public static function generate_jwt($user, $expire) { $issuedAt = time(); $tokenId = base64_encode(Random::key(32)); $serverName = Config::get('serverName'); /* * Create the token as an array */ $data = ['iat' => $issuedAt, 'jti' => $tokenId, 'iss' => $serverName, 'exp' => $expire, 'data' => ['userId' => $user->id, 'userName' => $user->username]]; /* * Extract the key, which is coming from the config file. * * Generated with base64_encode(openssl_random_pseudo_bytes(64)); */ $secretKey = base64_decode(ForumSettings::get('jwt_token')); /* * Extract the algorithm from the config file too */ $algorithm = ForumSettings::get('jwt_algorithm'); /* * Encode the array to a JWT string. * Second parameter is the key to encode the token. * * The output string can be validated at http://jwt.io/ */ $jwt = JWT::encode($data, $secretKey, $algorithm); return $jwt; }
public function insert_user($user) { $user = Container::get('hooks')->fire('model.register.insert_user_start', $user); // Insert the new user into the database. We do this now to get the last inserted ID for later use $now = time(); $intial_group_id = ForumSettings::get('o_regs_verify') == '0' ? ForumSettings::get('o_default_user_group') : ForumEnv::get('FEATHER_UNVERIFIED'); $password_hash = Random::hash($user['password1']); // Add the user $user['insert'] = array('username' => $user['username'], 'group_id' => $intial_group_id, 'password' => $password_hash, 'email' => $user['email1'], 'email_setting' => ForumSettings::get('o_default_email_setting'), 'timezone' => ForumSettings::get('o_default_timezone'), 'dst' => 0, 'language' => $user['language'], 'style' => ForumSettings::get('o_default_style'), 'registered' => $now, 'registration_ip' => Utils::getIp(), 'last_visit' => $now); $user = DB::for_table('users')->create()->set($user['insert']); $user = Container::get('hooks')->fireDB('model.register.insert_user_query', $user); $user = $user->save(); $new_uid = DB::get_db()->lastInsertId(ForumSettings::get('db_prefix') . 'users'); // If the mailing list isn't empty, we may need to send out some alerts if (ForumSettings::get('o_mailing_list') != '') { // If we previously found out that the email was banned if (isset($user['banned_email'])) { // Load the "banned email register" template $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/banned_email_register.tpl')); $mail_tpl = Container::get('hooks')->fire('model.register.insert_user_banned_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = Container::get('hooks')->fire('model.register.insert_user_banned_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<email>', $user['email1'], $mail_message); $mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message); $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message); $mail_message = Container::get('hooks')->fire('model.register.insert_user_banned_mail_message', $mail_message); Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message); } // If we previously found out that the email was a dupe if (!empty($dupe_list)) { // Load the "dupe email register" template $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/dupe_email_register.tpl')); $mail_tpl = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message); $mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message); $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message); $mail_message = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_message', $mail_message); Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message); } // Should we alert people on the admin mailing list that a new user has registered? if (ForumSettings::get('o_regs_report') == '1') { // Load the "new user" template $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/new_user.tpl')); $mail_tpl = Container::get('hooks')->fire('model.register.insert_user_new_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = Container::get('hooks')->fire('model.register.insert_user_new_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<base_url>', Router::pathFor('home'), $mail_message); $mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message); $mail_message = str_replace('<admin_url>', Router::pathFor('profileSection', ['id' => $new_uid, 'section' => 'admin']), $mail_message); $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message); $mail_message = Container::get('hooks')->fire('model.register.insert_user_new_mail_message', $mail_message); Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message); } } // Must the user verify the registration or do we log him/her in right now? if (ForumSettings::get('o_regs_verify') == '1') { // Load the "welcome" template $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/welcome.tpl')); $mail_tpl = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_subject = str_replace('<board_title>', ForumSettings::get('o_board_title'), $mail_subject); $mail_message = str_replace('<base_url>', Router::pathFor('home'), $mail_message); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<password>', $user['password1'], $mail_message); $mail_message = str_replace('<login_url>', Router::pathFor('login'), $mail_message); $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message); $mail_message = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_message', $mail_message); Container::get('email')->feather_mail($user['email1'], $mail_subject, $mail_message); return Router::redirect(Router::pathFor('home'), __('Reg email') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.'); } $user_object = new \stdClass(); $user_object->id = $new_uid; $user_object->username = $user['username']; $expire = time() + ForumSettings::get('o_timeout_visit'); $jwt = AuthModel::generate_jwt($user_object, $expire); AuthModel::feather_setcookie('Bearer ' . $jwt, $expire); // Refresh cache Container::get('cache')->store('users_info', Cache::get_users_info()); Container::get('hooks')->fire('model.register.insert_user'); return Router::redirect(Router::pathFor('home'), __('Reg complete')); }
} if (ForumSettings::get('o_rules') == '1' && (!User::get()->is_guest || User::get()->g_read_board == '1' || ForumSettings::get('o_regs_allow') == '1')) { $navlinks[] = '<li id="navrules"' . ($active_page == 'rules' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('rules') . '">' . __('Rules') . '</a></li>'; } if (User::get()->g_read_board == '1' && User::get()->g_search == '1') { $navlinks[] = '<li id="navsearch"' . ($active_page == 'search' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('search') . '">' . __('Search') . '</a></li>'; } if (User::get()->is_guest) { $navlinks[] = '<li id="navregister"' . ($active_page == 'register' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('register') . '">' . __('Register') . '</a></li>'; $navlinks[] = '<li id="navlogin"' . ($active_page == 'login' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('login') . '">' . __('Login') . '</a></li>'; } else { $navlinks[] = '<li id="navprofile"' . ($active_page == 'profile' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('userProfile', ['id' => User::get()->id]) . '">' . __('Profile') . '</a></li>'; if (User::get()->is_admmod) { $navlinks[] = '<li id="navadmin"' . ($active_page == 'admin' ? ' class="isactive"' : '') . '><a href="' . Router::pathFor('adminIndex') . '">' . __('Admin') . '</a></li>'; } $navlinks[] = '<li id="navlogout"><a href="' . Router::pathFor('logout', ['token' => Random::hash(User::get()->id . Random::hash(Utils::getIp()))]) . '">' . __('Logout') . '</a></li>'; } // Are there any additional navlinks we should insert into the array before imploding it? $hooksLinks = Container::get('hooks')->fire('view.header.navlinks', []); $extraLinks = ForumSettings::get('o_additional_navlinks') . "\n" . implode("\n", $hooksLinks); if (User::get()->g_read_board == '1' && $extraLinks != '') { if (preg_match_all('%([0-9]+)\\s*=\\s*(.*?)\\n%s', $extraLinks . "\n", $results)) { // Insert any additional links into the $links array (at the correct index) $num_links = count($results[1]); for ($i = 0; $i < $num_links; ++$i) { array_splice($navlinks, $results[1][$i], 0, array('<li id="navextra' . ($i + 1) . '"' . ($active_page == 'navextra' . ($i + 1) ? ' class="isactive"' : '') . '>' . $results[2][$i] . '</li>')); } } } echo "\t\t\t" . implode("\n\t\t\t", $navlinks); ?>
public function change_email($id) { $id = Container::get('hooks')->fire('model.profile.change_email_start', $id); // Make sure we are allowed to change this user's email if (User::get()->id != $id) { $id = Container::get('hooks')->fire('model.profile.change_email_not_id', $id); if (!User::get()->is_admmod) { // A regular user trying to change another user's email? throw new Error(__('No permission'), 403); } elseif (User::get()->g_moderator == '1') { // A moderator trying to change a user's email? $user['select'] = array('u.group_id', 'g.g_moderator'); $user = DB::for_table('users')->table_alias('u')->select_many($user['select'])->inner_join('groups', array('g.g_id', '=', 'u.group_id'), 'g')->where('u.id', $id); $user = Container::get('hooks')->fireDB('model.profile.change_email_not_id_query', $user); $user = $user->find_one(); if (!