public static function generate_jwt($user, $expire)
{
$issuedAt = time();
$tokenId = base64_encode(Random::key(32));
$serverName = Config::get('serverName');
/*
* Create the token as an array
*/
$data = ['iat' => $issuedAt, 'jti' => $tokenId, 'iss' => $serverName, 'exp' => $expire, 'data' => ['userId' => $user->id, 'userName' => $user->username]];
/*
* Extract the key, which is coming from the config file.
*
* Generated with base64_encode(openssl_random_pseudo_bytes(64));
*/
$secretKey = base64_decode(ForumSettings::get('jwt_token'));
/*
* Extract the algorithm from the config file too
*/
$algorithm = ForumSettings::get('jwt_algorithm');
/*
* Encode the array to a JWT string.
* Second parameter is the key to encode the token.
*
* The output string can be validated at http://jwt.io/
*/
$jwt = JWT::encode($data, $secretKey, $algorithm);
return $jwt;
}
public function insert_user($user)
{
$user = Container::get('hooks')->fire('model.register.insert_user_start', $user);
// Insert the new user into the database. We do this now to get the last inserted ID for later use
$now = time();
$intial_group_id = ForumSettings::get('o_regs_verify') == '0' ? ForumSettings::get('o_default_user_group') : ForumEnv::get('FEATHER_UNVERIFIED');
$password_hash = Random::hash($user['password1']);
// Add the user
$user['insert'] = array('username' => $user['username'], 'group_id' => $intial_group_id, 'password' => $password_hash, 'email' => $user['email1'], 'email_setting' => ForumSettings::get('o_default_email_setting'), 'timezone' => ForumSettings::get('o_default_timezone'), 'dst' => 0, 'language' => $user['language'], 'style' => ForumSettings::get('o_default_style'), 'registered' => $now, 'registration_ip' => Utils::getIp(), 'last_visit' => $now);
$user = DB::for_table('users')->create()->set($user['insert']);
$user = Container::get('hooks')->fireDB('model.register.insert_user_query', $user);
$user = $user->save();
$new_uid = DB::get_db()->lastInsertId(ForumSettings::get('db_prefix') . 'users');
// If the mailing list isn't empty, we may need to send out some alerts
if (ForumSettings::get('o_mailing_list') != '') {
// If we previously found out that the email was banned
if (isset($user['banned_email'])) {
// Load the "banned email register" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/banned_email_register.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.register.insert_user_banned_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.register.insert_user_banned_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<email>', $user['email1'], $mail_message);
$mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.register.insert_user_banned_mail_message', $mail_message);
Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
}
// If we previously found out that the email was a dupe
if (!empty($dupe_list)) {
// Load the "dupe email register" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/dupe_email_register.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
$mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_message', $mail_message);
Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
}
// Should we alert people on the admin mailing list that a new user has registered?
if (ForumSettings::get('o_regs_report') == '1') {
// Load the "new user" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/new_user.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.register.insert_user_new_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.register.insert_user_new_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<base_url>', Router::pathFor('home'), $mail_message);
$mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<admin_url>', Router::pathFor('profileSection', ['id' => $new_uid, 'section' => 'admin']), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.register.insert_user_new_mail_message', $mail_message);
Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
}
}
// Must the user verify the registration or do we log him/her in right now?
