/**
* Fetch admin IDs
*/
public static function get_admin_ids()
{
if (!Container::get('cache')->isCached('admin_ids')) {
Container::get('cache')->store('admin_ids', \FeatherBB\Model\Cache::get_admin_ids());
}
return Container::get('cache')->retrieve('admin_ids');
}
public function login()
{
if (!$this->feather->user->is_guest) {
Url::redirect($this->feather->urlFor('home'), 'Already logged in');
}
if ($this->feather->request->isPost()) {
$this->feather->hooks->fire('login_start');
$form_username = Utils::trim($this->feather->request->post('req_username'));
$form_password = Utils::trim($this->feather->request->post('req_password'));
$save_pass = (bool) $this->feather->request->post('save_pass');
$user = ModelAuth::get_user_from_name($form_username);
if (!empty($user->password)) {
$form_password_hash = Random::hash($form_password);
// Will result in a SHA-1 hash
if ($user->password == $form_password_hash) {
if ($user->group_id == $this->feather->forum_env['FEATHER_UNVERIFIED']) {
ModelAuth::update_group($user->id, $this->feather->forum_settings['o_default_user_group']);
if (!$this->feather->cache->isCached('users_info')) {
$this->feather->cache->store('users_info', Cache::get_users_info());
}
}
ModelAuth::delete_online_by_ip($this->feather->request->getIp());
// Reset tracked topics
Track::set_tracked_topics(null);
$expire = $save_pass ? $this->feather->now + 1209600 : $this->feather->now + $this->feather->forum_settings['o_timeout_visit'];
$expire = $this->feather->hooks->fire('expire_login', $expire);
ModelAuth::feather_setcookie($user->id, $form_password_hash, $expire);
Url::redirect($this->feather->urlFor('home'), __('Login redirect'));
}
}
throw new Error(__('Wrong user/pass') . ' <a href="' . $this->feather->urlFor('resetPassword') . '">' . __('Forgotten pass') . '</a>', 403);
} else {
$this->feather->template->setPageInfo(array('active_page' => 'login', 'title' => array(Utils::escape($this->feather->forum_settings['o_board_title']), __('Login')), 'required_fields' => array('req_username' => __('Username'), 'req_password' => __('Password')), 'focus_element' => array('login', 'req_username')))->addTemplate('login/form.php')->display();
}
}
public function validate_search_word($word, $idx)
{
static $stopwords;
// If the word is a keyword we don't want to index it, but we do want to be allowed to search it
if ($this->is_keyword($word)) {
return !$idx;
}
if (!isset($stopwords)) {
if (!$this->feather->cache->isCached('stopwords')) {
$this->feather->cache->store('stopwords', \FeatherBB\Model\Cache::get_config(), '+1 week');
}
$stopwords = $this->feather->cache->retrieve('stopwords');
}
// If it is a stopword it isn't valid
if (in_array($word, $stopwords)) {
return false;
}
// If the word is CJK we don't want to index it, but we do want to be allowed to search it
if ($this->is_cjk($word)) {
return !$idx;
}
// Exclude % and * when checking whether current word is valid
$word = str_replace(array('%', '*'), '', $word);
// Check the word is within the min/max length
$num_chars = Utils::strlen($word);
return $num_chars >= $this->feather->forum_env['FEATHER_SEARCH_MIN_WORD'] && $num_chars <= $this->feather->forum_env['FEATHER_SEARCH_MAX_WORD'];
}
/**
* Fetch admin IDs
*/
public static function get_admin_ids()
{
self::$feather = \Slim\Slim::getInstance();
if (!self::$feather->cache->isCached('admin_ids')) {
self::$feather->cache->store('admin_ids', \FeatherBB\Model\Cache::get_admin_ids());
}
return self::$feather->cache->retrieve('admin_ids');
}
public function remove_word()
{
$id = intval(key($this->request->post('remove')));
$id = $this->hook->fire('remove_censoring_word_start', $id);
$result = DB::for_table('censoring')->find_one($id);
$result = $this->hook->fireDB('remove_censoring_word', $result);
$result = $result->delete();
// Regenerate the censoring cache
$this->feather->cache->store('search_for', Cache::get_censoring('search_for'));
$this->feather->cache->store('replace_with', Cache::get_censoring('replace_with'));
Url::redirect($this->feather->urlFor('adminCensoring'), __('Word removed redirect'));
}
public function remove_word()
{
$id = intval(key(Input::post('remove')));
$id = Container::get('hooks')->fire('model.admin.censoring.remove_censoring_word_start', $id);
$result = DB::for_table('censoring')->find_one($id);
$result = Container::get('hooks')->fireDB('model.admin.censoring.remove_censoring_word', $result);
$result = $result->delete();
// Regenerate the censoring cache
Container::get('cache')->store('search_for', Cache::get_censoring('search_for'));
Container::get('cache')->store('replace_with', Cache::get_censoring('replace_with'));
return Router::redirect(Router::pathFor('adminCensoring'), __('Word removed redirect'));
}
public function edit_categories()
{
if (empty($this->request->post('cat'))) {
throw new Error(__('Bad request'), '400');
}
foreach ($this->request->post('cat') as $cat_id => $properties) {
$category = array('id' => (int) $cat_id, 'name' => Utils::escape($properties['name']), 'order' => (int) $properties['order']);
if ($category['name'] == '') {
Url::redirect($this->feather->urlFor('adminCategories'), __('Must enter name message'));
}
$this->model->update_category($category);
}
// Regenerate the quick jump cache
$this->feather->cache->store('quickjump', Cache::get_quickjump());
Url::redirect($this->feather->urlFor('adminCategories'), __('Categories updated redirect'));
}
public function edit($req, $res, $args)
{
Container::get('hooks')->fire('controller.admin.categories.edit');
if (empty(Input::post('cat'))) {
throw new Error(__('Bad request'), '400');
}
foreach (Input::post('cat') as $cat_id => $properties) {
$category = array('id' => (int) $cat_id, 'name' => Utils::escape($properties['name']), 'order' => (int) $properties['order']);
if ($category['name'] == '') {
return Router::redirect(Router::pathFor('adminCategories'), __('Must enter name message'));
}
$this->model->update_category($category);
}
// Regenerate the quick jump cache
Container::get('cache')->store('quickjump', Cache::get_quickjump());
return Router::redirect(Router::pathFor('adminCategories'), __('Categories updated redirect'));
}
public function login()
{
$this->hook->fire('login_start');
$form_username = Utils::trim($this->request->post('req_username'));
$form_password = Utils::trim($this->request->post('req_password'));
$save_pass = $this->request->post('save_pass');
$user = DB::for_table('users')->where('username', $form_username);
$user = $this->hook->fireDB('find_user_login', $user);
$user = $user->find_one();
$authorized = false;
if (!empty($user->password)) {
$form_password_hash = Random::hash($form_password);
// Will result in a SHA-1 hash
$authorized = $user->password == $form_password_hash;
}
$authorized = $this->hook->fire('authorized_login', $authorized);
if (!$authorized) {
throw new Error(__('Wrong user/pass') . ' <a href="' . $this->feather->urlFor('resetPassword') . '">' . __('Forgotten pass') . '</a>', 403);
}
// Update the status if this is the first time the user logged in
if ($user->group_id == $this->feather->forum_env['FEATHER_UNVERIFIED']) {
$update_usergroup = DB::for_table('users')->where('id', $user->id)->find_one()->set('group_id', $this->config['o_default_user_group']);
$update_usergroup = $this->hook->fireDB('update_usergroup_login', $update_usergroup);
$update_usergroup = $update_usergroup->save();
// Regenerate the users info cache