$user) { throw new Error(__('Bad request'), 404); } if (User::get()->g_mod_edit_users == '0' || User::get()->g_mod_change_passwords == '0' || $user['group_id'] == ForumEnv::get('FEATHER_ADMIN') || $user['g_moderator'] == '1') { throw new Error(__('No permission'), 403); } } } if (Input::query('key')) { $key = Input::query('key'); $key = Container::get('hooks')->fire('model.profile.change_email_key', $key); $new_email_key = DB::for_table('users')->where('id', $id); $new_email_key = Container::get('hooks')->fireDB('model.profile.change_email_key_query', $new_email_key); $new_email_key = $new_email_key->find_one_col('activate_key'); if ($key == '' || $key != $new_email_key) { throw new Error(__('Email key bad') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.', 400); } else { $update_mail = DB::for_table('users')->where('id', $id)->find_one()->set_expr('email', 'activate_string')->set_expr('activate_string', 'NULL')->set_expr('activate_key', 'NULL'); $update_mail = Container::get('hooks')->fireDB('model.profile.change_email_query', $update_mail); $update_mail = $update_mail->save(); return Router::redirect(Router::pathFor('home'), __('Email updated')); } } elseif (Request::isPost()) { Container::get('hooks')->fire('model.profile.change_email_post'); if (Random::hash(Input::post('req_password')) !== User::get()->password) { throw new Error(__('Wrong pass')); } // Validate the email address $new_email = strtolower(Utils::trim(Input::post('req_new_email'))); $new_email = Container::get('hooks')->fire('model.profile.change_email_new_email', $new_email); if (!Container::get('email')->is_valid_email($new_email)) { throw new Error(__('Invalid email'), 400); } // Check if it's a banned email address if (Container::get('email')->is_banned_email($new_email)) { if (ForumSettings::get('p_allow_banned_email') == '0') { throw new Error(__('Banned email'), 403); } elseif (ForumSettings::get('o_mailing_list') != '') { // Load the "banned email change" template $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/banned_email_change.tpl')); $mail_tpl = Container::get('hooks')->fire('model.profile.change_email_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = Container::get('hooks')->fire('model.profile.change_email_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', User::get()->username, $mail_message); $mail_message = str_replace('<email>', $new_email, $mail_message); $mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $id]), $mail_message); $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message); $mail_message = Container::get('hooks')->fire('model.profile.change_email_mail_message', $mail_message); Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message); } } // Check if someone else already has registered with that email address $result['select'] = array('id', 'username'); $result = DB::for_table('users')->select_many($result['select'])->where('email', $new_email); $result = Container::get('hooks')->fireDB('model.profile.change_email_check_mail', $result); $result = $result->find_many(); if ($result) { if (ForumSettings::get('p_allow_dupe_email') == '0') { throw new Error(__('Dupe email'), 400); } elseif (ForumSettings::get('o_mailing_list') != '') { foreach ($result as $cur_dupe) { $dupe_list[] = $cur_dupe['username']; } // Load the "dupe email change" template $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/dupe_email_change.tpl')); $mail_tpl = Container::get('hooks')->fire('model.profile.change_email_mail_dupe_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = Container::get('hooks')->fire('model.profile.change_email_mail_dupe_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', User::get()->username, $mail_message); $mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message); $mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $id]), $mail_message); $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message); $mail_message = Container::get('hooks')->fire('model.profile.change_email_mail_dupe_message', $mail_message); Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message); } } $new_email_key = Random::pass(8); $new_email_key = Container::get('hooks')->fire('model.profile.change_email_new_email_key', $new_email_key); // Update the user unset($user); $user['update'] = array('activate_string' => $new_email, 'activate_key' => $new_email_key); $user = DB::for_table('users')->where('id', tid)->find_one()->set($user['update']); $user = Container::get('hooks')->fireDB('model.profile.change_email_user_query', $user); $user = $user->save(); // Load the "activate email" template $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/activate_email.tpl')); $mail_tpl = Container::get('hooks')->fire('model.profile.change_email_mail_activate_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = Container::get('hooks')->fire('model.profile.change_email_mail_activate_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', User::get()->username, $mail_message); $mail_message = str_replace('<base_url>', Url::base(), $mail_message); $mail_message = str_replace('<activation_url>', Router::pathFor('profileAction', ['id' => $id, 'action' => 'change_email']) . '?key=' . $new_email_key, $mail_message); $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message); $mail_message = Container::get('hooks')->fire('model.profile.change_email_mail_activate_message', $mail_message); Container::get('email')->feather_mail($new_email, $mail_subject, $mail_message); Container::get('hooks')->fire('model.profile.change_email_sent'); throw new Error(__('Activate email sent') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.', true); } Container::get('hooks')->fire('model.profile.change_email'); }
} if ($feather->forum_settings['o_rules'] == '1' && (!$feather->user->is_guest || $feather->user->g_read_board == '1' || $feather->forum_settings['o_regs_allow'] == '1')) { echo "\t\t\t\t\t\t" . '<li id="navrules"' . ($active_page == 'rules' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('rules') . '">' . __('Rules') . '</a></li>' . "\n"; } if ($feather->user->g_read_board == '1' && $feather->user->g_search == '1') { echo "\t\t\t\t\t\t" . '<li id="navsearch"' . ($active_page == 'search' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('search') . '">' . __('Search') . '</a></li>' . "\n"; } if ($feather->user->is_guest) { echo "\t\t\t\t\t\t" . '<li id="navregister"' . ($active_page == 'register' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('register') . '">' . __('Register') . '</a></li>' . "\n"; echo "\t\t\t\t\t\t" . '<li id="navlogin"' . ($active_page == 'login' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('login') . '">' . __('Login') . '</a></li>' . "\n"; } else { echo "\t\t\t\t\t\t" . '<li id="navprofile"' . ($active_page == 'profile' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('userProfile', ['id' => $feather->user->id]) . '">' . __('Profile') . '</a></li>' . "\n"; if ($feather->user->is_admmod) { echo "\t\t\t\t\t\t" . '<li id="navadmin"' . ($active_page == 'admin' ? ' class="isactive"' : '') . '><a href="' . $feather->urlFor('adminIndex') . '">' . __('Admin') . '</a></li>' . "\n"; } echo "\t\t\t\t\t\t" . '<li id="navlogout"><a href="' . $feather->urlFor('logout', ['token' => Random::hash($feather->user->id . Random::hash($feather->request->getIp()))]) . '">' . __('Logout') . '</a></li>' . "\n"; } // // Are there any additional navlinks we should insert into the array before imploding it? // if ($feather->user->g_read_board == '1' && $feather->forum_settings['o_additional_navlinks'] != '') { // if (preg_match_all('%([0-9]+)\s*=\s*(.*?)\n%s', $feather->forum_settings['o_additional_navlinks']."\n", $extra_links)) { // // Insert any additional links into the $links array (at the correct index) // $num_links = count($extra_links[1]); // for ($i = 0; $i < $num_links; ++$i) { // array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra'.($i + 1).'">'.$extra_links[2][$i].'</li>')); // } // } // } ?> </ul> </div> <div class="navbar-right">
public function call() { global $feather_bans; if ($cookie = $this->get_cookie_data($this->app->forum_settings['cookie_name'], $this->app->forum_settings['cookie_seed'])) { $this->app->user = $this->model->load_user($cookie['user_id']); $expires = $cookie['expires'] > $this->app->now + $this->app->forum_settings['o_timeout_visit'] ? $this->app->now + 1209600 : $this->app->now + $this->app->forum_settings['o_timeout_visit']; $this->app->user->is_guest = false; $this->app->user->is_admmod = $this->app->user->g_id == $this->app->forum_env['FEATHER_ADMIN'] || $this->app->user->g_moderator == '1'; if (!$this->app->user->disp_topics) { $this->app->user->disp_topics = $this->app->forum_settings['o_disp_topics_default']; } if (!$this->app->user->disp_posts) { $this->app->user->disp_posts = $this->app->forum_settings['o_disp_posts_default']; } if (!file_exists($this->app->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->app->user->language)) { $this->app->user->language = $this->app->forum_settings['o_default_lang']; } if (!file_exists($this->app->forum_env['FEATHER_ROOT'] . 