if (ForumSettings::get('o_regs_verify') == '1') {
// Load the "welcome" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/welcome.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_subject = str_replace('<board_title>', ForumSettings::get('o_board_title'), $mail_subject);
$mail_message = str_replace('<base_url>', Router::pathFor('home'), $mail_message);
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<password>', $user['password1'], $mail_message);
$mail_message = str_replace('<login_url>', Router::pathFor('login'), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_message', $mail_message);
Container::get('email')->feather_mail($user['email1'], $mail_subject, $mail_message);
return Router::redirect(Router::pathFor('home'), __('Reg email') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.');
}
$user_object = new \stdClass();
$user_object->id = $new_uid;
$user_object->username = $user['username'];
$expire = time() + ForumSettings::get('o_timeout_visit');
$jwt = AuthModel::generate_jwt($user_object, $expire);
AuthModel::feather_setcookie('Bearer ' . $jwt, $expire);
// Refresh cache
Container::get('cache')->store('users_info', Cache::get_users_info());
Container::get('hooks')->fire('model.register.insert_user');
return Router::redirect(Router::pathFor('home'), __('Reg complete'));
}
}
if (ForumSettings::get('o_rules') == '1' && (!User::get()->is_guest || User::get()->g_read_board == '1' || ForumSettings::get('o_regs_allow') == '1')) {
$navlinks[] = '<li id="navrules"' . ($active_page == 'rules' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('rules') . '">' . __('Rules') . '</a></li>';
}
if (User::get()->g_read_board == '1' && User::get()->g_search == '1') {
$navlinks[] = '<li id="navsearch"' . ($active_page == 'search' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('search') . '">' . __('Search') . '</a></li>';
}
if (User::get()->is_guest) {
$navlinks[] = '<li id="navregister"' . ($active_page == 'register' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('register') . '">' . __('Register') . '</a></li>';
$navlinks[] = '<li id="navlogin"' . ($active_page == 'login' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('login') . '">' . __('Login') . '</a></li>';
} else {
$navlinks[] = '<li id="navprofile"' . ($active_page == 'profile' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('userProfile', ['id' => User::get()->id]) . '">' . __('Profile') . '</a></li>';
if (User::get()->is_admmod) {
$navlinks[] = '<li id="navadmin"' . ($active_page == 'admin' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('adminIndex') . '">' . __('Admin') . '</a></li>';
}
$navlinks[] = '<li id="navlogout"><a href="' . Router::pathFor('logout', ['token' => Random::hash(User::get()->id . Random::hash(Utils::getIp()))]) . '">' . __('Logout') . '</a></li>';
}
// Are there any additional navlinks we should insert into the array before imploding it?
$hooksLinks = Container::get('hooks')->fire('view.header.navlinks', []);
$extraLinks = ForumSettings::get('o_additional_navlinks') . "\n" . implode("\n", $hooksLinks);
if (User::get()->g_read_board == '1' && $extraLinks != '') {
if (preg_match_all('%([0-9]+)\\s*=\\s*(.*?)\\n%s', $extraLinks . "\n", $results)) {
// Insert any additional links into the $links array (at the correct index)
$num_links = count($results[1]);
for ($i = 0; $i < $num_links; ++$i) {
array_splice($navlinks, $results[1][$i], 0, array('<li id="navextra' . ($i + 1) . '"' . ($active_page == 'navextra' . ($i + 1) ? ' class="isactive"' : '') . '>' . $results[2][$i] . '</li>'));
}
}
}
echo "\t\t\t" . implode("\n\t\t\t", $navlinks);
?>
public function change_email($id)
{
$id = Container::get('hooks')->fire('model.profile.change_email_start', $id);
// Make sure we are allowed to change this user's email
if (User::get()->id != $id) {
$id = Container::get('hooks')->fire('model.profile.change_email_not_id', $id);
if (!User::get()->is_admmod) {
// A regular user trying to change another user's email?
throw new Error(__('No permission'), 403);
} elseif (User::get()->g_moderator == '1') {
// A moderator trying to change a user's email?
