コード例 #1
0
ファイル: prepare.php プロジェクト: hypnomez/opir.org
$rc = $Config->route;
/**
 * If user is registered, provider not found or this is request for final authentication and session does not corresponds - return user to the base url
 */
if ($User->user() && (!isset($rc[0]) || $rc[0] != 'merge_confirmation') || !(isset($rc[0]) && (isset($Config->module('HybridAuth')->providers[$rc[0]]) && $Config->module('HybridAuth')->providers[$rc[0]]['enabled'] || $rc[0] == 'merge_confirmation' && isset($rc[1]))) || isset($rc[2]) && strpos($rc[2], $User->get_session()) !== 0) {
    header('Location: ' . (_getcookie('HybridAuth_referer') ?: $Config->base_url()));
    code_header(301);
    interface_off();
    return;
}
/**
 * Merging confirmation
 */
$db_id = $Config->module('HybridAuth')->db('integration');
$db = DB::instance();
$Key = Key::instance();
$L = Language::instance();
if (isset($rc[1]) && $rc[0] == 'merge_confirmation') {
    /**
     * If confirmation key is valid - make merging
     */
    if ($data = $Key->get($db_id, $rc[1], true)) {
        $db->{$db_id}()->q("INSERT INTO `[prefix]users_social_integration`\n\t\t\t\t(\n\t\t\t\t\t`id`,\n\t\t\t\t\t`provider`,\n\t\t\t\t\t`identifier`,\n\t\t\t\t\t`profile`\n\t\t\t\t) VALUES (\n\t\t\t\t\t'%s',\n\t\t\t\t\t'%s',\n\t\t\t\t\t'%s',\n\t\t\t\t\t'%s'\n\t\t\t\t)\n\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\t`id`\t\t= VALUES(`id`),\n\t\t\t\t`profile`\t= VALUES(`profile`)", $data['id'], $data['provider'], $data['identifier'], $data['profile']);
        $User->del_session_data('HybridAuth');
        $HybridAuth = get_hybridauth_instance($data['provider']);
        $adapter = $HybridAuth->getAdapter($data['provider']);
        $User->set_data('HybridAuth_session', array_merge($User->get_data('HybridAuth_session') ?: [], unserialize($HybridAuth->getSessionData())));
        if ($User->get('status', $data['id']) == User::STATUS_NOT_ACTIVATED) {
            $User->set('status', User::STATUS_ACTIVE, $data['id']);
        }
        Trigger::instance()->run('HybridAuth/add_session/before', ['adapter' => $adapter, 'provider' => $data['provider']]);
コード例 #2
0
ファイル: User.php プロジェクト: hypnomez/opir.org
 /**
  * Defining user id, type, session, personal settings
  */
 function construct()
 {
     $Cache = $this->cache = new Prefix('users');
     $Config = Config::instance();
     Trigger::instance()->run('System/User/construct/before');
     $this->users_columns = $Cache->get('columns', function () {
         return $this->db()->columns('[prefix]users');
     });
     /**
      * Detecting of current user
      * Last part in page path - key
      */
     $rc = $Config->route;
     if ($this->user_agent == 'CleverStyle CMS' && ($this->get_sign_in_attempts_count(hash('sha224', 0)) < $Config->core['sign_in_attempts_block_count'] || $Config->core['sign_in_attempts_block_count'] == 0) && count($rc) > 1 && ($key_data = Key::instance()->get($Config->module('System')->db('keys'), $key = array_slice($rc, -1)[0], true)) && is_array($key_data)) {
         if ($this->current['is']['system'] = $key_data['url'] == $Config->server['host'] . '/' . $Config->server['raw_relative_address']) {
             $this->current['is']['admin'] = true;
             interface_off();
             $_POST['data'] = _json_decode($_POST['data']);
             Trigger::instance()->run('System/User/construct/after');
             return;
         } else {
             $this->current['is']['guest'] = true;
             /**
              * Simulate a bad sign in to block access
              */
             $this->sign_in_result(false, hash('sha224', 'system'));
             unset($_POST['data']);
             sleep(1);
         }
     }
     unset($key_data, $key, $rc);
     /**
      * If session exists
      */
     if (_getcookie('session')) {
         $this->id = $this->get_session_user();
         /**
          * Try to detect bot, not necessary for API request
          */
     } elseif (!API) {
         /**
          * Loading bots list
          */
         $bots = $Cache->get('bots', function () {
             return $this->db()->qfa(["SELECT\n\t\t\t\t\t\t`u`.`id`,\n\t\t\t\t\t\t`u`.`login`,\n\t\t\t\t\t\t`u`.`email`\n\t\t\t\t\tFROM `[prefix]users` AS `u`\n\t\t\t\t\t\tINNER JOIN `[prefix]users_groups` AS `g`\n\t\t\t\t\tON `u`.`id` = `g`.`id`\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t`g`.`group`\t\t= '%s' AND\n\t\t\t\t\t\t`u`.`status`\t= '%s'", self::BOT_GROUP_ID, self::STATUS_ACTIVE]) ?: [];
         });
         /**
          * For bots: login is user agent, email is IP
          */
         $bot_hash = hash('sha224', $this->user_agent . $this->ip);
         /**
