function postContent() { // TODO: change this to actual basic login, of course if ($user = \Idno\Entities\User::getByHandle($this->getInput('email'))) { } else { if ($user = \Idno\Entities\User::getByEmail($this->getInput('email'))) { } else { \Idno\Core\site()->triggerEvent('login/failure/nouser', ['method' => 'password', 'credentials' => ['email' => $this->getInput('email')]]); $this->setResponse(401); $this->forward('/session/login'); } } if ($user instanceof \Idno\Entities\User) { if ($user->checkPassword($this->getInput('password'))) { \Idno\Core\site()->triggerEvent('login/success', ['user' => $user]); // Trigger an event for auditing \Idno\Core\site()->session()->logUserOn($user); \Idno\Core\site()->session()->addMessage("You've signed in as {$user->getTitle()}."); $this->forward(); } else { \Idno\Core\site()->session()->addMessage("Oops! It looks like your password isn't correct. Please try again."); \Idno\Core\site()->triggerEvent('login/failure', ['user' => $user]); } } else { \Idno\Core\site()->session()->addMessage("Oops! We couldn't find your username or email address. Please check you typed it correctly and try again."); } }
function postContent() { $this->reverseGatekeeper(); $name = $this->getInput('name'); $handle = trim($this->getInput('handle')); $password = trim($this->getInput('password')); $email = trim($this->getInput('email')); if (empty($handle) && empty($email)) { \Idno\Core\site()->session()->addErrorMessage("Please enter a username and email address."); } else { if (!empty($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && strlen($handle) <= 32 && !substr_count($handle, '/') && \Idno\Entities\User::checkNewPasswordStrength($password)) { $user = new Application(); $user->email = $email; $user->handle = strtolower(trim($handle)); // Trim the handle and set it to lowercase $user->setPassword($password); $user->notifications['email'] = 'all'; if (empty($name)) { $name = $user->handle; } $user->setTitle($name); if ($user->save()) { $t = clone \Idno\Core\site()->template(); $t->setTemplateType('email'); foreach (\Idno\Core\site()->getAdmins() as $admin) { $email_message = new Email(); $email_message->setSubject("You have a new membership application!"); $email_message->addTo($admin->email); $email_message->setHTMLBodyFromTemplate('applytojoin/new', ['user' => $user]); $email_message->send(); } $this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'account/join/thanks/'); } else { var_export(\Idno\Core\site()->session()->messages); } } else { if (empty($handle)) { \Idno\Core\site()->session()->addErrorMessage("Please create a username."); } if (strlen($handle) > 32) { \Idno\Core\site()->session()->addErrorMessage("Your username is too long."); } if (substr_count($handle, '/')) { \Idno\Core\site()->session()->addErrorMessage("Usernames can't contain a slash ('/') character."); } if (!empty($handleuser)) { \Idno\Core\site()->session()->addErrorMessage("Unfortunately, someone is already using that username. Please choose another."); } if (!empty($emailuser)) { \Idno\Core\site()->session()->addErrorMessage("Hey, it looks like there's already an account with that email address. Did you forget your login?"); } if (!\Idno\Entities\User::checkNewPasswordStrength($password)) { \Idno\Core\site()->session()->addErrorMessage("Please check that your password is at least 7 characters long."); } } } } $this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'account/join/'); }
function postContent() { $fwd = $this->getInput('fwd'); // Forward to a new page? if (empty($fwd)) { $fwd = \Idno\Core\site()->config()->url; } if ($user = \Idno\Entities\User::getByHandle($this->getInput('email'))) { } else { if ($user = \Idno\Entities\User::getByEmail($this->getInput('email'))) { } else { \Idno\Core\site()->triggerEvent('login/failure/nouser', array('method' => 'password', 'credentials' => array('email' => $this->getInput('email')))); $this->setResponse(401); } } if ($user instanceof \Idno\Entities\User) { if ($user->checkPassword(trim($this->getInput('password')))) { \Idno\Core\site()->triggerEvent('login/success', array('user' => $user)); // Trigger an event for auditing \Idno\Core\site()->session()->logUserOn($user); $this->forward($fwd); } else { \Idno\Core\site()->session()->addErrorMessage("Oops! It looks like your password isn't correct. Please try again."); \Idno\Core\site()->triggerEvent('login/failure', array('user' => $user)); $this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'session/login/?fwd=' . urlencode($fwd)); } } else { \Idno\Core\site()->session()->addErrorMessage("Oops! We couldn't find your username or email address. Please check you typed it correctly and try again."); $this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'session/login/?fwd=' . urlencode($fwd)); } }