$user['select'] = array('u.group_id', 'g.g_moderator');
$user = DB::for_table('users')->table_alias('u')->select_many($user['select'])->inner_join('groups', array('g.g_id', '=', 'u.group_id'), 'g')->where('u.id', $id);
$user = Container::get('hooks')->fireDB('model.profile.change_email_not_id_query', $user);
$user = $user->find_one();
if (!$user) {
throw new Error(__('Bad request'), 404);
}
if (User::get()->g_mod_edit_users == '0' || User::get()->g_mod_change_passwords == '0' || $user['group_id'] == ForumEnv::get('FEATHER_ADMIN') || $user['g_moderator'] == '1') {
throw new Error(__('No permission'), 403);
}
}
}
if (Input::query('key')) {
$key = Input::query('key');
$key = Container::get('hooks')->fire('model.profile.change_email_key', $key);
$new_email_key = DB::for_table('users')->where('id', $id);
$new_email_key = Container::get('hooks')->fireDB('model.profile.change_email_key_query', $new_email_key);
$new_email_key = $new_email_key->find_one_col('activate_key');
if ($key == '' || $key != $new_email_key) {
throw new Error(__('Email key bad') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.', 400);
} else {
$update_mail = DB::for_table('users')->where('id', $id)->find_one()->set_expr('email', 'activate_string')->set_expr('activate_string', 'NULL')->set_expr('activate_key', 'NULL');
$update_mail = Container::get('hooks')->fireDB('model.profile.change_email_query', $update_mail);
$update_mail = $update_mail->save();
return Router::redirect(Router::pathFor('home'), __('Email updated'));
}
} elseif (Request::isPost()) {
Container::get('hooks')->fire('model.profile.change_email_post');
if (Random::hash(Input::post('req_password')) !== User::get()->password) {
throw new Error(__('Wrong pass'));
}
// Validate the email address
$new_email = strtolower(Utils::trim(Input::post('req_new_email')));
$new_email = Container::get('hooks')->fire('model.profile.change_email_new_email', $new_email);
if (!Container::get('email')->is_valid_email($new_email)) {
throw new Error(__('Invalid email'), 400);
}
// Check if it's a banned email address
if (Container::get('email')->is_banned_email($new_email)) {
if (ForumSettings::get('p_allow_banned_email') == '0') {
throw new Error(__('Banned email'), 403);
} elseif (ForumSettings::get('o_mailing_list') != '') {
// Load the "banned email change" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/banned_email_change.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.profile.change_email_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.profile.change_email_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', User::get()->username, $mail_message);
$mail_message = str_replace('<email>', $new_email, $mail_message);
$mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $id]), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.profile.change_email_mail_message', $mail_message);
Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
}
}
// Check if someone else already has registered with that email address
$result['select'] = array('id', 'username');
$result = DB::for_table('users')->select_many($result['select'])->where('email', $new_email);
$result = Container::get('hooks')->fireDB('model.profile.change_email_check_mail', $result);
$result = $result->find_many();
if ($result) {
if (ForumSettings::get('p_allow_dupe_email') == '0') {
throw new Error(__('Dupe email'), 400);
} elseif (ForumSettings::get('o_mailing_list') != '') {
foreach ($result as $cur_dupe) {
$dupe_list[] = $cur_dupe['username'];
}
// Load the "dupe email change" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/dupe_email_change.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.profile.change_email_mail_dupe_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.profile.change_email_mail_dupe_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', User::get()->username, $mail_message);
$mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
$mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $id]), $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.profile.change_email_mail_dupe_message', $mail_message);
Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message);
}
}
$new_email_key = Random::pass(8);
$new_email_key = Container::get('hooks')->fire('model.profile.change_email_new_email_key', $new_email_key);
// Update the user
unset($user);
$user['update'] = array('activate_string' => $new_email, 'activate_key' => $new_email_key);
$user = DB::for_table('users')->where('id', tid)->find_one()->set($user['update']);
$user = Container::get('hooks')->fireDB('model.profile.change_email_user_query', $user);
$user = $user->save();
// Load the "activate email" template
$mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/activate_email.tpl'));