'style/themes/' . $this->app->user->style . '/style.css')) { $this->app->user->style = $this->app->forum_settings['o_default_style']; } $this->model->feather_setcookie($this->app->user->id, $this->app->user->password, $expires); $this->update_online(); } else { $this->app->user = $this->model->load_user(1); $this->app->user->disp_topics = $this->app->forum_settings['o_disp_topics_default']; $this->app->user->disp_posts = $this->app->forum_settings['o_disp_posts_default']; $this->app->user->timezone = $this->app->forum_settings['o_default_timezone']; $this->app->user->dst = $this->app->forum_settings['o_default_dst']; $this->app->user->language = $this->app->forum_settings['o_default_lang']; $this->app->user->style = $this->app->forum_settings['o_default_style']; $this->app->user->is_guest = true; $this->app->user->is_admmod = false; // Update online list if (!$this->app->user->logged) { $this->app->user->logged = time(); // With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table switch ($this->app->forum_settings['db_type']) { case 'mysql': case 'mysqli': case 'mysql_innodb': case 'mysqli_innodb': case 'sqlite': case 'sqlite3': DB::for_table('online')->raw_execute('REPLACE INTO ' . $this->app->forum_settings['db_prefix'] . 'online (user_id, ident, logged) VALUES(1, :ident, :logged)', array(':ident' => $this->app->request->getIp(), ':logged' => $this->app->user->logged)); break; default: DB::for_table('online')->raw_execute('INSERT INTO ' . $this->app->forum_settings['db_prefix'] . 'online (user_id, ident, logged) SELECT 1, :ident, :logged WHERE NOT EXISTS (SELECT 1 FROM ' . $this->app->db->prefix . 'online WHERE ident=:ident)', array(':ident' => $this->app->request->getIp(), ':logged' => $this->app->user->logged)); break; } } else { DB::for_table('online')->where('ident', $this->app->request->getIp())->update_many('logged', time()); } $this->model->feather_setcookie(1, Random::hash(uniqid(rand(), true)), $this->app->now + 31536000); } load_textdomain('featherbb', $this->app->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->app->user->language . '/common.mo'); // Load bans from cache if (!$this->app->cache->isCached('bans')) { $this->app->cache->store('bans', Cache::get_bans()); } $feather_bans = $this->app->cache->retrieve('bans'); // Check if current user is banned $this->check_bans(); // Update online list $this->update_users_online(); $this->next->call(); }
public function insert_user($user) { $user = $this->hook->fire('insert_user_start', $user); // Insert the new user into the database. We do this now to get the last inserted ID for later use $now = time(); $intial_group_id = $this->config['o_regs_verify'] == '0' ? $this->config['o_default_user_group'] : $this->feather->forum_env['FEATHER_UNVERIFIED']; $password_hash = Random::hash($user['password1']); // Add the user $user['insert'] = array('username' => $user['username'], 'group_id' => $intial_group_id, 'password' => $password_hash, 'email' => $user['email1'], 'email_setting' => $this->config['o_default_email_setting'], 'timezone' => $this->config['o_default_timezone'], 'dst' => 0, 'language' => $user['language'], 'style' => $this->config['o_default_style'], 'registered' => $now, 'registration_ip' => $this->request->getIp(), 'last_visit' => $now); $user = DB::for_table('users')->create()->set($user['insert']); $user = $this->hook->fireDB('insert_user_query', $user); $user = $user->save(); $new_uid = DB::get_db()->lastInsertId($this->feather->forum_settings['db_prefix'] . 'users'); if ($this->config['o_regs_verify'] == '0') { // Regenerate the users info cache if (!$this->feather->cache->isCached('users_info')) { $this->feather->cache->store('users_info', Cache::get_users_info()); } $stats = $this->feather->cache->retrieve('users_info'); } // If the mailing list isn't empty, we may need to send out some alerts if ($this->config['o_mailing_list'] != '') { // If we previously found out that the email was banned if (isset($user['banned_email'])) { // Load the "banned email register" template $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/banned_email_register.tpl')); $mail_tpl = $this->hook->fire('insert_user_banned_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = $this->hook->fire('insert_user_banned_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<email>', $user['email1'], $mail_message); $mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message); $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message); $mail_message = $this->hook->fire('insert_user_banned_mail_message', $mail_message); $this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message); } // If we previously found out that the email was a dupe if (!empty($dupe_list)) { // Load the "dupe email register" template $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/dupe_email_register.tpl')); $mail_tpl = $this->hook->fire('insert_user_dupe_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = $this->hook->fire('insert_user_dupe_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message); $mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message); $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message); $mail_message = $this->hook->fire('insert_user_dupe_mail_message', $mail_message); $this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message); } // Should we alert people on the admin mailing list that a new user has registered? if ($this->config['o_regs_report'] == '1') { // Load the "new user" template $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/new_user.tpl')); $mail_tpl = $this->hook->fire('insert_user_new_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = $this->hook->fire('insert_user_new_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<base_url>', $this->feather->urlFor('home'), $mail_message); $mail_message = str_replace('<profile_url>', $this->feather->urlFor('userProfile', ['id' => $new_uid]), $mail_message); $mail_message = str_replace('<admin_url>', $this->feather->urlFor('profileSection', ['id' => $new_uid, 'section' => 'admin']), $mail_message); $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message); $mail_message = $this->hook->fire('insert_user_new_mail_message', $mail_message); $this->email->feather_mail($this->config['o_mailing_list'], $mail_subject, $mail_message); } } // Must the user verify the registration or do we log him/her in right now? if ($this->config['o_regs_verify'] == '1') { // Load the "welcome" template $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/welcome.tpl')); $mail_tpl = $this->hook->fire('insert_user_welcome_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = $this->hook->fire('insert_user_welcome_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_subject = str_replace('<board_title>', $this->config['o_board_title'], $mail_subject); $mail_message = str_replace('<base_url>', $this->feather->urlFor('home'), $mail_message); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<password>', $user['password1'], $mail_message); $mail_message = str_replace('<login_url>', $this->feather->urlFor('login'), $mail_message); $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message); $mail_message = $this->hook->fire('insert_user_welcome_mail_message', $mail_message); $this->email->feather_mail($user['email1'], $mail_subject, $mail_message); Url::redirect($this->feather->urlFor('home'), __('Reg email') . ' <a href="mailto:' . Utils::escape($this->config['o_admin_email']) . '">' . Utils::escape($this->config['o_admin_email']) . '</a>.'); } $this->auth->feather_setcookie($new_uid, $password_hash, time() + $this->config['o_timeout_visit']); $this->hook->fire('insert_user'); Url::redirect($this->feather->urlFor('home'), __('Reg complete')); }
public function create_config(array $data) { Container::get('hooks')->fire('controller.install.create_config'); // Generate config ... $config = array(); foreach ($data as $key => $value) { if (in_array($key, $this->config_keys)) { $config[$key] = $value; } } $config = array_merge($config, array('cookie_name' => mb_strtolower(ForumEnv::get('FORUM_NAME')) . '_cookie_' . Random::key(7, false, true), 'jwt_token' => base64_encode(Random::secure_random_bytes(64)), 'jwt_algorithm' => 'HS512')); // ... And write it on disk if ($this->write_config($config)) { return $this->create_db($data); } else { // TODO: Translate return Router::redirect(Router::pathFor('install'), ['error', 'Error while writing config file']); } }
public function create_config(array $data) { // Generate config ... $config = array(); foreach ($data as $key => $value) { if (in_array($key, $this->config_keys)) { $config[$key] = $value; } } $config = array_merge($config, array('cookie_name' => mb_strtolower($this->feather->forum_env['FORUM_NAME']) . '_cookie_' . Random::key(7, false, true), 'cookie_seed' => Random::key(16, false, true))); // ... And write it on disk if ($this->write_config($config)) { $this->create_db($data); } }
function authenticate_user($user, $password, $password_is_hash = false) { // Check if there's a user matching $user and $password $select_check_cookie = array('u.*', 'g.*', 'o.logged', 'o.idle'); $result = DB::for_table('users')->table_alias('u')->select_many($select_check_cookie)->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->left_outer_join('online', array('o.user_id', '=', 'u.id'), 'o'); if (is_int($user)) { $result = $result->where('u.id', intval($user)); } else { $result = $result->where('u.username', $user); } $result = $result->find_result_set(); foreach ($result as User::get()) { } if (!isset(User::get()->id) || $password_is_hash && $password != User::get()->password || !$password_is_hash && \FeatherBB\Core\Random::hash($password) != User::get()->password) { set_default_user(); } else { User::get()->is_guest = false; } translate('common'); translate('index'); }