if (!$this->feather->cache->isCached('users_info')) {
$this->feather->cache->store('users_info', Cache::get_users_info());
}
$stats = $this->feather->cache->retrieve('users_info');
}
// Remove this user's guest entry from the online list
$delete_online = DB::for_table('online')->where('ident', $this->request->getIp());
$delete_online = $this->hook->fireDB('delete_online_login', $delete_online);
$delete_online = $delete_online->delete_many();
$expire = $save_pass == '1' ? time() + 1209600 : time() + $this->config['o_timeout_visit'];
$expire = $this->hook->fire('expire_login', $expire);
$this->auth->feather_setcookie($user->id, $form_password_hash, $expire);
// Reset tracked topics
Track::set_tracked_topics(null);
// Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after login)
$redirect_url = $this->request->post('redirect_url');
$redirect_url = $this->hook->fire('redirect_url_login', $redirect_url);
Url::redirect(Utils::escape($redirect_url), __('Login redirect'));
}
public function update_permissions()
{
$form = array_map('intval', $this->request->post('form'));
$form = $this->hook->fire('permissions.update_permissions.form', $form);
foreach ($form as $key => $input) {
// Make sure the input is never a negative value
if ($input < 0) {
$input = 0;
}
// Only update values that have changed
if (array_key_exists('p_' . $key, $this->config) && $this->config['p_' . $key] != $input) {
DB::for_table('config')->where('conf_name', 'p_' . $key)->update_many('conf_value', $input);
}
}
// Regenerate the config cache
$this->feather->cache->store('config', Cache::get_config());
// $this->clear_feed_cache();
Url::redirect($this->feather->urlFor('adminPermissions'), __('Perms updated redirect'));
}
public function update_permissions()
{
$form = array_map('intval', Input::post('form'));
$form = Container::get('hooks')->fire('model.admin.permissions.update_permissions.form', $form);
foreach ($form as $key => $input) {
// Make sure the input is never a negative value
if ($input < 0) {
$input = 0;
}
// Only update values that have changed
if (array_key_exists('p_' . $key, Container::get('forum_settings')) && ForumSettings::get('p_' . $key) != $input) {
DB::for_table('config')->where('conf_name', 'p_' . $key)->update_many('conf_value', $input);
}
}
// Regenerate the config cache
Container::get('cache')->store('config', Cache::get_config());
// $this->clear_feed_cache();
return Router::redirect(Router::pathFor('adminPermissions'), __('Perms updated redirect'));
}
public function login($req, $res, $args)
{
if (!User::get()->is_guest) {
return Router::redirect(Router::pathFor('home'), 'Already logged in');
}
if (Request::isPost()) {
Container::get('hooks')->fire('controller.login');
$form_username = Input::post('req_username');
$form_password = Input::post('req_password');
$save_pass = (bool) Input::post('save_pass');
$user = ModelAuth::get_user_from_name($form_username);
if (!empty($user->password)) {
$form_password_hash = Random::hash($form_password);
// Will result in a SHA-1 hash
if ($user->password == $form_password_hash) {
if ($user->group_id == ForumEnv::get('FEATHER_UNVERIFIED')) {
ModelAuth::update_group($user->id, ForumSettings::get('o_default_user_group'));
if (!Container::get('cache')->isCached('users_info')) {
Container::get('cache')->store('users_info', Cache::get_users_info());
}
}
ModelAuth::delete_online_by_ip(Utils::getIp());
// Reset tracked topics
Track::set_tracked_topics(null);
$expire = $save_pass ? Container::get('now') + 1209600 : Container::get('now') + ForumSettings::get('o_timeout_visit');
$expire = Container::get('hooks')->fire('controller.expire_login', $expire);
$jwt = ModelAuth::generate_jwt($user, $expire);
ModelAuth::feather_setcookie('Bearer ' . $jwt, $expire);
return Router::redirect(Router::pathFor('home'), __('Login redirect'));
} else {
throw new Error(__('Wrong user/pass') . ' <a href="' . Router::pathFor('resetPassword') . '">' . __('Forgotten pass') . '</a>', 403);
}
}
} else {
View::setPageInfo(array('active_page' => 'login', 'title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Login')), 'required_fields' => array('req_username' => __('Username'), 'req_password' => __('Password')), 'focus_element' => array('login', 'req_username')))->addTemplate('login/form.php')->display();
}
}
public function insert_user($user)
{
$user = Container::get('hooks')->fire('model.register.insert_user_start', $user);
// Insert the new user into the database. We do this now to get the last inserted ID for later use
$now = time();
$intial_group_id = ForumSettings::get('o_regs_verify') == '0' ? ForumSettings::get('o_default_user_group') : ForumEnv::get('FEATHER_UNVERIFIED');
$password_hash = Random::hash($user['password1']);
// Add the user
$user['insert'] = array('username' => $user['username'], 'group_id' => $intial_group_id, 'password' => $password_hash, 'email' => $user['email1'], 'email_setting' => ForumSettings::get('o_default_email_setting'), 'timezone' => ForumSettings::get('o_default_timezone'), 'dst' => 0, 'language' => $user['language'], 'style' => ForumSettings::get('o_default_style'), 'registered' => $now, 'registration_ip' => Utils::getIp(), 'last_visit' => $now);
$user = DB::for_table('users')->create()->set($user['insert']);
$user = Container::get('hooks')->fireDB('model.register.insert_user_query', $user);
$user = $user->save();
$new_uid = DB::get_db()->lastInsertId(ForumSettings::get('db_prefix') . 'users');
// If the mailing list isn't empty, we may need to send out some alerts
if (ForumSettings::get('o_mailing_list') != '') {
// If we previously found out that the email was banned
if (isset($user['banned_email'])) {
// Load the "banned email register" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/banned_email_register.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.register.insert_user_banned_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.register.insert_user_banned_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<email>', $user['email1'], $mail_message);
$mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.register.insert_user_banned_mail_message', $mail_message);
Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
}
// If we previously found out that the email was a dupe
if (!empty($dupe_list)) {
// Load the "dupe email register" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/dupe_email_register.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
$mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_message', $mail_message);
Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
}
// Should we alert people on the admin mailing list that a new user has registered?
if (ForumSettings::get('o_regs_report') == '1') {
// Load the "new user" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/new_user.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.register.insert_user_new_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.register.insert_user_new_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<base_url>', Router::pathFor('home'), $mail_message);
$mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<admin_url>', Router::pathFor('profileSection', ['id' => $new_uid, 'section' => 'admin']), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.register.insert_user_new_mail_message', $mail_message);
Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
}
}
// Must the user verify the registration or do we log him/her in right now?