$mail_tpl = Container::get('hooks')->fire('model.profile.change_email_mail_activate_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = Container::get('hooks')->fire('model.profile.change_email_mail_activate_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', User::get()->username, $mail_message);
$mail_message = str_replace('<base_url>', Url::base(), $mail_message);
$mail_message = str_replace('<activation_url>', Router::pathFor('profileAction', ['id' => $id, 'action' => 'change_email']) . '?key=' . $new_email_key, $mail_message);
$mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message);
$mail_message = Container::get('hooks')->fire('model.profile.change_email_mail_activate_message', $mail_message);
Container::get('email')->feather_mail($new_email, $mail_subject, $mail_message);
Container::get('hooks')->fire('model.profile.change_email_sent');
throw new Error(__('Activate email sent') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.', true);
}
Container::get('hooks')->fire('model.profile.change_email');
}
}
if ($feather->forum_settings['o_rules'] == '1' && (!$feather->user->is_guest || $feather->user->g_read_board == '1' || $feather->forum_settings['o_regs_allow'] == '1')) {
echo "\t\t\t\t\t\t" . '<li id="navrules"' . ($active_page == 'rules' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('rules') . '">' . __('Rules') . '</a></li>' . "\n";
}
if ($feather->user->g_read_board == '1' && $feather->user->g_search == '1') {
echo "\t\t\t\t\t\t" . '<li id="navsearch"' . ($active_page == 'search' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('search') . '">' . __('Search') . '</a></li>' . "\n";
}
if ($feather->user->is_guest) {
echo "\t\t\t\t\t\t" . '<li id="navregister"' . ($active_page == 'register' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('register') . '">' . __('Register') . '</a></li>' . "\n";
echo "\t\t\t\t\t\t" . '<li id="navlogin"' . ($active_page == 'login' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('login') . '">' . __('Login') . '</a></li>' . "\n";
} else {
echo "\t\t\t\t\t\t" . '<li id="navprofile"' . ($active_page == 'profile' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('userProfile', ['id' => $feather->user->id]) . '">' . __('Profile') . '</a></li>' . "\n";
if ($feather->user->is_admmod) {
echo "\t\t\t\t\t\t" . '<li id="navadmin"' . ($active_page == 'admin' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('adminIndex') . '">' . __('Admin') . '</a></li>' . "\n";
}
echo "\t\t\t\t\t\t" . '<li id="navlogout"><a href="' . $feather->urlFor('logout', ['token' => Random::hash($feather->user->id . Random::hash($feather->request->getIp()))]) . '">' . __('Logout') . '</a></li>' . "\n";
}
// // Are there any additional navlinks we should insert into the array before imploding it?
// if ($feather->user->g_read_board == '1' && $feather->forum_settings['o_additional_navlinks'] != '') {
// if (preg_match_all('%([0-9]+)\s*=\s*(.*?)\n%s', $feather->forum_settings['o_additional_navlinks']."\n", $extra_links)) {
// // Insert any additional links into the $links array (at the correct index)
// $num_links = count($extra_links[1]);
// for ($i = 0; $i < $num_links; ++$i) {
// array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra'.($i + 1).'">'.$extra_links[2][$i].'</li>'));
// }
// }
// }
?>
</ul>
</div>
<div class="navbar-right">
public function call()
{
global $feather_bans;
if ($cookie = $this->get_cookie_data($this->app->forum_settings['cookie_name'], $this->app->forum_settings['cookie_seed'])) {
$this->app->user = $this->model->load_user($cookie['user_id']);
$expires = $cookie['expires'] > $this->app->now + $this->app->forum_settings['o_timeout_visit'] ? $this->app->now + 1209600 : $this->app->now + $this->app->forum_settings['o_timeout_visit'];
$this->app->user->is_guest = false;
$this->app->user->is_admmod = $this->app->user->g_id == $this->app->forum_env['FEATHER_ADMIN'] || $this->app->user->g_moderator == '1';
if (!$this->app->user->disp_topics) {
$this->app->user->disp_topics = $this->app->forum_settings['o_disp_topics_default'];
}
if (!$this->app->user->disp_posts) {
$this->app->user->disp_posts = $this->app->forum_settings['o_disp_posts_default'];
}
if (!file_exists($this->app->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->app->user->language)) {
$this->app->user->language = $this->app->forum_settings['o_default_lang'];
}
if (!file_exists($this->app->forum_env['FEATHER_ROOT'] . 'style/themes/' . $this->app->user->style . '/style.css')) {
$this->app->user->style = $this->app->forum_settings['o_default_style'];
}
$this->model->feather_setcookie($this->app->user->id, $this->app->user->password, $expires);
$this->update_online();
} else {
$this->app->user = $this->model->load_user(1);
$this->app->user->disp_topics = $this->app->forum_settings['o_disp_topics_default'];
