_domain' => strtolower($post->signup_subdomain), 'site_privacy' => 1, 'site_active' => 1)); // Set up database and save details to MHI DB $db_genesis->create_db($new_db_name); $mhi_site_database->assign_db($new_db_name, $site_id); $db_genesis->populate_db($new_db_name, array('username' => $email, 'name' => $name, 'password' => $password, 'email' => $email), array('site_name' => $post->signup_instance_name, 'site_tagline' => $post->signup_instance_tagline, 'site_domain' => strtolower($post->signup_subdomain))); // Congrats, everything has been set up. Send an email confirmation. $settings = kohana::config('settings'); $new_site_url = 'http://' . strtolower($post->signup_subdomain) . '.' . $_SERVER['HTTP_HOST'] . Kohana::config('config.site_domain'); if ($settings['site_email'] != NULL) { $to = $email; $from = $settings['site_email']; $subject = 'Your deployment at ' . $settings['site_name']; $message = 'Your new site, ' . $post->signup_instance_name . ' has been set up.' . "\n"; $message .= 'Admin URL: ' . $new_site_url . 'admin' . "\n"; $message .= 'Username: '******'Password: (hidden)' . "\n"; email::send($to, $from, $subject, $message, FALSE); } Mhi_Log_Model::log($user_id, 3, 'Deployment Created: ' . strtolower($post->signup_subdomain)); } else { if (isset($_POST['signup_password'])) { unset($_POST['signup_password']); } if (isset($_POST['signup_confirm_password'])) { unset($_POST['signup_confirm_password']); } if (isset($_POST['verify_password'])) { unset($_POST['verify_password']); } Mhi_Log_Model::log($mhi_user_id, 8, 'Variables: ' . print_r($_POST, true) . ' * ' . print_r($post->errors('form_error_messages'), true)); throw new Kohana_User_Exception('Validation Error', "Form not validating. Please go back and try again."); } } else { // If the form was never posted, we need to complain about it. throw new Kohana_User_Exception('Incomplete Form', "Form not posted."); } return array('errors' => $errors, 'form' => $form, 'form_error' => $form_error); }