if (ForumSettings::get('o_regs_verify') == '1') {
// Load the "welcome" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/welcome.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_subject = str_replace('<board_title>', ForumSettings::get('o_board_title'), $mail_subject);
$mail_message = str_replace('<base_url>', Router::pathFor('home'), $mail_message);
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<password>', $user['password1'], $mail_message);
$mail_message = str_replace('<login_url>', Router::pathFor('login'), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_message', $mail_message);
Container::get('email')->feather_mail($user['email1'], $mail_subject, $mail_message);
return Router::redirect(Router::pathFor('home'), __('Reg email') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.');
}
$user_object = new \stdClass();
$user_object->id = $new_uid;
$user_object->username = $user['username'];
$expire = time() + ForumSettings::get('o_timeout_visit');
$jwt = AuthModel::generate_jwt($user_object, $expire);
AuthModel::feather_setcookie('Bearer ' . $jwt, $expire);
// Refresh cache
Container::get('cache')->store('users_info', Cache::get_users_info());
Container::get('hooks')->fire('model.register.insert_user');
return Router::redirect(Router::pathFor('home'), __('Reg complete'));
}
protected function getDefaultPageInfo()
{
// Check if config file exists to avoid error when installing forum
if (!Container::get('cache')->isCached('quickjump') && is_file(ForumEnv::get('FORUM_CONFIG_FILE'))) {
Container::get('cache')->store('quickjump', \FeatherBB\Model\Cache::get_quickjump());
}
$title = Container::get('forum_settings') ? ForumSettings::get('o_board_title') : 'FeatherBB';
$data = array('title' => Utils::escape($title), 'page_number' => null, 'active_page' => 'index', 'focus_element' => null, 'is_indexed' => true, 'admin_console' => false, 'page_head' => null, 'paging_links' => null, 'required_fields' => null, 'footer_style' => null, 'quickjump' => Container::get('cache')->retrieve('quickjump'), 'fid' => null, 'pid' => null, 'tid' => null);
if (is_object(User::get()) && User::get()->is_admmod) {
$data['has_reports'] = \FeatherBB\Model\Admin\Reports::has_reports();
}
if (ForumEnv::get('FEATHER_SHOW_INFO')) {
$data['exec_info'] = \FeatherBB\Model\Debug::get_info();
if (ForumEnv::get('FEATHER_SHOW_QUERIES')) {
$data['queries_info'] = \FeatherBB\Model\Debug::get_queries();
}
}
return $data;
}
public function __invoke($req, $res, $next)
{
// Set headers
$res = $this->set_headers($res);
// Block prefetch requests
if (isset($this->app->environment['HTTP_X_MOZ']) && $this->app->environment['HTTP_X_MOZ'] == 'prefetch') {
return $this->app->response->setStatus(403);
// Send forbidden header
}
// Populate Slim object with forum_env vars
Container::set('forum_env', $this->forum_env);
// Load FeatherBB utils class
Container::set('utils', function ($container) {
return new Utils();
});
// Record start time
Container::set('start', Utils::get_microtime());
// Define now var
Container::set('now', function () {
return time();
});
// Load FeatherBB cache
Container::set('cache', function ($container) {
$path = $this->forum_env['FORUM_CACHE_DIR'];
return new \FeatherBB\Core\Cache(array('name' => 'feather', 'path' => $path, 'extension' => '.cache'));
});
// Load FeatherBB permissions
Container::set('perms', function ($container) {
return new \FeatherBB\Core\Permissions();
});
// Load FeatherBB preferences
Container::set('prefs', function ($container) {
return new \FeatherBB\Core\Preferences();
});
// Load FeatherBB view
Container::set('template', function ($container) {
return new View();
});
// Load FeatherBB url class
Container::set('url', function ($container) {
return new Url();
});
// Load FeatherBB hooks
Container::set('hooks', function ($container) {
return new Hooks();
});
// Load FeatherBB email class
Container::set('email', function ($container) {
return new Email();
});
Container::set('parser', function ($container) {
return new Parser();
});
// Set cookies
Container::set('cookie', function ($container) {
$request = $container->get('request');
return new \Slim\Http\Cookies($request->getCookieParams());
});
Container::set('flash', function ($c) {
return new \Slim\Flash\Messages();
});
// This is the very first hook fired
Container::get('hooks')->fire('core.start');
if (!is_file(ForumEnv::get('FORUM_CONFIG_FILE'))) {
// Reset cache
Container::get('cache')->flush();
$installer = new \FeatherBB\Controller\Install();
return $installer->run();
}
// Load config from disk
include ForumEnv::get('FORUM_CONFIG_FILE');
if (isset($featherbb_config) && is_array($featherbb_config)) {
$this->forum_settings = array_merge(self::load_default_forum_settings(), $featherbb_config);
} else {
$this->app->response->setStatus(500);
// Send forbidden header
return $this->app->response->setBody('Wrong config file format');
}
// Init DB and configure Slim
self::init_db($this->forum_settings, ForumEnv::get('FEATHER_SHOW_INFO'));
Config::set('displayErrorDetails', ForumEnv::get('FEATHER_DEBUG'));
if (!Container::get('cache')->isCached('config')) {
Container::get('cache')->store('config', \FeatherBB\Model\Cache::get_config());
}
// Finalize forum_settings array
$this->forum_settings = array_merge(Container::get('cache')->retrieve('config'), $this->forum_settings);
Container::set('forum_settings', $this->forum_settings);
// Set default style and assets
Container::get('template')->setStyle(ForumSettings::get('o_default_style'));
Container::get('template')->addAsset('js', 'style/themes/FeatherBB/phone.min.js');
// Run activated plugins
self::loadPlugins();
// Define time formats and add them to the container
Container::set('forum_time_formats', array(ForumSettings::get('o_time_format'), 'H:i:s', 'H:i', 'g:i:s a', 'g:i a'));
Container::set('forum_date_formats', array(ForumSettings::get('o_date_format'), 'Y-m-d', 'Y-d-m', 'd-m-Y', 'm-d-Y', 'M j Y', 'jS M Y'));
// Call FeatherBBAuth middleware
return $next($req, $res);
}
public function call()
{
global $forum_time_formats, $forum_date_formats;
// Legacy
// Set headers
$this->set_headers();
// Block prefetch requests
if (isset($this->app->environment['HTTP_X_MOZ']) && $this->app->environment['HTTP_X_MOZ'] == 'prefetch') {
return $this->app->response->setStatus(403);
// Send forbidden header
}
// Populate Slim object with forum_env vars
$this->hydrate('forum_env', $this->forum_env);
// Load FeatherBB utils class
$this->app->container->singleton('utils', function () {
return new Utils();
});
// Record start time
$this->app->start = Utils::get_microtime();
// Define now var
$this->app->now = function () {
return time();
};
// Load FeatherBB cache
$this->app->container->singleton('cache', function ($container) {
$path = $container->forum_env['FORUM_CACHE_DIR'];
return new \FeatherBB\Core\Cache(array('name' => 'feather', 'path' => $path, 'extension' => '.cache'));
});
// Load FeatherBB view
$this->app->container->singleton('template', function () {
return new \FeatherBB\Core\View();
});
// Load FeatherBB url class
$this->app->container->singleton('url', function () {
return new \FeatherBB\Core\Url();
});
// Load FeatherBB hooks
$this->app->container->singleton('hooks', function () {
return new \FeatherBB\Core\Hooks();
});
// Load FeatherBB email class
$this->app->container->singleton('email', function () {
return new \FeatherBB\Core\Email();
});
$this->app->container->singleton('parser', function () {
return new \FeatherBB\Core\Parser();
});
// This is the very first hook fired
$this->app->hooks->fire('core.start');
if (!is_file($this->forum_env['FORUM_CONFIG_FILE'])) {
$installer = new \FeatherBB\Controller\Install();
$installer->run();
return;
}
// Load config from disk
include $this->forum_env['FORUM_CONFIG_FILE'];
if (isset($featherbb_config) && is_array($featherbb_config)) {
$this->forum_settings = array_merge(self::load_default_forum_settings(), $featherbb_config);
} else {
$this->app->response->setStatus(500);
// Send forbidden header
return $this->app->response->setBody('Wrong config file format');
}
// Init DB and configure Slim
self::init_db($this->forum_settings, $this->forum_env['FEATHER_SHOW_INFO']);
$this->app->config(array('debug' => $this->forum_env['FEATHER_DEBUG'], 'cookies.encrypt' => true, 'cookies.secret_key' => $this->forum_settings['cookie_seed']));
if (!$this->app->cache->isCached('config')) {
$this->app->cache->store('config', \FeatherBB\Model\Cache::get_config());
}
// Finalize forum_settings array
$this->forum_settings = array_merge($this->app->cache->retrieve('config'), $this->forum_settings);
// Set default style and assets
$this->app->template->setStyle($this->forum_settings['o_default_style']);
$this->app->template->addAsset('js', 'style/themes/FeatherBB/phone.min.js');
// Populate FeatherBB Slim object with forum_settings vars
$this->hydrate('forum_settings', $this->forum_settings);
$this->app->config = $this->forum_settings;
// Legacy
extract($this->forum_settings);
// Legacy
// Run activated plugins
self::loadPlugins();
// Define time formats
$forum_time_formats = array($this->forum_settings['o_time_format'], 'H:i:s', 'H:i', 'g:i:s a', 'g:i a');
$forum_date_formats = array($this->forum_settings['o_date_format'], 'Y-m-d', 'Y-d-m', 'd-m-Y', 'm-d-Y', 'M j Y', 'jS M Y');
// Call FeatherBBAuth middleware
$this->next->call();
}
public function update_profile($id, $info, $section)
{
$info = Container::get('hooks')->fire('model.profile.update_profile_start', $info, $id, $section);
$username_updated = false;
$section = Container::get('hooks')->fire('model.profile.update_profile_section', $section, $id, $info);
// Validate input depending on section
switch ($section) {
case 'essentials':
$form = array('timezone' => floatval(Input::post('form_timezone')), 'dst' => Input::post('form_dst') ? '1' : '0', 'time_format' => intval(Input::post('form_time_format')), 'date_format' => intval(Input::post('form_date_format')));
// Make sure we got a valid language string
if (Input::post('form_language')) {
$languages = \FeatherBB\Core\Lister::getLangs();
$form['language'] = Utils::trim(Input::post('form_language'));
if (!in_array($form['language'], $languages)) {
throw new Error(__('Bad request'), 404);
}
}
if (User::get()->is_admmod) {
$form['admin_note'] = Utils::trim(Input::post('admin_note'));
// Are we allowed to change usernames?