$this->app->user->disp_posts = $this->app->forum_settings['o_disp_posts_default'];
$this->app->user->timezone = $this->app->forum_settings['o_default_timezone'];
$this->app->user->dst = $this->app->forum_settings['o_default_dst'];
$this->app->user->language = $this->app->forum_settings['o_default_lang'];
$this->app->user->style = $this->app->forum_settings['o_default_style'];
$this->app->user->is_guest = true;
$this->app->user->is_admmod = false;
// Update online list
if (!$this->app->user->logged) {
$this->app->user->logged = time();
// With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
switch ($this->app->forum_settings['db_type']) {
case 'mysql':
case 'mysqli':
case 'mysql_innodb':
case 'mysqli_innodb':
case 'sqlite':
case 'sqlite3':
DB::for_table('online')->raw_execute('REPLACE INTO ' . $this->app->forum_settings['db_prefix'] . 'online (user_id, ident, logged) VALUES(1, :ident, :logged)', array(':ident' => $this->app->request->getIp(), ':logged' => $this->app->user->logged));
break;
default:
DB::for_table('online')->raw_execute('INSERT INTO ' . $this->app->forum_settings['db_prefix'] . 'online (user_id, ident, logged) SELECT 1, :ident, :logged WHERE NOT EXISTS (SELECT 1 FROM ' . $this->app->db->prefix . 'online WHERE ident=:ident)', array(':ident' => $this->app->request->getIp(), ':logged' => $this->app->user->logged));
break;
}
} else {
DB::for_table('online')->where('ident', $this->app->request->getIp())->update_many('logged', time());
}
$this->model->feather_setcookie(1, Random::hash(uniqid(rand(), true)), $this->app->now + 31536000);
}
load_textdomain('featherbb', $this->app->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->app->user->language . '/common.mo');
// Load bans from cache
if (!$this->app->cache->isCached('bans')) {
$this->app->cache->store('bans', Cache::get_bans());
}
$feather_bans = $this->app->cache->retrieve('bans');
// Check if current user is banned
$this->check_bans();
// Update online list
$this->update_users_online();
$this->next->call();
}
public function insert_user($user)
{
$user = $this->hook->fire('insert_user_start', $user);
// Insert the new user into the database. We do this now to get the last inserted ID for later use
$now = time();
$intial_group_id = $this->config['o_regs_verify'] == '0' ? $this->config['o_default_user_group'] : $this->feather->forum_env['FEATHER_UNVERIFIED'];
$password_hash = Random::hash($user['password1']);
// Add the user
$user['insert'] = array('username' => $user['username'], 'group_id' => $intial_group_id, 'password' => $password_hash, 'email' => $user['email1'], 'email_setting' => $this->config['o_default_email_setting'], 'timezone' => $this->config['o_default_timezone'], 'dst' => 0, 'language' => $user['language'], 'style' => $this->config['o_default_style'], 'registered' => $now, 'registration_ip' => $this->request->getIp(), 'last_visit' => $now);
$user = DB::for_table('users')->create()->set($user['insert']);
$user = $this->hook->fireDB('insert_user_query', $user);
$user = $user->save();
$new_uid = DB::get_db()->lastInsertId($this->feather->forum_settings['db_prefix'] . 'users');
if ($this->config['o_regs_verify'] == '0') {
// Regenerate the users info cache
if (!$this->feather->cache->isCached('users_info')) {
$this->feather->cache->store('users_info', Cache::get_users_info());
}
$stats = $this->feather->cache->retrieve('users_info');
}
// If the mailing list isn't empty, we may need to send out some alerts
if ($this->config['o_mailing_list'] != '') {
// If we previously found out that the email was banned
if (isset($user['banned_email'])) {
// Load the "banned email register" template
$mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/banned_email_register.tpl'));
$mail_tpl = $this->hook->fire('insert_user_banned_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = $this->hook->fire('insert_user_banned_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<email>', $user['email1'], $mail_message);
$mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
$mail_message = $this->hook->fire('insert_user_banned_mail_message', $mail_message);
$this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
// If we previously found out that the email was a dupe
if (!empty($dupe_list)) {
// Load the "dupe email register" template
$mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/dupe_email_register.tpl'));
$mail_tpl = $this->hook->fire('insert_user_dupe_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = $this->hook->fire('insert_user_dupe_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
$mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
$mail_message = $this->hook->fire('insert_user_dupe_mail_message', $mail_message);
$this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
// Should we alert people on the admin mailing list that a new user has registered?