function getContent() { if (!empty($this->arguments[0])) { $user = \Idno\Entities\User::getByHandle($this->arguments[0]); } if (empty($user)) { $this->forward(); } // TODO: 404 $t = \Idno\Core\site()->template(); $t->__(array('title' => 'Edit profile: ' . $user->getTitle(), 'body' => $t->__(array('user' => $user))->draw('entity/User/edit')))->drawPage(); }
function postContent() { if (!empty($this->arguments[0])) { $user = \Idno\Entities\User::getByHandle($this->arguments[0]); } if (empty($user)) { $this->forward(); } // TODO: 404 if ($user->saveDataFromInput($this)) { \Idno\Core\site()->session()->addMessage($user->getTitle() . ' was saved.'); $this->forward($user->getURL()); } $this->forward($_SERVER['HTTP_REFERER']); }
function getContent() { $acct = $this->getInput('resource'); if (!empty($acct)) { if (substr($acct, 0, 5) == 'acct:' && strlen($acct) > 8) { $handle = str_replace('@' . \Idno\Core\site()->config()->host, '', substr($acct, 5)); if ($user = \Idno\Entities\User::getByHandle($handle)) { $links = \Idno\Core\site()->triggerEvent('webfinger', array('object' => $user)); } } } $t = \Idno\Core\site()->template(); $t->setTemplateType('json'); $t->__(array('subject' => $acct, 'links' => $links))->drawPage(); }
/** * Sets the page owner on the homepage */ function init() { \Idno\Core\Idno::site()->events()->addListener('page/get', function (\Idno\Core\Event $event) { if ($event->data()['page_class'] == 'Idno\\Pages\\Homepage') { if (!empty(\Idno\Core\Idno::site()->config()->cherwell['profile_user'])) { if ($profile_user = User::getByHandle(\Idno\Core\Idno::site()->config()->cherwell['profile_user'])) { \Idno\Core\Idno::site()->currentPage()->setOwner($profile_user); } } if (empty($profile_user)) { \Idno\Core\Idno::site()->currentPage()->setOwner(\Idno\Entities\User::getOne(['admin' => true])); } } }); \Idno\Core\Idno::site()->addPageHandler('/admin/cherwell/?', 'Themes\\Cherwell\\Pages\\Admin'); }
function postContent() { $name = $this->getInput('name'); $handle = $this->getInput('handle'); $password = $this->getInput('password'); $password2 = $this->getInput('password2'); $email = $this->getInput('email'); $user = new \Idno\Entities\User(); if (!empty($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && $password == $password2 && strlen($password) > 4 && !empty($name)) { $user = new \Idno\Entities\User(); $user->email = $email; $user->handle = $handle; $user->setPassword($password); $user->setTitle($name); if (!\Idno\Entities\User::get()) { $user->setAdmin(true); } $user->save(); } else { if (empty($handle)) { \Idno\Core\site()->session()->addMessage("You can't have an empty handle."); } else { if (!empty($handleuser)) { \Idno\Core\site()->session()->addMessage("Unfortunately, a user is already using that handle. Please choose another."); } } if (!empty($emailuser)) { \Idno\Core\site()->session()->addMessage("Unfortunately, a user is already using that email address. Please choose another."); } if ($password != $password2 || strlen($password) <= 4) { \Idno\Core\site()->session()->addMessage("Please check that your passwords match and that your password is over four characters long."); } } } else { \Idno\Core\site()->session()->addMessage("That doesn't seem to be a valid email address."); } if (!empty($user->_id)) { \Idno\Core\site()->session()->addMessage("You've registered! Well done."); \Idno\Core\site()->session()->logUserOn($user); } else { \Idno\Core\site()->session()->addMessage("We couldn't register you."); $this->forward($_SERVER['HTTP_REFERER']); } }
function postContent() { $this->adminGatekeeper(); $user_uuid = $this->getInput('user'); $action = $this->getInput('action'); $user = Application::getByUUID($user_uuid); if ($user instanceof Application) { $name = $user->getTitle(); $handle = $user->handle; $email = $user->email; switch ($action) { case 'approve': if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && strlen($handle) <= 32 && !substr_count($handle, '/')) { $real_user = new \Idno\Entities\User(); $real_user->setHandle($user->handle); $real_user->email = $user->email; $real_user->password = $user->password; $real_user->setTitle($user->getTitle()); if ($real_user->save()) { $user->delete(); $email_message = new Email(); $email_message->setSubject("Your membership was approved!"); $email_message->addTo($real_user->email); $email_message->setHTMLBodyFromTemplate('applytojoin/approved', ['user' => $real_user]); $email_message->send(); \Idno\Core\site()->session()->addMessage("{$name}'s membership application was approved. They can now log into the site."); } else { \Idno\Core\site()->session()->addMessage("Something went wrong and we weren't able to approve {$name}'s membership application."); } } else { \Idno\Core\site()->session()->addMessage("We couldn't approve {$name}'s application. Either their handle or their email was invalid or in use."); } break; case 'delete': $user->delete(); \Idno\Core\site()->session()->addMessage("{$name}'s membership application was deleted."); break; } } $this->forward(\Idno\Core\site()->config()->getDisplayURL() . 'admin/applytojoin/'); }