if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN') || User::get()->g_moderator == '1' && User::get()->g_mod_rename_users == '1') {
$form['username'] = Utils::trim(Input::post('req_username'));
if ($form['username'] != $info['old_username']) {
$errors = '';
$errors = $this->check_username($form['username'], $errors, $id);
if (!empty($errors)) {
throw new Error($errors[0]);
}
$username_updated = true;
}
}
// We only allow administrators to update the post count
if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN')) {
$form['num_posts'] = intval(Input::post('num_posts'));
}
}
if (ForumSettings::get('o_regs_verify') == '0' || User::get()->is_admmod) {
// Validate the email address
$form['email'] = strtolower(Utils::trim(Input::post('req_email')));
if (!Container::get('email')->is_valid_email($form['email'])) {
throw new Error(__('Invalid email'));
}
}
break;
case 'personal':
$form = array('realname' => Input::post('form_realname') ? Utils::trim(Input::post('form_realname')) : '', 'url' => Input::post('form_url') ? Utils::trim(Input::post('form_url')) : '', 'location' => Input::post('form_location') ? Utils::trim(Input::post('form_location')) : '');
// Add http:// if the URL doesn't contain it already (while allowing https://, too)
if (User::get()->g_post_links == '1') {
if ($form['url'] != '') {
$url = Url::is_valid($form['url']);
if ($url === false) {
throw new Error(__('Invalid website URL'));
}
$form['url'] = $url['url'];
}
} else {
if (!empty($form['url'])) {
throw new Error(__('Website not allowed'));
}
$form['url'] = '';
}
if (User::get()->g_id == ForumEnv::get('FEATHER_ADMIN')) {
$form['title'] = Utils::trim(Input::post('title'));
} elseif (User::get()->g_set_title == '1') {
$form['title'] = Utils::trim(Input::post('title'));
if ($form['title'] != '') {
// A list of words that the title may not contain
// If the language is English, there will be some duplicates, but it's not the end of the world
$forbidden = array('member', 'moderator', 'administrator', 'banned', 'guest', utf8_strtolower(__('Member')), utf8_strtolower(__('Moderator')), utf8_strtolower(__('Administrator')), utf8_strtolower(__('Banned')), utf8_strtolower(__('Guest')));
if (in_array(utf8_strtolower($form['title']), $forbidden)) {
throw new Error(__('Forbidden title'));
}
}
}
break;
case 'messaging':
$form = array('jabber' => Utils::trim(Input::post('form_jabber')), 'icq' => Utils::trim(Input::post('form_icq')), 'msn' => Utils::trim(Input::post('form_msn')), 'aim' => Utils::trim(Input::post('form_aim')), 'yahoo' => Utils::trim(Input::post('form_yahoo')));
// If the ICQ UIN contains anything other than digits it's invalid
if (preg_match('%[^0-9]%', $form['icq'])) {
throw new Error(__('Bad ICQ'));
}
break;
case 'personality':
$form = array();
// Clean up signature from POST
if (ForumSettings::get('o_signatures') == '1') {
$form['signature'] = Utils::linebreaks(Utils::trim(Input::post('signature')));
// Validate signature
if (Utils::strlen($form['signature']) > ForumSettings::get('p_sig_length')) {
throw new Error(sprintf(__('Sig too long'), ForumSettings::get('p_sig_length'), Utils::strlen($form['signature']) - ForumSettings::get('p_sig_length')));
} elseif (substr_count($form['signature'], "\n") > ForumSettings::get('p_sig_lines') - 1) {
throw new Error(sprintf(__('Sig too many lines'), ForumSettings::get('p_sig_lines')));
} elseif ($form['signature'] && ForumSettings::get('p_sig_all_caps') == '0' && Utils::is_all_uppercase($form['signature']) && !User::get()->is_admmod) {
$form['signature'] = utf8_ucwords(utf8_strtolower($form['signature']));
}
// Validate BBCode syntax
if (ForumSettings::get('p_sig_bbcode') == '1') {
$errors = array();
$form['signature'] = Container::get('parser')->preparse_bbcode($form['signature'], $errors, true);
if (count($errors) > 0) {
throw new Error('<ul><li>' . implode('</li><li>', $errors) . '</li></ul>');
}
}
}
break;
case 'display':
$form = array('disp_topics' => Utils::trim(Input::post('form_disp_topics')), 'disp_posts' => Utils::trim(Input::post('form_disp_posts')), 'show_smilies' => Input::post('form_show_smilies') ? '1' : '0', 'show_img' => Input::post('form_show_img') ? '1' : '0', 'show_img_sig' => Input::post('form_show_img_sig') ? '1' : '0', 'show_avatars' => Input::post('form_show_avatars') ? '1' : '0', 'show_sig' => Input::post('form_show_sig') ? '1' : '0');
if ($form['disp_topics'] != '') {
$form['disp_topics'] = intval($form['disp_topics']);
if ($form['disp_topics'] < 3) {
$form['disp_topics'] = 3;
} elseif ($form['disp_topics'] > 75) {
$form['disp_topics'] = 75;
}
}
if ($form['disp_posts'] != '') {
$form['disp_posts'] = intval($form['disp_posts']);
if ($form['disp_posts'] < 3) {
$form['disp_posts'] = 3;
} elseif ($form['disp_posts'] > 75) {
$form['disp_posts'] = 75;
}
}
// Make sure we got a valid style string
if (Input::post('form_style')) {
$styles = \FeatherBB\Core\Lister::getStyles();
$form['style'] = Utils::trim(Input::post('form_style'));
if (!in_array($form['style'], $styles)) {
throw new Error(__('Bad request'), 404);
}
}
break;
case 'privacy':
$form = array('email_setting' => intval(Input::post('form_email_setting')), 'notify_with_post' => Input::post('form_notify_with_post') ? '1' : '0', 'auto_notify' => Input::post('form_auto_notify') ? '1' : '0');
if ($form['email_setting'] < 0 || $form['email_setting'] > 2) {
$form['email_setting'] = ForumSettings::get('o_default_email_setting');
}
break;
default:
throw new Error(__('Bad request'), 404);
}
$form = Container::get('hooks')->fire('model.profile.update_profile_form', $form, $section, $id, $info);
// Single quotes around non-empty values and nothing for empty values
$temp = array();
foreach ($form as $key => $input) {
$temp[$key] = $input;
}
if (empty($temp)) {
throw new Error(__('Bad request'), 404);
}
$update_user = DB::for_table('users')->where('id', $id)->find_one()->set($temp);
$update_user = Container::get('hooks')->fireDB('model.profile.update_profile_query', $update_user);
$update_user = $update_user->save();
// If we changed the username we have to update some stuff
if ($username_updated) {
$bans_updated = DB::for_table('bans')->where('username', $info['old_username']);
$bans_updated = Container::get('hooks')->fireDB('model.profile.update_profile_bans_updated', $bans_updated);
$bans_updated = $bans_updated->update_many('username', $form['username']);
$update_poster_id = DB::for_table('posts')->where('poster_id', $id);
$update_poster_id = Container::get('hooks')->fireDB('model.profile.update_profile_poster_id', $update_poster_id);
$update_poster_id = $update_poster_id->update_many('poster', $form['username']);
$update_posts = DB::for_table('posts')->where('edited_by', $info['old_username']);
$update_posts = Container::get('hooks')->fireDB('model.profile.update_profile_posts', $update_posts);
$update_posts = $update_posts->update_many('edited_by', $form['username']);
$update_topics_poster = DB::for_table('topics')->where('poster', $info['old_username']);
$update_topics_poster = Container::get('hooks')->fireDB('model.profile.update_profile_topics_poster', $update_topics_poster);
$update_topics_poster = $update_topics_poster->update_many('poster', $form['username']);
$update_topics_last_poster = DB::for_table('topics')->where('last_poster', $info['old_username']);
$update_topics_last_poster = Container::get('hooks')->fireDB('model.profile.update_profile_topics_last_poster', $update_topics_last_poster);
$update_topics_last_poster = $update_topics_last_poster->update_many('last_poster', $form['username']);
$update_forums = DB::for_table('forums')->where('last_poster', $info['old_username']);
$update_forums = Container::get('hooks')->fireDB('model.profile.update_profile_forums', $update_forums);
$update_forums = $update_forums->update_many('last_poster', $form['username']);
$update_online = DB::for_table('online')->where('ident', $info['old_username']);
$update_online = Container::get('hooks')->fireDB('model.profile.update_profile_online', $update_online);
$update_online = $update_online->update_many('ident', $form['username']);
// If the user is a moderator or an administrator we have to update the moderator lists
$group_id = DB::for_table('users')->where('id', $id);
// TODO: restore hook
// $group_id = Container::get('hooks')->fireDB('model.profile.update_profile_group_id', $update_online);
$group_id = $group_id->find_one_col('group_id');