if ($this->config['o_regs_report'] == '1') {
// Load the "new user" template
$mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/new_user.tpl'));
$mail_tpl = $this->hook->fire('insert_user_new_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = $this->hook->fire('insert_user_new_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<base_url>', $this->feather->urlFor('home'), $mail_message);
$mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message);
$mail_message = str_replace('<admin_url>', $this->feather->urlFor('profileSection', ['id' => $new_uid, 'section' => 'admin']), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
$mail_message = $this->hook->fire('insert_user_new_mail_message', $mail_message);
$this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
}
// Must the user verify the registration or do we log him/her in right now?
if ($this->config['o_regs_verify'] == '1') {
// Load the "welcome" template
$mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/welcome.tpl'));
$mail_tpl = $this->hook->fire('insert_user_welcome_mail_tpl', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_subject = $this->hook->fire('insert_user_welcome_mail_subject', $mail_subject);
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_subject = str_replace('<board_title>', $this->config['o_board_title'], $mail_subject);
$mail_message = str_replace('<base_url>', $this->feather->urlFor('home'), $mail_message);
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<password>', $user['password1'], $mail_message);
$mail_message = str_replace('<login_url>', $this->feather->urlFor('login'), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
$mail_message = $this->hook->fire('insert_user_welcome_mail_message', $mail_message);
$this->email->feather_mail($user['email1'], $mail_subject, $mail_message);
Url::redirect($this->feather->urlFor('home'), __('Reg email') . ' <a href="mailto:' . Utils::escape($this->config['o_admin_email']) . '">' . Utils::escape($this->config['o_admin_email']) . '</a>.');
}
$this->auth->feather_setcookie($new_uid, $password_hash, time() + $this->config['o_timeout_visit']);
$this->hook->fire('insert_user');
Url::redirect($this->feather->urlFor('home'), __('Reg complete'));
}
public function create_config(array $data)
{
Container::get('hooks')->fire('controller.install.create_config');
// Generate config ...
$config = array();
foreach ($data as $key => $value) {
if (in_array($key, $this->config_keys)) {
$config[$key] = $value;
}
}
$config = array_merge($config, array('cookie_name' => mb_strtolower(ForumEnv::get('FORUM_NAME')) . '_cookie_' . Random::key(7, false, true), 'jwt_token' => base64_encode(Random::secure_random_bytes(64)), 'jwt_algorithm' => 'HS512'));
// ... And write it on disk
if ($this->write_config($config)) {
return $this->create_db($data);
} else {
// TODO: Translate
return Router::redirect(Router::pathFor('install'), ['error', 'Error while writing config file']);
}
}
public function create_config(array $data)
{
// Generate config ...
$config = array();
foreach ($data as $key => $value) {
if (in_array($key, $this->config_keys)) {
$config[$key] = $value;
}
}
$config = array_merge($config, array('cookie_name' => mb_strtolower($this->feather->forum_env['FORUM_NAME']) . '_cookie_' . Random::key(7, false, true), 'cookie_seed' => Random::key(16, false, true)));
// ... And write it on disk
if ($this->write_config($config)) {
$this->create_db($data);
}
}
function authenticate_user($user, $password, $password_is_hash = false)
{
// Check if there's a user matching $user and $password
$select_check_cookie = array('u.*', 'g.*', 'o.logged', 'o.idle');
$result = DB::for_table('users')->table_alias('u')->select_many($select_check_cookie)->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->left_outer_join('online', array('o.user_id', '=', 'u.id'), 'o');
if (is_int($user)) {
$result = $result->where('u.id', intval($user));
} else {
$result = $result->where('u.username', $user);
}
$result = $result->find_result_set();
foreach ($result as User::get()) {
}
if (!isset(User::get()->id) || $password_is_hash && $password != User::get()->password || !$password_is_hash && \FeatherBB\Core\Random::hash($password) != User::get()->password) {
set_default_user();
} else {
User::get()->is_guest = false;