function postContent() { if (!empty($this->arguments[0])) { $user = \Idno\Entities\User::getByHandle($this->arguments[0]); } if (empty($user)) { $this->forward(); } // TODO: 404 if ($user->saveDataFromInput($this)) { if ($onboarding = $this->getInput('onboarding')) { $services = \Idno\Core\site()->syndication()->getServices(); if (!empty($services) || !empty(\Idno\Core\site()->config->force_onboarding_connect)) { $this->forward(\Idno\Core\site()->config()->getURL() . 'begin/connect'); } else { $this->forward(\Idno\Core\site()->config()->getURL() . 'begin/publish'); } } $this->forward($user->getURL()); } $this->forward($_SERVER['HTTP_REFERER']); }
/** * Return an admin test user, creating it if necessary. * @return \Idno\Entities\User */ protected function &admin() { // Have we already got a user? if (static::$testAdmin) { return static::$testAdmin; } // Get a user (shouldn't happen) if ($user = \Idno\Entities\User::getByHandle('testadmin')) { static::$testAdmin = $user; return $user; } // No user there, so create one $user = new \Idno\Entities\User(); $user->handle = 'testadmin'; $user->email = '*****@*****.**'; $user->setPassword(md5(rand())); // Set password to something random to mitigate security holes if cleanup fails $user->setTitle('Test Admin User'); $user->setAdmin(true); $user->save(); static::$testAdmin = $user; return $user; }
/** * Retrieve a user by their profile URL. * @param string $url * @return User|false */ static function getByProfileURL($url) { // If user explicitly has a profile url set (generally this means it's a RemoteUser class if ($result = \Idno\Core\Idno::site()->db()->getObjects(get_called_class(), array('url' => $url), null, 1)) { foreach ($result as $row) { return $row; } } // Ok, now try and see if we can get the local profile if (preg_match("~" . \Idno\Core\Idno::site()->config()->url . 'profile/([A-Za-z0-9]+)?~', $url, $matches)) { return \Idno\Entities\User::getByHandle($matches[1]); } // Can't find return false; }
/** * Checks HTTP request headers to see if the request has been properly * signed for API access, and if so, log the user on and return the user * * @return \Idno\Entities\User|false The logged-in user, or false otherwise */ function APIlogin() { if (!empty($_SERVER['HTTP_X_KNOWN_USERNAME']) && !empty($_SERVER['HTTP_X_KNOWN_SIGNATURE'])) { \Idno\Core\site()->session()->setIsAPIRequest(true); if (!\Idno\Common\Page::isSSL() && !\Idno\Core\site()->config()->disable_cleartext_warning) { \Idno\Core\site()->session()->addErrorMessage("Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini"); } $t = site()->currentPage()->getInput('_t'); if (empty($t)) { site()->template()->setTemplateType('json'); } if ($user = \Idno\Entities\User::getByHandle($_SERVER['HTTP_X_KNOWN_USERNAME'])) { // Short circuit authentication, since this user is already logged in. Needed to resolve #595 if (\Idno\Core\site()->session()->currentUser() && \Idno\Core\site()->session()->currentUser()->getUUID() == $user->getUUID()) { return $user; } $key = $user->getAPIkey(); $hmac = trim($_SERVER['HTTP_X_KNOWN_SIGNATURE']); $compare_hmac = base64_encode(hash_hmac('sha256', $_SERVER['REQUEST_URI'], $key, true)); if ($hmac == $compare_hmac) { \Idno\Core\site()->session()->logUserOn($user); return $user; } } } // We're not logged in yet, so try and authenticate using other mechanism if ($return = site()->triggerEvent('user/auth/api', [], false)) { \Idno\Core\site()->session()->setIsAPIRequest(true); if (!\Idno\Common\Page::isSSL() && !\Idno\Core\site()->config()->disable_cleartext_warning) { \Idno\Core\site()->session()->addErrorMessage("Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini"); } } // If this is an API request but we're not logged in, set page response code to access denied if ($this->isAPIRequest() && !$return) { site()->currentPage()->setResponse(403); } return $return; }