$group_mod = DB::for_table('groups')->where('g_id', $group_id);
$group_mod = Container::get('hooks')->fireDB('model.profile.update_profile_group_mod', $group_mod);
$group_mod = $group_mod->find_one_col('g_moderator');
if ($group_id == ForumEnv::get('FEATHER_ADMIN') || $group_mod == '1') {
// Loop through all forums
$result = $this->loop_mod_forums();
foreach ($result as $cur_forum) {
$cur_moderators = $cur_forum['moderators'] != '' ? unserialize($cur_forum['moderators']) : array();
if (in_array($id, $cur_moderators)) {
unset($cur_moderators[$info['old_username']]);
$cur_moderators[$form['username']] = $id;
uksort($cur_moderators, 'utf8_strcasecmp');
$update_mods = DB::for_table('forums')->where('id', $cur_forum['id'])->find_one()->set('moderators', serialize($cur_moderators));
$update_mods = Container::get('hooks')->fireDB('model.profile.update_profile_mods', $update_mods);
$update_mods = $update_mods->save();
}
}
}
// Regenerate the users info cache
if (!Container::get('cache')->isCached('users_info')) {
Container::get('cache')->store('users_info', Cache::get_users_info());
}
$stats = Container::get('cache')->retrieve('users_info');
// Check if the bans table was updated and regenerate the bans cache when needed
if ($bans_updated) {
Container::get('cache')->store('bans', Cache::get_bans());
}
}
$section = Container::get('hooks')->fireDB('model.profile.update_profile', $section, $id);
return Router::redirect(Router::pathFor('profileSection', array('id' => $id, 'section' => $section)), __('Profile redirect'));
}
public function call()
{
global $feather_bans;
if ($cookie = $this->get_cookie_data($this->app->forum_settings['cookie_name'], $this->app->forum_settings['cookie_seed'])) {
$this->app->user = $this->model->load_user($cookie['user_id']);
$expires = $cookie['expires'] > $this->app->now + $this->app->forum_settings['o_timeout_visit'] ? $this->app->now + 1209600 : $this->app->now + $this->app->forum_settings['o_timeout_visit'];
$this->app->user->is_guest = false;
$this->app->user->is_admmod = $this->app->user->g_id == $this->app->forum_env['FEATHER_ADMIN'] || $this->app->user->g_moderator == '1';
if (!$this->app->user->disp_topics) {
$this->app->user->disp_topics = $this->app->forum_settings['o_disp_topics_default'];
}
if (!$this->app->user->disp_posts) {
$this->app->user->disp_posts = $this->app->forum_settings['o_disp_posts_default'];
}
if (!file_exists($this->app->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->app->user->language)) {
$this->app->user->language = $this->app->forum_settings['o_default_lang'];
}
if (!file_exists($this->app->forum_env['FEATHER_ROOT'] . 'style/themes/' . $this->app->user->style . '/style.css')) {
$this->app->user->style = $this->app->forum_settings['o_default_style'];
}
$this->model->feather_setcookie($this->app->user->id, $this->app->user->password, $expires);
$this->update_online();
} else {
$this->app->user = $this->model->load_user(1);
$this->app->user->disp_topics = $this->app->forum_settings['o_disp_topics_default'];
$this->app->user->disp_posts = $this->app->forum_settings['o_disp_posts_default'];
$this->app->user->timezone = $this->app->forum_settings['o_default_timezone'];
$this->app->user->dst = $this->app->forum_settings['o_default_dst'];
$this->app->user->language = $this->app->forum_settings['o_default_lang'];
$this->app->user->style = $this->app->forum_settings['o_default_style'];
$this->app->user->is_guest = true;
$this->app->user->is_admmod = false;
// Update online list
if (!$this->app->user->logged) {
$this->app->user->logged = time();
// With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
switch ($this->app->forum_settings['db_type']) {
case 'mysql':
case 'mysqli':
case 'mysql_innodb':
case 'mysqli_innodb':
case 'sqlite':
case 'sqlite3':
DB::for_table('online')->raw_execute('REPLACE INTO ' . $this->app->forum_settings['db_prefix'] . 'online (user_id, ident, logged) VALUES(1, :ident, :logged)', array(':ident' => $this->app->request->getIp(), ':logged' => $this->app->user->logged));
break;
default:
DB::for_table('online')->raw_execute('INSERT INTO ' . $this->app->forum_settings['db_prefix'] . 'online (user_id, ident, logged) SELECT 1, :ident, :logged WHERE NOT EXISTS (SELECT 1 FROM ' . $this->app->db->prefix . 'online WHERE ident=:ident)', array(':ident' => $this->app->request->getIp(), ':logged' => $this->app->user->logged));
break;
}
} else {
DB::for_table('online')->where('ident', $this->app->request->getIp())->update_many('logged', time());
}
$this->model->feather_setcookie(1, Random::hash(uniqid(rand(), true)), $this->app->now + 31536000);
}
load_textdomain('featherbb', $this->app->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->app->user->language . '/common.mo');
// Load bans from cache
if (!$this->app->cache->isCached('bans')) {
$this->app->cache->store('bans', Cache::get_bans());
}
$feather_bans = $this->app->cache->retrieve('bans');
// Check if current user is banned
$this->check_bans();
// Update online list
$this->update_users_online();
$this->next->call();
}
public function remove_ban($ban_id)
{
$ban_id = Container::get('hooks')->fire('model.admin.bans.remove_ban', $ban_id);
$result = DB::for_table('bans')->where('id', $ban_id)->find_one();
$result = Container::get('hooks')->fireDB('model.admin.bans.remove_ban_query', $result);
$result = $result->delete();
// Regenerate the bans cache
Container::get('cache')->store('bans', Cache::get_bans());
return Router::redirect(Router::pathFor('adminBans'), __('Ban removed redirect'));
}
public function insert_user($user)
{
$user = $this->hook->fire('insert_user_start', $user);
// Insert the new user into the database. We do this now to get the last inserted ID for later use
$now = time();
$intial_group_id = $this->config['o_regs_verify'] == '0' ? $this->config['o_default_user_group'] : $this->feather->forum_env['FEATHER_UNVERIFIED'];
$password_hash = Random::hash($user['password1']);
// Add the user
$user['insert'] = array('username' => $user['username'], 'group_id' => $intial_group_id, 'password' => $password_hash, 'email' => $user['email1'], 'email_setting' => $this->config['o_default_email_setting'], 'timezone' => $this->config['o_default_timezone'], 'dst' => 0, 'language' => $user['language'], 'style' => $this->config['o_default_style'], 'registered' => $now, 'registration_ip' => $this->request->getIp(), 'last_visit' => $now);
$user = DB::for_table('users')->create()->set($user['insert']);
$user = $this->hook->fireDB('insert_user_query', $user);
$user = $user->save();
$new_uid = DB::get_db()->lastInsertId($this->feather->forum_settings['db_prefix'] . 'users');
if ($this->config['o_regs_verify'] == '0') {
// Regenerate the users info cache
if (!$this->feather->cache->isCached('users_info')) {
$this->feather->cache->store('users_info', Cache::get_users_info());
}
$stats = $this->feather->cache->retrieve('users_info');
}
// If the mailing list isn't empty, we may need to send out some alerts
if ($this->config['o_mailing_list'] != '') {
// If we previously found out that the email was banned
if (isset($user['banned_email'])) {
// Load the "banned email register" template
$mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/banned_email_register.tpl'));
$mail_tpl = $this->hook->fire('insert_user_banned_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = $this->hook->fire('insert_user_banned_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<email>', $user['email1'], $mail_message);
$mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
$mail_message = $this->hook->fire('insert_user_banned_mail_message', $mail_message);
$this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
// If we previously found out that the email was a dupe
if (!empty($dupe_list)) {
// Load the "dupe email register" template
$mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/dupe_email_register.tpl'));
$mail_tpl = $this->hook->fire('insert_user_dupe_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = $this->hook->fire('insert_user_dupe_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
$mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
$mail_message = $this->hook->fire('insert_user_dupe_mail_message', $mail_message);
$this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
// Should we alert people on the admin mailing list that a new user has registered?