}
translate('common');
translate('index');
}
?>
</span>
</td>
</tr>
<tr>
<th scope="row"><?php
_e('SMTP password label');
?>
</th>
<td>
<label><input type="checkbox" name="form_smtp_change_pass" value="1" /> <?php
_e('SMTP change password help');
?>
</label>
<?php
$smtp_pass = !empty(ForumSettings::get('o_smtp_pass')) ? Random::key(Utils::strlen(ForumSettings::get('o_smtp_pass')), true) : '';
?>
<input type="password" name="form_smtp_pass1" size="25" maxlength="50" value="<?php
echo $smtp_pass;
?>
" />
<input type="password" name="form_smtp_pass2" size="25" maxlength="50" value="<?php
echo $smtp_pass;
?>
" />
<span><?php
_e('SMTP password help');
?>
</span>
</td>
</tr>
public static function load_admin_user(array $data)
{
$now = time();
return $user = array('group_id' => 1, 'username' => $data['username'], 'password' => Random::hash($data['password']), 'email' => $data['email'], 'language' => $data['default_lang'], 'style' => $data['default_style'], 'num_posts' => 1, 'last_post' => $now, 'registered' => $now, 'registration_ip' => Utils::getIp(), 'last_visit' => $now);
}
public function password_forgotten()
{
$this->hook->fire('password_forgotten_start');
if (!$this->user->is_guest) {
header('Location: ' . Url::base());
exit;
}
// Start with a clean slate
$errors = array();
if ($this->feather->request()->isPost()) {
// Validate the email address
$email = strtolower(Utils::trim($this->request->post('req_email')));
if (!$this->email->is_valid_email($email)) {
$errors[] = __('Invalid email');
}
// Did everything go according to plan?
if (empty($errors)) {
$result['select'] = array('id', 'username', 'last_email_sent');
$result = DB::for_table('users')->select_many($result['select'])->where('email', $email);
$result = $this->hook->fireDB('password_forgotten_query', $result);
$result = $result->find_many();
if ($result) {
// Load the "activate password" template
$mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/activate_password.tpl'));
$mail_tpl = $this->hook->fire('mail_tpl_password_forgotten', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
// Do the generic replacements first (they apply to all emails sent out here)
$mail_message = str_replace('<base_url>', Url::base() . '/', $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
$mail_message = $this->hook->fire('mail_message_password_forgotten', $mail_message);
// Loop through users we found
foreach ($result as $cur_hit) {
if ($cur_hit->last_email_sent != '' && time() - $cur_hit->last_email_sent < 3600 && time() - $cur_hit->last_email_sent >= 0) {
throw new Error(sprintf(__('Email flood'), intval((3600 - (time() - $cur_hit->last_email_sent)) / 60)), 429);
}
// Generate a new password and a new password activation code
$new_password = Random::pass(12);
$new_password_key = Random::pass(8);
$query['update'] = array('activate_string' => Random::hash($new_password), 'activate_key' => $new_password_key, 'last_email_sent' => time());
$query = DB::for_table('users')->where('id', $cur_hit->id)->find_one()->set($query['update']);
$query = $this->hook->fireDB('password_forgotten_mail_query', $query);
$query = $query->save();
// Do the user specific replacements to the template
$cur_mail_message = str_replace('<username>', $cur_hit->username, $mail_message);
$cur_mail_message = str_replace('<activation_url>', $this->feather->urlFor('profileAction', ['id' => $cur_hit->id, 'action' => 'change_pass']) . '?key=' . $new_password_key, $cur_mail_message);
$cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message);
$cur_mail_message = $this->hook->fire('cur_mail_message_password_forgotten', $cur_mail_message);
$this->email->feather_mail($email, $mail_subject, $cur_mail_message);
}
throw new Error(__('Forget mail') . ' <a href="mailto:' . Utils::escape($this->config['o_admin_email']) . '">' . Utils::escape($this->config['o_admin_email']) . '</a>.', 400);
} else {
$errors[] = __('No email match') . ' ' . Utils::escape($email) . '.';
}
}
}
$errors = $this->hook->fire('password_forgotten', $errors);
return $errors;
}
function authenticate_user($user, $password, $password_is_hash = false)
{
global $feather;
// Check if there's a user matching $user and $password
$select_check_cookie = array('u.*', 'g.*', 'o.logged', 'o.idle');