function postContent() { $name = $this->getInput('name'); $handle = trim($this->getInput('handle')); $password = trim($this->getInput('password')); $password2 = trim($this->getInput('password2')); $email = trim($this->getInput('email')); $code = $this->getInput('code'); $onboarding = $this->getInput('onboarding'); /*if (!\Idno\Common\Page::isSSL() && !\Idno\Core\site()->config()->disable_cleartext_warning) { \Idno\Core\site()->session()->addErrorMessage("Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini"); }*/ if (empty(\Idno\Core\site()->config()->open_registration)) { if (!($invitation = \Idno\Entities\Invitation::validate($email, $code))) { \Idno\Core\site()->session()->addErrorMessage("Your invitation doesn't seem to be valid, or has expired."); $this->forward(\Idno\Core\site()->config()->getURL()); } else { // Removing this from here - invitation will be deleted once user is created //$invitation->delete(); // Remove the invitation; it's no longer needed } } $user = new \Idno\Entities\User(); if (empty($handle) && empty($email)) { \Idno\Core\site()->session()->addErrorMessage("Please enter a username and email address."); } else { if (!empty($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && strlen($handle) <= 32 && preg_match('/^[a-zA-Z0-9_]{1,}$/', $handle) && !substr_count($handle, '/') && $password == $password2 & \Idno\Entities\User::checkNewPasswordStrength($password)) { $user = new \Idno\Entities\User(); $user->email = $email; $user->handle = strtolower(trim($handle)); // Trim the handle and set it to lowercase $user->setPassword($password); $user->notifications['email'] = 'all'; if (empty($name)) { $name = $user->handle; } $user->setTitle($name); if (!\Idno\Entities\User::get()) { $user->setAdmin(true); $user->robot_state = '1'; // State for our happy robot helper if (\Idno\Core\site()->config()->title == 'New Known site') { if (!empty($_SESSION['set_name'])) { \Idno\Core\site()->config()->title = $_SESSION['set_name']; } else { \Idno\Core\site()->config()->title = $user->getTitle() . '\'s Known'; } \Idno\Core\site()->config()->theme = 'Solo'; \Idno\Core\site()->config()->open_registration = false; \Idno\Core\site()->config()->from_email = $user->email; \Idno\Core\site()->config()->save(); } \Idno\Core\site()->triggerEvent('site/firstadmin', array('user' => $user)); // Event hook for first admin } else { \Idno\Core\site()->triggerEvent('site/newuser', array('user' => $user)); // Event hook for new user } $user->save(); // Now we can remove the invitation if (!empty($invitation)) { if ($invitation instanceof Invitation) { $invitation->delete(); // Remove the invitation; it's no longer needed } } } else { if (empty($handle)) { \Idno\Core\site()->session()->addErrorMessage("Please create a username."); } if (strlen($handle) > 32) { \Idno\Core\site()->session()->addErrorMessage("Your username is too long."); } if (!preg_match('/^[a-zA-Z0-9_]{1,}$/', $handle)) { \Idno\Core\site()->session()->addErrorMessage("Usernames can only have letters, numbers and underscores."); } if (substr_count($handle, '/')) { \Idno\Core\site()->session()->addErrorMessage("Usernames can't contain a slash ('/') character."); } if (!empty($handleuser)) { \Idno\Core\site()->session()->addErrorMessage("Unfortunately, someone is already using that username. Please choose another."); } if (!empty($emailuser)) { \Idno\Core\site()->session()->addErrorMessage("Hey, it looks like there's already an account with that email address. Did you forget your login?"); } if (!\Idno\Entities\User::checkNewPasswordStrength($password) || $password != $password2) { \Idno\Core\site()->session()->addErrorMessage("Please check that your passwords match and that your password is at least 7 characters long."); } } } else { \Idno\Core\site()->session()->addErrorMessage("That doesn't seem like it's a valid email address."); } } if (!empty($user->_id)) { \Idno\Core\site()->session()->addMessage("You've registered! You're ready to get started. Why not add a status update to say hello?"); \Idno\Core\site()->session()->logUserOn($user); if (empty($onboarding)) { $this->forward(); } else { $this->forward(\Idno\Core\site()->config()->getURL() . 'begin/profile'); } } else { \Idno\Core\site()->session()->addMessageAtStart("We couldn't register you."); $this->forward($_SERVER['HTTP_REFERER']); } }