if ($this->config['o_regs_report'] == '1') {
// Load the "new user" template
$mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/new_user.tpl'));
$mail_tpl = $this->hook->fire('insert_user_new_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = $this->hook->fire('insert_user_new_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<base_url>', $this->feather->urlFor('home'), $mail_message);
$mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<admin_url>', $this->feather->urlFor('profileSection', ['id' => $new_uid, 'section' => 'admin']), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
$mail_message = $this->hook->fire('insert_user_new_mail_message', $mail_message);
$this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
}
// Must the user verify the registration or do we log him/her in right now?
if ($this->config['o_regs_verify'] == '1') {
// Load the "welcome" template
$mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/welcome.tpl'));
$mail_tpl = $this->hook->fire('insert_user_welcome_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = $this->hook->fire('insert_user_welcome_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_subject = str_replace('<board_title>', $this->config['o_board_title'], $mail_subject);
$mail_message = str_replace('<base_url>', $this->feather->urlFor('home'), $mail_message);
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<password>', $user['password1'], $mail_message);
$mail_message = str_replace('<login_url>', $this->feather->urlFor('login'), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
$mail_message = $this->hook->fire('insert_user_welcome_mail_message', $mail_message);
$this->email->feather_mail($user['email1'], $mail_subject, $mail_message);
Url::redirect($this->feather->urlFor('home'), __('Reg email') . ' <a href="mailto:' . Utils::escape($this->config['o_admin_email']) . '">' . Utils::escape($this->config['o_admin_email']) . '</a>.');
}
$this->auth->feather_setcookie($new_uid, $password_hash, time() + $this->config['o_timeout_visit']);
$this->hook->fire('insert_user');
Url::redirect($this->feather->urlFor('home'), __('Reg complete'));
}
public function ban_users()
{
if ($this->request->post('users')) {
$user_ids = is_array($this->request->post('users')) ? array_keys($this->request->post('users')) : explode(',', $this->request->post('users'));
$user_ids = array_map('intval', $user_ids);
// Delete invalid IDs
$user_ids = array_diff($user_ids, array(0, 1));
} else {
$user_ids = array();
}
$user_ids = $this->hook->fire('model.users.ban_users.user_ids', $user_ids);
if (empty($user_ids)) {
throw new Error(__('No users selected'), 404);
}
// Are we trying to ban any admins?
$is_admin = DB::for_table('users')->where_in('id', $user_ids)->where('group_id', $this->feather->forum_env['FEATHER_ADMIN'])->find_one();
if ($is_admin) {
throw new Error(__('No ban admins message'), 403);
}
// Also, we cannot ban moderators
$is_mod = DB::for_table('users')->table_alias('u')->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->where('g.g_moderator', 1)->where_in('u.id', $user_ids)->find_one();
if ($is_mod) {
throw new Error(__('No ban mods message'), 403);
}
if ($this->request->post('ban_users_comply')) {
$ban_message = Utils::trim($this->request->post('ban_message'));
$ban_expire = Utils::trim($this->request->post('ban_expire'));
$ban_the_ip = $this->request->post('ban_the_ip') ? intval($this->request->post('ban_the_ip')) : 0;
$this->hook->fire('model.users.ban_users.comply', $ban_message, $ban_expire, $ban_the_ip);
if ($ban_expire != '' && $ban_expire != 'Never') {
$ban_expire = strtotime($ban_expire . ' GMT');
if ($ban_expire == -1 || !$ban_expire) {
throw new Error(__('Invalid date message') . ' ' . __('Invalid date reasons'), 400);
}
$diff = ($this->user->timezone + $this->user->dst) * 3600;
$ban_expire -= $diff;
if ($ban_expire <= time()) {
throw new Error(__('Invalid date message') . ' ' . __('Invalid date reasons'), 400);
}
} else {
$ban_expire = 'NULL';
}
$ban_message = $ban_message != '' ? $ban_message : 'NULL';
// Fetch user information
$user_info = array();
$select_fetch_user_information = array('id', 'username', 'email', 'registration_ip');
$result = DB::for_table('users')->select_many($select_fetch_user_information)->where_in('id', $user_ids);
$result = $this->hook->fireDB('model.users.ban_users.user_info_query', $result);
$result = $result->find_many();
foreach ($result as $cur_user) {
$user_info[$cur_user['id']] = array('username' => $cur_user['username'], 'email' => $cur_user['email'], 'ip' => $cur_user['registration_ip']);
}
// Overwrite the registration IP with one from the last post (if it exists)
if ($ban_the_ip != 0) {
$result = DB::for_table('posts')->raw_query('SELECT p.poster_id, p.poster_ip FROM ' . $this->feather->forum_settings['db_prefix'] . 'posts AS p INNER JOIN (SELECT MAX(id) AS id FROM ' . $this->feather->forum_settings['db_prefix'] . 'posts WHERE poster_id IN (' . implode(',', $user_ids) . ') GROUP BY poster_id) AS i ON p.id=i.id')->find_many();
foreach ($result as $cur_address) {
$user_info[$cur_address['poster_id']]['ip'] = $cur_address['poster_ip'];
}
}
$user_info = $this->hook->fire('model.users.ban_users.user_info', $user_info);
// And insert the bans!
foreach ($user_ids as $user_id) {
$ban_username = $user_info[$user_id]['username'];
$ban_email = $user_info[$user_id]['email'];
$ban_ip = $ban_the_ip != 0 ? $user_info[$user_id]['ip'] : 'NULL';
$insert_update_ban = array('username' => $ban_username, 'ip' => $ban_ip, 'email' => $ban_email, 'message' => $ban_message, 'expire' => $ban_expire, 'ban_creator' => $this->user->id);
$insert_update_ban = $this->hook->fire('model.users.ban_users.ban_data', $insert_update_ban);
if ($this->request->post('mode') == 'add') {
$insert_update_ban['ban_creator'] = $this->user->id;
DB::for_table('bans')->create()->set($insert_update_ban)->save();
}
// Regenerate the bans cache
$this->feather->cache->store('bans', Cache::get_bans());
Url::redirect($this->feather->urlFor('adminUsers'), __('Users banned redirect'));
}
}
return $user_ids;
}
public function remove_ban($ban_id)
{
$ban_id = $this->hook->fire('remove_ban', $ban_id);
$result = DB::for_table('bans')->where('id', $ban_id)->find_one();
$result = $this->hook->fireDB('remove_ban_query', $result);
$result = $result->delete();
// Regenerate the bans cache
$this->feather->cache->store('bans', Cache::get_bans());
Url::redirect($this->feather->urlFor('adminBans'), __('Ban removed redirect'));
}
public function __invoke($req, $res, $next)
{
$authCookie = Container::get('cookie')->get(ForumSettings::get('cookie_name'));
if ($jwt = $this->get_cookie_data($authCookie)) {
$user = AuthModel::load_user($jwt->data->userId);
$expires = $jwt->exp > Container::get('now') + ForumSettings::get('o_timeout_visit') ? Container::get('now') + 1209600 : Container::get('now') + ForumSettings::get('o_timeout_visit');
$user->is_guest = false;
$user->is_admmod = $user->g_id == ForumEnv::get('FEATHER_ADMIN') || $user->g_moderator == '1';
if (!$user->disp_topics) {
$user->disp_topics = ForumSettings::get('o_disp_topics_default');
}
if (!$user->disp_posts) {
$user->disp_posts = ForumSettings::get('o_disp_posts_default');
}
if (!file_exists(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . $user->language)) {
$user->language = ForumSettings::get('o_default_lang');
}
if (!file_exists(ForumEnv::get('FEATHER_ROOT') . 'style/themes/' . $user->style . '/style.css')) {
$user->style = ForumSettings::get('o_default_style');
}
// Refresh cookie to avoid re-logging between idle
$jwt = AuthModel::generate_jwt($user, $expires);
AuthModel::feather_setcookie('Bearer ' . $jwt, $expires);
// Add user to DIC
Container::set('user', $user);
$this->update_online();
} else {