$result = DB::for_table('users')->table_alias('u')->select_many($select_check_cookie)->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->left_outer_join('online', array('o.user_id', '=', 'u.id'), 'o');
if (is_int($user)) {
$result = $result->where('u.id', intval($user));
} else {
$result = $result->where('u.username', $user);
}
$result = $result->find_result_set();
foreach ($result as $feather->user) {
}
if (!isset($feather->user->id) || $password_is_hash && $password != $feather->user->password || !$password_is_hash && \FeatherBB\Core\Random::hash($password) != $feather->user->password) {
set_default_user();
} else {
$feather->user->is_guest = false;
}
load_textdomain('featherbb', FEATHER_ROOT . 'featherbb/lang/' . $feather->user->language . '/common.mo');
load_textdomain('featherbb', FEATHER_ROOT . 'featherbb/lang/' . $feather->user->language . '/index.mo');
}
public function forget()
{
if (!$this->feather->user->is_guest) {
Url::redirect($this->feather->urlFor('home'), 'Already logged in');
}
if ($this->feather->request->isPost()) {
// Validate the email address
$email = strtolower(Utils::trim($this->feather->request->post('req_email')));
if (!$this->feather->email->is_valid_email($email)) {
throw new Error(__('Invalid email'), 400);
}
$user = ModelAuth::get_user_from_email($email);
if ($user) {
// Load the "activate password" template
$mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->feather->user->language . '/mail_templates/activate_password.tpl'));
$mail_tpl = $this->feather->hooks->fire('mail_tpl_password_forgotten', $mail_tpl);
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
// Do the generic replacements first (they apply to all emails sent out here)
$mail_message = str_replace('<base_url>', Url::base() . '/', $mail_message);
$mail_message = str_replace('<board_mailer>', $this->feather->forum_settings['o_board_title'], $mail_message);
$mail_message = $this->feather->hooks->fire('mail_message_password_forgotten', $mail_message);
if ($user->last_email_sent != '' && time() - $user->last_email_sent < 3600 && time() - $user->last_email_sent >= 0) {
throw new Error(sprintf(__('Email flood'), intval((3600 - (time() - $user->last_email_sent)) / 60)), 429);
}
// Generate a new password and a new password activation code
$new_password = Random::pass(12);
$new_password_key = Random::pass(8);
ModelAuth::set_new_password($new_password, $new_password_key, $user->id);
// Do the user specific replacements to the template
$cur_mail_message = str_replace('<username>', $user->username, $mail_message);
$cur_mail_message = str_replace('<activation_url>', $this->feather->urlFor('profileAction', ['action' => 'change_pass']) . '?key=' . $new_password_key, $cur_mail_message);
$cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message);
$cur_mail_message = $this->feather->hooks->fire('cur_mail_message_password_forgotten', $cur_mail_message);
$this->feather->email->feather_mail($email, $mail_subject, $cur_mail_message);
Url::redirect($this->feather->urlFor('home'), __('Forget mail') . ' <a href="mailto:' . $this->feather->utils->escape($this->feather->forum_settings['o_admin_email']) . '">' . $this->feather->utils->escape($this->feather->forum_settings['o_admin_email']) . '</a>.', 200);
} else {
throw new Error(__('No email match') . ' ' . Utils::escape($email) . '.', 400);
}
}
$this->feather->template->setPageInfo(array('active_page' => 'login', 'title' => array(Utils::escape($this->feather->forum_settings['o_board_title']), __('Request pass')), 'required_fields' => array('req_email' => __('Email')), 'focus_element' => array('request_pass', 'req_email')))->addTemplate('login/password_forgotten.php')->display();
}
?>
</span>
</td>
</tr>
<tr>
<th scope="row"><?php
_e('SMTP password label');
?>
</th>
<td>
<label><input type="checkbox" name="form_smtp_change_pass" value="1" /> <?php
_e('SMTP change password help');
?>
</label>
<?php
$smtp_pass = !empty($feather->forum_settings['o_smtp_pass']) ? Random::key(Utils::strlen($feather->forum_settings['o_smtp_pass']), true) : '';
?>
<input type="password" name="form_smtp_pass1" size="25" maxlength="50" value="<?php
echo $smtp_pass;
?>
" />
<input type="password" name="form_smtp_pass2" size="25" maxlength="50" value="<?php
echo $smtp_pass;
?>
" />
<span><?php
_e('SMTP password help');
?>
</span>
</td>
</tr>