function postContent() { $this->adminGatekeeper(); // Admins only $action = $this->getInput('action'); switch ($action) { case 'add_rights': $uuid = $this->getInput('user'); if ($user = User::getByUUID($uuid)) { $user->setAdmin(true); $user->save(); \Idno\Core\site()->session()->addMessage($user->getTitle() . " was given administration rights."); } break; case 'remove_rights': $uuid = $this->getInput('user'); if ($user = User::getByUUID($uuid)) { $user->setAdmin(false); $user->save(); \Idno\Core\site()->session()->addMessage($user->getTitle() . " was stripped of their administration rights."); } break; case 'delete': $uuid = $this->getInput('user'); if ($user = User::getByUUID($uuid)) { if ($user->delete()) { \Idno\Core\site()->session()->addMessage($user->getTitle() . " was removed from your site."); } } break; case 'invite_users': $emails = $this->getInput('invitation_emails'); preg_match_all('/[a-z\\d._%\\+\\-]+@[a-z\\d.-]+\\.[a-z]{2,4}\\b/i', $emails, $matches); $invitation_count = 0; if (!empty($matches[0])) { if (is_array($matches[0])) { foreach ($matches[0] as $email) { if (!($user = User::getByEmail($email))) { $invitation = new Invitation(); if ($invitation->sendToEmail($email, \Idno\Core\site()->session()->currentUser()->email) !== 0) { $invitation_count++; } } } } } if ($invitation_count > 1) { \Idno\Core\site()->session()->addMessage("{$invitation_count} invitations were sent."); } else { if ($invitation_count == 1) { \Idno\Core\site()->session()->addMessage("Your invitation was sent."); } else { \Idno\Core\site()->session()->addMessage("No email addresses were found or all the people you invited are already members of this site."); } } break; case 'remove_invitation': $invitation_id = $this->getInput('invitation_id'); if ($invitation = Invitation::getByID($invitation_id)) { if ($invitation->delete()) { \Idno\Core\site()->session()->addMessage("The invitation was removed."); } } break; case 'resend_invitation': $invitation_id = $this->getInput('invitation_id'); if ($invitation = Invitation::getByID($invitation_id)) { $email = $invitation->email; if ($invitation->delete()) { $new_invitation = new Invitation(); if ($new_invitation->sendToEmail($email)) { \Idno\Core\site()->session()->addMessage("The invitation was resent."); } } } break; case 'add_user': if (!\Idno\Core\site()->config()->canAddUsers()) { \Idno\Core\site()->session()->addMessage("You can't add any more users to your site."); break; } $name = $this->getInput('name'); $handle = trim($this->getInput('handle')); $email = trim($this->getInput('email')); $password = trim($this->getInput('password1')); $password2 = trim($this->getInput('password2')); $user = new \Idno\Entities\User(); if (empty($password) || $password != $password2) { \Idno\Core\site()->session()->addMessage("Please make sure your passwords match and aren't empty."); } else { if (empty($handle) && empty($email)) { \Idno\Core\site()->session()->addMessage("Please enter a username and email address."); } else { if (!empty($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && strlen($handle) <= 32 && !substr_count($handle, '/')) { $user = new \Idno\Entities\User(); $user->email = $email; $user->handle = strtolower(trim($handle)); // Trim the handle and set it to lowercase $user->setPassword($password); if (empty($name)) { $name = $user->handle; } $user->setTitle($name); $user->save(); } else { if (empty($handle)) { \Idno\Core\site()->session()->addMessage("Please create a username."); } if (strlen($handle) > 32) { \Idno\Core\site()->session()->addMessage("Your username is too long."); } if (substr_count($handle, '/')) { \Idno\Core\site()->session()->addMessage("Usernames can't contain a slash ('/') character."); } if (!empty($handleuser)) { \Idno\Core\site()->session()->addMessage("Unfortunately, someone is already using that username. Please choose another."); } if (!empty($emailuser)) { \Idno\Core\site()->session()->addMessage("Hey, it looks like there's already an account with that email address. Did you forget your login?"); } } } else { \Idno\Core\site()->session()->addMessage("That doesn't seem like it's a valid email address."); } } } if (!empty($user->_id)) { \Idno\Core\site()->session()->addMessage("User " . $user->getHandle() . " was created. You may wish to email them to let them know."); } else { \Idno\Core\site()->session()->addMessageAtStart("We couldn't register that user."); } break; case 'block_emails': $emails = $this->getInput('blocked_emails'); preg_match_all('/[a-z\\d._%+-]+@[a-z\\d.-]+\\.[a-z]{2,4}\\b/i', $emails, $matches); $block_count = 0; if (!empty($matches[0])) { if (is_array($matches[0])) { foreach ($matches[0] as $email) { if (\Idno\Core\site()->config()->addBlockedEmail($email)) { $block_count++; } } \Idno\Core\site()->config()->save(); } } if ($block_count > 1) { \Idno\Core\site()->session()->addMessage("{$block_count} emails were blocked."); } else { if ($block_count == 1) { \Idno\Core\site()->session()->addMessage("The email address was blocked."); } else { \Idno\Core\site()->session()->addMessage("No email addresses were found."); } } break; case 'unblock_emails': $emails = $this->getInput('blocked_emails'); preg_match_all('/[a-z\\d._%+-]+@[a-z\\d.