$user = AuthModel::load_user(1);
$user->disp_topics = ForumSettings::get('o_disp_topics_default');
$user->disp_posts = ForumSettings::get('o_disp_posts_default');
$user->timezone = ForumSettings::get('o_default_timezone');
$user->dst = ForumSettings::get('o_default_dst');
$user->language = ForumSettings::get('o_default_lang');
$user->style = ForumSettings::get('o_default_style');
$user->is_guest = true;
$user->is_admmod = false;
// Update online list
if (!$user->logged) {
$user->logged = time();
// With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
switch (ForumSettings::get('db_type')) {
case 'mysql':
case 'mysqli':
case 'mysql_innodb':
case 'mysqli_innodb':
case 'sqlite':
case 'sqlite3':
DB::for_table('online')->raw_execute('REPLACE INTO ' . ForumSettings::get('db_prefix') . 'online (user_id, ident, logged) VALUES(1, :ident, :logged)', array(':ident' => Utils::getIp(), ':logged' => $user->logged));
break;
default:
DB::for_table('online')->raw_execute('INSERT INTO ' . ForumSettings::get('db_prefix') . 'online (user_id, ident, logged) SELECT 1, :ident, :logged WHERE NOT EXISTS (SELECT 1 FROM ' . ForumSettings::get('db_prefix') . 'online WHERE ident=:ident)', array(':ident' => Utils::getIp(), ':logged' => $user->logged));
break;
}
} else {
DB::for_table('online')->where('ident', Utils::getIp())->update_many('logged', time());
}
// $jwt = AuthModel::generate_jwt($user, Container::get('now') + 31536000);
// AuthModel::feather_setcookie('Bearer '.$jwt, Container::get('now') + 31536000);
// Add $user as guest to DIC
Container::set('user', $user);
}
translate('common');
// Load bans from cache
if (!Container::get('cache')->isCached('bans')) {
Container::get('cache')->store('bans', Cache::get_bans());
}
// Add bans to the container
Container::set('bans', Container::get('cache')->retrieve('bans'));
// Check if current user is banned
$this->check_bans();
// Update online list
$this->update_users_online();
return $next($req, $res);
}
public function update_options()
{
$form = array('board_title' => Utils::trim($this->request->post('form_board_title')), 'board_desc' => Utils::trim($this->request->post('form_board_desc')), 'base_url' => Utils::trim($this->request->post('form_base_url')), 'default_timezone' => floatval($this->request->post('form_default_timezone')), 'default_dst' => $this->request->post('form_default_dst') != '1' ? '0' : '1', 'default_lang' => Utils::trim($this->request->post('form_default_lang')), 'default_style' => Utils::trim($this->request->post('form_default_style')), 'time_format' => Utils::trim($this->request->post('form_time_format')), 'date_format' => Utils::trim($this->request->post('form_date_format')), 'timeout_visit' => intval($this->request->post('form_timeout_visit')) > 0 ? intval($this->request->post('form_timeout_visit')) : 1, 'timeout_online' => intval($this->request->post('form_timeout_online')) > 0 ? intval($this->request->post('form_timeout_online')) : 1, 'redirect_delay' => intval($this->request->post('form_redirect_delay')) >= 0 ? intval($this->request->post('form_redirect_delay')) : 0, 'show_version' => $this->request->post('form_show_version') != '1' ? '0' : '1', 'show_user_info' => $this->request->post('form_show_user_info') != '1' ? '0' : '1', 'show_post_count' => $this->request->post('form_show_post_count') != '1' ? '0' : '1', 'smilies' => $this->request->post('form_smilies') != '1' ? '0' : '1', 'smilies_sig' => $this->request->post('form_smilies_sig') != '1' ? '0' : '1', 'make_links' => $this->request->post('form_make_links') != '1' ? '0' : '1', 'topic_review' => intval($this->request->post('form_topic_review')) >= 0 ? intval($this->request->post('form_topic_review')) : 0, 'disp_topics_default' => intval($this->request->post('form_disp_topics_default')), 'disp_posts_default' => intval($this->request->post('form_disp_posts_default')), 'indent_num_spaces' => intval($this->request->post('form_indent_num_spaces')) >= 0 ? intval($this->request->post('form_indent_num_spaces')) : 0, 'quote_depth' => intval($this->request->post('form_quote_depth')) > 0 ? intval($this->request->post('form_quote_depth')) : 1, 'quickpost' => $this->request->post('form_quickpost') != '1' ? '0' : '1', 'users_online' => $this->request->post('form_users_online') != '1' ? '0' : '1', 'censoring' => $this->request->post('form_censoring') != '1' ? '0' : '1', 'signatures' => $this->request->post('form_signatures') != '1' ? '0' : '1', 'show_dot' => $this->request->post('form_show_dot') != '1' ? '0' : '1', 'topic_views' => $this->request->post('form_topic_views') != '1' ? '0' : '1', 'quickjump' => $this->request->post('form_quickjump') != '1' ? '0' : '1', 'gzip' => $this->request->post('form_gzip') != '1' ? '0' : '1', 'search_all_forums' => $this->request->post('form_search_all_forums') != '1' ? '0' : '1', 'additional_navlinks' => Utils::trim($this->request->post('form_additional_navlinks')), 'feed_type' => intval($this->request->post('form_feed_type')), 'feed_ttl' => intval($this->request->post('form_feed_ttl')), 'report_method' => intval($this->request->post('form_report_method')), 'mailing_list' => Utils::trim($this->request->post('form_mailing_list')), 'avatars' => $this->request->post('form_avatars') != '1' ? '0' : '1', 'avatars_dir' => Utils::trim($this->request->post('form_avatars_dir')), 'avatars_width' => intval($this->request->post('form_avatars_width')) > 0 ? intval($this->request->post('form_avatars_width')) : 1, 'avatars_height' => intval($this->request->post('form_avatars_height')) > 0 ? intval($this->request->post('form_avatars_height')) : 1, 'avatars_size' => intval($this->request->post('form_avatars_size')) > 0 ? intval($this->request->post('form_avatars_size')) : 1, 'admin_email' => strtolower(Utils::trim($this->request->post('form_admin_email'))), 'webmaster_email' => strtolower(Utils::trim($this->request->post('form_webmaster_email'))), 'forum_subscriptions' => $this->request->post('form_forum_subscriptions') != '1' ? '0' : '1', 'topic_subscriptions' => $this->request->post('form_topic_subscriptions') != '1' ? '0' : '1', 'smtp_host' => Utils::trim($this->request->post('form_smtp_host')), 'smtp_user' => Utils::trim($this->request->post('form_smtp_user')), 'smtp_ssl' => $this->request->post('form_smtp_ssl') != '1' ? '0' : '1', 'regs_allow' => $this->request->post('form_regs_allow') != '1' ? '0' : '1', 'regs_verify' => $this->request->post('form_regs_verify') != '1' ? '0' : '1', 'regs_report' => $this->request->post('form_regs_report') != '1' ? '0' : '1', 'rules' => $this->request->post('form_rules') != '1' ? '0' : '1', 'rules_message' => Utils::trim($this->request->post('form_rules_message')), 'default_email_setting' => intval($this->request->post('form_default_email_setting')), 'announcement' => $this->request->post('form_announcement') != '1' ? '0' : '1', 'announcement_message' => Utils::trim($this->request->post('form_announcement_message')), 'maintenance' => $this->request->post('form_maintenance') != '1' ? '0' : '1', 'maintenance_message' => Utils::trim($this->request->post('form_maintenance_message')));
$form = $this->hook->fire('options.update_options.form', $form);
if ($form['board_title'] == '') {
throw new Error(__('Must enter title message'), 400);
}
// Make sure base_url doesn't end with a slash
if (substr($form['base_url'], -1) == '/') {
$form['base_url'] = substr($form['base_url'], 0, -1);
}
// Convert IDN to Punycode if needed
if (preg_match('/[^\\x00-\\x7F]/', $form['base_url'])) {
if (!function_exists('idn_to_ascii')) {
throw new Error(__('Base URL problem'), 400);
} else {
$form['base_url'] = idn_to_ascii($form['base_url']);
}
}
$languages = \FeatherBB\Core\Lister::getLangs();
if (!in_array($form['default_lang'], $languages)) {
throw new Error(__('Bad request'), 404);
}