          * If list is not empty - try to find bot
          */
         if (is_array($bots) && !empty($bots)) {
             /**
              * Load data
              */
             if (($this->id = $Cache->{$bot_hash}) === false) {
                 /**
                  * If no data - try to find bot in list of known bots
                  */
                 foreach ($bots as $bot) {
                     if ($bot['login'] && (strpos($this->user_agent, $bot['login']) !== false || _preg_match($bot['login'], $this->user_agent))) {
                         $this->id = $bot['id'];
                         break;
                     }
                     if ($bot['email'] && ($this->ip == $bot['email'] || _preg_match($bot['email'], $this->ip))) {
                         $this->id = $bot['id'];
                         break;
                     }
                 }
                 unset($bots, $bot, $login, $email);
                 /**
                  * If found id - this is bot
                  */
                 if ($this->id) {
                     $Cache->{$bot_hash} = $this->id;
                     /**
                      * Searching for last bot session, if exists - load it, otherwise create new one
                      */
                     $last_session = $this->get_data('last_session');
                     $id = $this->id;
                     if ($last_session) {
                         $this->get_session_user($last_session);
                     }
                     if (!$last_session || $this->id == self::GUEST_ID) {
                         $this->add_session($id);
                         $this->set_data('last_session', $this->get_session());
                     }
                     unset($id, $last_session);
                 }
             }
         }
         unset($bots, $bot_hash);
     }
     if (!$this->id) {
         $this->id = self::GUEST_ID;
         /**
          * Do not create session for API request
          */
         if (!API) {
             $this->add_session();
         }
     }
     $this->update_user_is();
     /**
      * If not guest - apply some individual settings
      */
     if ($this->id != self::GUEST_ID) {
         if ($this->timezone && date_default_timezone_get() != $this->timezone) {
             date_default_timezone_set($this->timezone);
         }
         if ($Config->core['multilingual']) {
             Language::instance()->change($this->language);
         }
     } elseif ($Config->core['multilingual']) {
         /**
          * Automatic detection of current language for guest
          */
         Language::instance()->change('');
     }
     /**
      * Security check
      */
     if (!isset($_REQUEST['session']) || $_REQUEST['session'] != $this->get_session()) {
         $_REQUEST = array_diff_key($_REQUEST, $_POST);
         $_POST = [];
     }
     $this->init = true;
     Trigger::instance()->run('System/User/construct/after');
 }
コード例 #3
0
ファイル: Core.php プロジェクト: hypnomez/opir.org
 /**
  * Sending of api request to the specified host
  *
  * @param string	$url	With prefix <i>https://</b> (<i>http://</b> can be missed), and (if necessary) with port address
  * @param mixed		$data	Any type of data, will be accessible through <i>$_POST['data']</b>
  *
  * @return bool|string		Result or <i>false</i> at error
  */
 protected function send($url, $data)
 {
     if (!Config::instance(true)) {
         return false;
     }
     $Key = Key::instance();
     $protocol = 'http';
     if (mb_strpos($url, '://') !== false) {
         list($protocol, $url) = explode('://', $url);
     }
     $database = Config::instance()->module('System')->db('keys');
     $key = $Key->generate($database);
     $url .= "/{$key}";
     $Key->add($database, $key, ['url' => $url], time() + 30);
     list($host, $url) = explode('/', $url, 2);
     $host = explode(':', $host);
     $socket = fsockopen($host[0], isset($host[1]) ? $host[1] : $protocol == 'http' ? 80 : 443, $errno, $errstr);
     $host = implode(':', $host);
     if (!is_resource($socket)) {
         trigger_error("#{$errno} {$errstr}", E_USER_WARNING);
         return false;
     }
     $data = 'data=' . urlencode(json_encode($data));
     time_limit_pause();
     fwrite($socket, "POST /{$url} HTTP/1.1\r\n" . "Host: {$host}\r\n" . "Content-Type: application/x-www-form-urlencoded\r\n" . "Content-length:" . strlen($data) . "\r\n" . "Accept:*/*\r\n" . "User-agent: CleverStyle CMS\r\n\r\n" . "{$data}\r\n\r\n");
     $return = explode("\r\n\r\n", stream_get_contents($socket), 2);
     time_limit_pause(false);
     fclose($socket);
     return $return[1];
 }