-]+\\.[a-z]{2,4}\\b/i', $emails, $matches); $block_count = 0; if (!empty($matches[0])) { if (is_array($matches[0])) { foreach ($matches[0] as $email) { if (\Idno\Core\site()->config()->removeBlockedEmail($email)) { $block_count++; } } \Idno\Core\site()->config()->save(); } } if ($block_count > 1) { \Idno\Core\site()->session()->addMessage("{$block_count} emails were unblocked."); } else { if ($block_count == 1) { \Idno\Core\site()->session()->addMessage("The email address was unblocked."); } else { \Idno\Core\site()->session()->addMessage("No email addresses were found."); } } break; } $this->forward(\Idno\Core\site()->config()->getURL() . 'admin/users'); }
/** * A webmention to our profile page means someone mentioned us. */ function webmentionContent($source, $target, $source_response, $source_mf2) { Idno::site()->logging()->info("received user mention from {$source} to {$target}"); if (empty($this->arguments)) { Idno::site()->logging()->debug("could not process user mention, no pagehandler arguments"); return false; } $user = User::getByHandle($this->arguments[0]); if (empty($user)) { Idno::site()->logging()->debug('could not process user mention, no user for handle ' . $this->arguments[0]); return false; } Idno::site()->logging()->debug("found target user {$user->getHandle()}"); // if this is anything other than a normal mention (e.g. a delete), accept the wm, but do nothing if ($source_response['response'] !== 200) { return true; } $title = Webmention::getTitleFromContent($source_response['content'], $source); $mention = ['permalink' => $source, 'title' => $title]; // look for the first and only h-entry or h-event on the page $entry = Webmention::findRepresentativeHEntry($source_mf2, $source, ['h-entry', 'h-event']); $card = Webmention::findAuthorHCard($source_mf2, $source, $entry); // try to get some more specific details of the mention from mf2 content if ($entry) { if (!empty($entry['properties']['url'])) { $mention['permalink'] = $entry['properties']['url'][0]; } if (!empty($entry['properties']['content'])) { $content = $entry['properties']['content'][0]; $mention['content'] = Idno::site()->template()->sanitize_html(is_array($content) ? $content['html'] : $content); } } $sender_url = false; if ($card) { if (!empty($card['properties']['url'])) { $sender_url = $card['properties']['url'][0]; $mention['owner_url'] = $card['properties']['url'][0]; } if (!empty($card['properties']['name'])) { $mention['owner_name'] = $card['properties']['name'][0]; } } $message = 'You were mentioned'; if (isset($mention['owner_name'])) { $message .= ' by ' . $mention['owner_name']; } $message .= ' on ' . parse_url($mention['permalink'], PHP_URL_HOST); $notif = new Notification(); if ($notif->setNotificationKey(['mention', $user->getUUID(), $source, $target])) { $notif->setOwner($user); $notif->setMessage($message); $notif->setMessageTemplate('content/notification/mention'); $notif->setActor($sender_url); $notif->setVerb('mention'); $notif->setObject($mention); $notif->setTarget($user); $notif->save(); $user->notify($notif); } else { \Idno\Core\Idno::site()->logging()->debug("ignoring duplicate notification", ['source' => $source, 'target' => $target, 'user' => $user->getHandle()]); } return true; }
/** * Checks HTTP request headers to see if the request has been properly * signed for API access, and if so, log the user on and return the user * * @return \Idno\Entities\User|false The logged-in user, or false otherwise */ function APIlogin() { if (!empty($_SERVER['HTTP_X_KNOWN_USERNAME']) && !empty($_SERVER['HTTP_X_KNOWN_SIGNATURE'])) { \Idno\Core\Idno::site()->session()->setIsAPIRequest(true); if (!\Idno\Common\Page::isSSL() && !\Idno\Core\Idno::site()->config()->disable_cleartext_warning) { \Idno\Core\Idno::site()->session()->addErrorMessage("Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini"); } $t = \Idno\Core\Idno::site()->currentPage()->getInput('_t'); if (empty($t)) { \Idno\Core\Idno::site()->template()->setTemplateType('json'); } if ($user = \Idno\Entities\User::getByHandle($_SERVER['HTTP_X_KNOWN_USERNAME'])) { $key = $user->getAPIkey(); $hmac = trim($_SERVER['HTTP_X_KNOWN_SIGNATURE']); //$compare_hmac = base64_encode(hash_hmac('sha256', explode('?', $_SERVER['REQUEST_URI'])[0], $key, true)); $compare_hmac = base64_encode(hash_hmac('sha256', $_SERVER['REQUEST_URI'], $key, true)); if ($hmac == $compare_hmac) { \Idno\Core\Idno::site()->session()->logUserOn($user); return $user; } } } // We're not logged in yet, so try and authenticate using other mechanism if ($return = \Idno\Core\Idno::site()->triggerEvent('user/auth/api', [], false)) { \Idno\Core\Idno::site()->session()->setIsAPIRequest(true); if (!