$styles = \FeatherBB\Core\Lister::getStyles();
if (!in_array($form['default_style'], $styles)) {
throw new Error(__('Bad request'), 404);
}
if ($form['time_format'] == '') {
$form['time_format'] = 'H:i:s';
}
if ($form['date_format'] == '') {
$form['date_format'] = 'Y-m-d';
}
if (!$this->email->is_valid_email($form['admin_email'])) {
throw new Error(__('Invalid e-mail message'), 400);
}
if (!$this->email->is_valid_email($form['webmaster_email'])) {
throw new Error(__('Invalid webmaster e-mail message'), 400);
}
if ($form['mailing_list'] != '') {
$form['mailing_list'] = strtolower(preg_replace('%\\s%S', '', $form['mailing_list']));
}
// Make sure avatars_dir doesn't end with a slash
if (substr($form['avatars_dir'], -1) == '/') {
$form['avatars_dir'] = substr($form['avatars_dir'], 0, -1);
}
if ($form['additional_navlinks'] != '') {
$form['additional_navlinks'] = Utils::trim(Utils::linebreaks($form['additional_navlinks']));
}
// Change or enter a SMTP password
if ($this->request->post('form_smtp_change_pass')) {
$smtp_pass1 = $this->request->post('form_smtp_pass1') ? Utils::trim($this->request->post('form_smtp_pass1')) : '';
$smtp_pass2 = $this->request->post('form_smtp_pass2') ? Utils::trim($this->request->post('form_smtp_pass2')) : '';
if ($smtp_pass1 == $smtp_pass2) {
$form['smtp_pass'] = $smtp_pass1;
} else {
throw new Error(__('SMTP passwords did not match'), 400);
}
}
if ($form['announcement_message'] != '') {
$form['announcement_message'] = Utils::linebreaks($form['announcement_message']);
} else {
$form['announcement_message'] = __('Enter announcement here');
$form['announcement'] = '0';
}
if ($form['rules_message'] != '') {
$form['rules_message'] = Utils::linebreaks($form['rules_message']);
} else {
$form['rules_message'] = __('Enter rules here');
$form['rules'] = '0';
}
if ($form['maintenance_message'] != '') {
$form['maintenance_message'] = Utils::linebreaks($form['maintenance_message']);
} else {
$form['maintenance_message'] = __('Default maintenance message');
$form['maintenance'] = '0';
}
// Make sure the number of displayed topics and posts is between 3 and 75
if ($form['disp_topics_default'] < 3) {
$form['disp_topics_default'] = 3;
} elseif ($form['disp_topics_default'] > 75) {
$form['disp_topics_default'] = 75;
}
if ($form['disp_posts_default'] < 3) {
$form['disp_posts_default'] = 3;
} elseif ($form['disp_posts_default'] > 75) {
$form['disp_posts_default'] = 75;
}
if ($form['feed_type'] < 0 || $form['feed_type'] > 2) {
throw new Error(__('Bad request'), 400);
}
if ($form['feed_ttl'] < 0) {
throw new Error(__('Bad request'), 400);
}
if ($form['report_method'] < 0 || $form['report_method'] > 2) {
throw new Error(__('Bad request'), 400);
}
if ($form['default_email_setting'] < 0 || $form['default_email_setting'] > 2) {
throw new Error(__('Bad request'), 400);
}
if ($form['timeout_online'] >= $form['timeout_visit']) {
throw new Error(__('Timeout error message'), 400);
}
foreach ($form as $key => $input) {
// Only update values that have changed
if (array_key_exists('o_' . $key, $this->config) && $this->config['o_' . $key] != $input) {
if ($input != '' || is_int($input)) {
DB::for_table('config')->where('conf_name', 'o_' . $key)->update_many('conf_value', $input);
} else {
DB::for_table('config')->where('conf_name', 'o_' . $key)->update_many_expr('conf_value', 'NULL');
}
}
}
// Regenerate the config cache
$this->feather->cache->store('config', Cache::get_config());
$this->clear_feed_cache();
Url::redirect($this->feather->urlFor('adminOptions'), __('Options updated redirect'));
}
protected function getDefaultPageInfo()
{
// Check if config file exists to avoid error when installing forum
if (!$this->app->cache->isCached('quickjump') && is_file($this->app->forum_env['FORUM_CONFIG_FILE'])) {
$this->app->cache->store('quickjump', \FeatherBB\Model\Cache::get_quickjump());
}
$data = array('title' => Utils::escape($this->app->forum_settings['o_board_title']), 'page_number' => null, 'active_page' => 'index', 'focus_element' => null, 'is_indexed' => true, 'admin_console' => false, 'page_head' => null, 'paging_links' => null, 'required_fields' => null, 'footer_style' => null, 'quickjump' => $this->app->cache->retrieve('quickjump'), 'fid' => null, 'pid' => null, 'tid' => null);
if (is_object($this->app->user) && $this->app->user->is_admmod) {
$data['has_reports'] = \FeatherBB\Model\Header::get_reports();
}
if ($this->app->forum_env['FEATHER_SHOW_INFO']) {
$data['exec_info'] = \FeatherBB\Model\Debug::get_info();
if ($this->app->forum_env['FEATHER_SHOW_QUERIES']) {
$data['queries_info'] = \FeatherBB\Model\Debug::get_queries();
}
}
return $data;
}
public function set_default_group($groups)
{
$group_id = intval(Input::post('default_group'));
$group_id = Container::get('hooks')->fire('model.admin.groups.set_default_group.group_id', $group_id);
// Make sure it's not the admin or guest groups
if ($group_id == ForumEnv::get('FEATHER_ADMIN') || $group_id == ForumEnv::get('FEATHER_GUEST')) {
throw new Error(__('Bad request'), 404);
}
// Make sure it's not a moderator group
if ($groups[$group_id]['g_moderator'] != 0) {
throw new Error(__('Bad request'), 404);
}
DB::for_table('config')->where('conf_name', 'o_default_user_group')->update_many('conf_value', $group_id);
// Regenerate the config cache
Container::get('cache')->store('config', Cache::get_config());
return Router::redirect(Router::pathFor('adminGroups'), __('Default group redirect'));
}
public function set_default_group($groups)
{
$group_id = intval($this->request->post('default_group'));
$group_id = $this->hook->fire('set_default_group.group_id', $group_id);
// Make sure it's not the admin or guest groups
if ($group_id == $this->feather->forum_env['FEATHER_ADMIN'] || $group_id == $this->feather->forum_env['FEATHER_GUEST']) {
throw new Error(__('Bad request'), 404);
}
// Make sure it's not a moderator group
if ($groups[$group_id]['g_moderator'] != 0) {
throw new Error(__('Bad request'), 404);
}
DB::for_table('config')->where('conf_name', 'o_default_user_group')->update_many('conf_value', $group_id);
// Regenerate the config cache
$this->feather->cache->store('config', Cache::get_config());
Url::redirect($this->feather->urlFor('adminGroups'), __('Default group redirect'));
}
public function collect_stats()
{
$this->hook->fire('collect_stats_start');
// Collect some statistics from the database
if (!$this->feather->cache->isCached('users_info')) {
$this->feather->cache->store('users_info', Cache::get_users_info());
}
$stats = $this->feather->cache->retrieve('users_info');
$query = DB::for_table('forums')->select_expr('SUM(num_topics)', 'total_topics')->select_expr('SUM(num_posts)', 'total_posts');
$query = $this->hook->fireDB('collect_stats_query', $query);
$query = $query->find_one();
$stats['total_topics'] = intval($query['total_topics']);
$stats['total_posts'] = intval($query['total_posts']);
if ($this->user->g_view_users == '1') {
$stats['newest_user'] = '******' . $this->feather->urlFor('userProfile', ['id' => $stats['last_user']['id']]) . '">' . Utils::escape($stats['last_user']['username']) . '</a>';
} else {
$stats['newest_user'] = Utils::escape($stats['last_user']['username']);
}
$stats = $this->hook->fire('collect_stats', $stats);
return $stats;
}
public static function get_admin_ids()
{
// Get Slim current session
$feather = \Slim\Slim::getInstance();
if (!$feather->cache->isCached('admin_ids')) {
$feather->cache->store('admin_ids', Cache::get_admin_ids());
}
return $feather->cache->retrieve('admin_ids');
}
public static function get_admin_ids()
{
// Get Slim current session
if (!Container::get('cache')->isCached('admin_ids')) {
Container::get('cache')->store('admin_ids', Cache::get_admin_ids());
}
return Container::get('cache')->retrieve('admin_ids');
}