\Idno\Common\Page::isSSL() && !\Idno\Core\Idno::site()->config()->disable_cleartext_warning) { \Idno\Core\Idno::site()->session()->addErrorMessage("Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini"); } } // If this is an API request but we're not logged in, set page response code to access denied if ($this->isAPIRequest() && !$return) { $ip = $_SERVER['REMOTE_ADDR']; if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $proxies = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); // We are behind a proxy $ip = trim($proxies[0]); } \Idno\Core\Idno::site()->logging()->log("API Login failure from {$ip}", LOGLEVEL_ERROR); //\Idno\Core\Idno::site()->triggerEvent('login/failure/api'); // Can't be used until #918 is fixed. \Idno\Core\Idno::site()->currentPage()->deniedContent(); } return $return; }
function postContent() { $name = $this->getInput('name'); $handle = trim($this->getInput('handle')); $password = trim($this->getInput('password')); $password2 = trim($this->getInput('password2')); $email = trim($this->getInput('email')); $code = $this->getInput('code'); $onboarding = $this->getInput('onboarding'); if (empty(\Idno\Core\site()->config()->open_registration)) { if (!($invitation = \Idno\Entities\Invitation::validate($email, $code))) { \Idno\Core\site()->session()->addMessage("Your invitation doesn't seem to be valid or has expired."); $this->forward(\Idno\Core\site()->config()->getURL()); } else { // Removing this from here - invitation will be deleted once user is created //$invitation->delete(); // Remove the invitation; it's no longer needed } } $user = new \Idno\Entities\User(); if (empty($handle) && empty($email)) { \Idno\Core\site()->session()->addMessage("Please enter a username and email address."); } else { if (!empty($email) && filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!($emailuser = \Idno\Entities\User::getByEmail($email)) && !($handleuser = \Idno\Entities\User::getByHandle($handle)) && !empty($handle) && strlen($handle <= 32) && !substr_count($handle, '/') && $password == $password2 && strlen($password) > 4) { $user = new \Idno\Entities\User(); $user->email = $email; $user->handle = strtolower(trim($handle)); // Trim the handle and set it to lowercase $user->setPassword($password); if (empty($name)) { $name = $user->handle; } $user->setTitle($name); if (!\Idno\Entities\User::get()) { $user->setAdmin(true); $user->robot_state = 1; // State for our happy robot helper if (\Idno\Core\site()->config()->title == 'New Known site') { if (!empty($_SESSION['set_name'])) { \Idno\Core\site()->config()->title = $_SESSION['set_name']; } else { \Idno\Core\site()->config()->title = $user->getTitle() . '\'s Known'; } \Idno\Core\site()->config()->open_registration = false; \Idno\Core\site()->config()->from_email = $user->email; \Idno\Core\site()->config()->save(); } } $user->save(); \Idno\Core\site()->triggerEvent('site/firstadmin', ['user' => $user]); // Event hook for first admin // Now we can remove the invitation if ($invitation instanceof Invitation) { $invitation->delete(); // Remove the invitation; it's no longer needed } } else { if (empty($handle)) { \Idno\Core\site()->session()->addMessage("Please create a username."); } else { if (strlen($handle) > 32) { \Idno\Core\site()->session()->addMessage("Your username is too long."); } else { if (substr_count($handle, '/')) { \Idno\Core\site()->session()->addMessage("Usernames can't contain a slash ('/') character."); } else { if (!empty($handleuser)) { \Idno\Core\site()->session()->addMessage("Unfortunately, someone is already using that username. Please choose another."); } } } } if (!empty($emailuser)) { \Idno\Core\site()->session()->addMessage("Hey, it looks like there's already an account with that email address. Did you forget your login?"); } if ($password != $password2 || strlen($password) <= 4) { \Idno\Core\site()->session()->addMessage("Please check that your passwords match and that your password is over four characters long."); } } } else { \Idno\Core\site()->session()->addMessage("That doesn't seem like it's a valid email address."); } } if (!empty($user->_id)) { \Idno\Core\site()->session()->addMessage("You've registered! You're ready to get started. Why not add some profile information?"); \Idno\Core\site()->session()->logUserOn($user); if (empty($onboarding)) { $this->forward($user->getURL()); } else { $this->forward(\Idno\Core\site()->config()->getURL() . 'begin/profile'); } } else { \Idno\Core\site()->session()->addMessageAtStart("We couldn't register you."); $this->forward($_SERVER['HTTP_REFERER']); } }
/** * Called at the beginning of each request handler, attempts to authorize the request. * * Checks HTTP request headers to see if the request has been properly * signed for API access. * * If this is not an API request, then check the session for the logged in user's credentials. * * Triggers "user/auth/request" to give plugins an opportunity to implement their own auth mechanism. * Then "user/auth/success" or "user/auth/failure" depending on if a user was found for the provided credentials. * * @return \Idno\Entities\User|false The logged-in user, or false otherwise */ function tryAuthUser() { // attempt to delegate auth to a plugin (note: plugin is responsible for calling setIsAPIRequest or not) $return = \Idno\Core\Idno::site()->triggerEvent('user/auth/request', [], false); // auth standard API requests if (!$return && !empty($_SERVER['HTTP_X_KNOWN_USERNAME']) && !empty($_SERVER['HTTP_X_KNOWN_SIGNATURE'])) { \Idno\Core\Idno::site()->logging()->log("Attempting to auth via API credentials", LOGLEVEL_DEBUG); $this->setIsAPIRequest(true); $t = \Idno\Core\Idno::site()->currentPage()->getInput('_t'); if (empty($t)) { \Idno\Core\Idno::site()->template()->setTemplateType('json'); } if ($user = \Idno\Entities\User::getByHandle($_SERVER['HTTP_X_KNOWN_USERNAME'])) { \Idno\Core\Idno::site()->logging()->log("API auth found user by username: "******"API auth verified signature for user: "******"API auth failed signature validation for user: "******"Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini"); } // If this is an API request but we're not logged in, set page response code to access denied if (!$return) { $ip = $_SERVER['REMOTE_ADDR']; if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $proxies = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); // We are behind a proxy $ip = trim($proxies[0]); } \Idno\Core\Idno::site()->logging()->log("API Login failure from {$ip}", LOGLEVEL_ERROR); \Idno\Core\Idno::site()->currentPage()->deniedContent(); } } $return = \Idno\Core\Idno::site()->triggerEvent($return ? "user/auth/success" : "user/auth/failure", array("user" => $return, "is api" => $this->isAPIRequest()), $return); return $return; }
/** * Change @user links into active users. * @param type $text The text to parse * @param type $in_reply_to If specified, the function will make a (hopefully) sensible guess as to where the user is located */ function parseUsers($text, $in_reply_to = null) { $r = $text; if (!empty($in_reply_to)) { // TODO: do this in a more pluggable way // It is only safe to make assumptions on @users if only one reply to is given if (!is_array($in_reply_to) || is_array($in_reply_to) && count($in_reply_to) == 1) { if (is_array($in_reply_to)) { $in_reply_to = $in_reply_to[0]; } $r = preg_replace_callback('/(?<=^|[\\>\\s\\n\\.])(\\@[\\w0-9\\_]+)/i', function ($matches) use($in_reply_to) { $url = $matches[1]; // Find and replace twitter if (strpos($in_reply_to, 'twitter.com') !== false) { return '<a href="https://twitter.com/' . urlencode(ltrim($matches[1], '@')) . '" >' . $url . '</a>'; // Activate github } else { if (strpos($in_reply_to, 'github.com') !== false) { return '<a href="https://github.com/' . urlencode(ltrim($matches[1], '@')) . '" >' . $url . '</a>'; } else { return $url; } } }, $text); } } else { // No in-reply, so we assume a local user $r = preg_replace_callback('/(?<=^|[\\>\\s\\n])(\\@[A-Za-z0-9\\_]+)/i', function ($matches) { $url = $matches[1]; $username = ltrim($matches[1], '@'); if ($user = User::getByHandle($username)) { return '<a href="' . \Idno\Core\Idno::site()->config()->url . 'profile/' . urlencode($username) . '" >' . $url . '</a>'; } else { return $url; } }, $text); } return $r; }
/** * Checks HTTP request headers to see if the request has been properly * signed for API access, and if so, log the user on and return the user * * @return \Idno\Entities\User|false The logged-in user, or false otherwise */ function APIlogin() { if (!empty($_SERVER['HTTP_X_KNOWN_USERNAME']) && !empty($_SERVER['HTTP_X_KNOWN_SIGNATURE'])) { if ($user = \Idno\Entities\User::getByHandle($_SERVER['HTTP_X_KNOWN_USERNAME'])) { $key = $user->getAPIkey(); $hmac = trim($_SERVER['HTTP_X_KNOWN_SIGNATURE']); $compare_hmac = base64_encode(hash_hmac('sha256', $_SERVER['REQUEST_URI'], $key, true)); if ($hmac == $compare_hmac) { \Idno\Core\site()->session()->logUserOn($user); \Idno\Core\site()->session()->setIsAPIRequest(true); return $user; } } } return false; }