?> </span> </td> </tr> <tr> <th scope="row"><?php _e('SMTP password label'); ?> </th> <td> <label><input type="checkbox" name="form_smtp_change_pass" value="1" /> <?php _e('SMTP change password help'); ?> </label> <?php $smtp_pass = !empty(ForumSettings::get('o_smtp_pass')) ? Random::key(Utils::strlen(ForumSettings::get('o_smtp_pass')), true) : ''; ?> <input type="password" name="form_smtp_pass1" size="25" maxlength="50" value="<?php echo $smtp_pass; ?> " /> <input type="password" name="form_smtp_pass2" size="25" maxlength="50" value="<?php echo $smtp_pass; ?> " /> <span><?php _e('SMTP password help'); ?> </span> </td> </tr>
public static function load_admin_user(array $data) { $now = time(); return $user = array('group_id' => 1, 'username' => $data['username'], 'password' => Random::hash($data['password']), 'email' => $data['email'], 'language' => $data['default_lang'], 'style' => $data['default_style'], 'num_posts' => 1, 'last_post' => $now, 'registered' => $now, 'registration_ip' => Utils::getIp(), 'last_visit' => $now); }
public function password_forgotten() { $this->hook->fire('password_forgotten_start'); if (!$this->user->is_guest) { header('Location: ' . Url::base()); exit; } // Start with a clean slate $errors = array(); if ($this->feather->request()->isPost()) { // Validate the email address $email = strtolower(Utils::trim($this->request->post('req_email'))); if (!$this->email->is_valid_email($email)) { $errors[] = __('Invalid email'); } // Did everything go according to plan? if (empty($errors)) { $result['select'] = array('id', 'username', 'last_email_sent'); $result = DB::for_table('users')->select_many($result['select'])->where('email', $email); $result = $this->hook->fireDB('password_forgotten_query', $result); $result = $result->find_many(); if ($result) { // Load the "activate password" template $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->user->language . '/mail_templates/activate_password.tpl')); $mail_tpl = $this->hook->fire('mail_tpl_password_forgotten', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_message = trim(substr($mail_tpl, $first_crlf)); // Do the generic replacements first (they apply to all emails sent out here) $mail_message = str_replace('<base_url>', Url::base() . '/', $mail_message); $mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message); $mail_message = $this->hook->fire('mail_message_password_forgotten', $mail_message); // Loop through users we found foreach ($result as $cur_hit) { if ($cur_hit->last_email_sent != '' && time() - $cur_hit->last_email_sent < 3600 && time() - $cur_hit->last_email_sent >= 0) { throw new Error(sprintf(__('Email flood'), intval((3600 - (time() - $cur_hit->last_email_sent)) / 60)), 429); } // Generate a new password and a new password activation code $new_password = Random::pass(12); $new_password_key = Random::pass(8); $query['update'] = array('activate_string' => Random::hash($new_password), 'activate_key' => $new_password_key, 'last_email_sent' => time()); $query = DB::for_table('users')->where('id', $cur_hit->id)->find_one()->set($query['update']); $query = $this->hook->fireDB('password_forgotten_mail_query', $query); $query = $query->save(); // Do the user specific replacements to the template $cur_mail_message = str_replace('<username>', $cur_hit->username, $mail_message); $cur_mail_message = str_replace('<activation_url>', $this->feather->urlFor('profileAction', ['id' => $cur_hit->id, 'action' => 'change_pass']) . '?key=' . $new_password_key, $cur_mail_message); $cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message); $cur_mail_message = $this->hook->fire('cur_mail_message_password_forgotten', $cur_mail_message); $this->email->feather_mail($email, $mail_subject, $cur_mail_message); } throw new Error(__('Forget mail') . ' <a href="mailto:' . Utils::escape($this->config['o_admin_email']) . '">' . Utils::escape($this->config['o_admin_email']) . '</a>.', 400); } else { $errors[] = __('No email match') . ' ' . Utils::escape($email) . '.'; } } } $errors = $this->hook->fire('password_forgotten', $errors); return $errors; }
function authenticate_user($user, $password, $password_is_hash = false) { global $feather; // Check if there's a user matching $user and $password $select_check_cookie = array('u.*', 'g.*', 'o.logged', 'o.idle'); $result = DB::for_table('users')->table_alias('u')->select_many($select_check_cookie)->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->left_outer_join('online', array('o.user_id', '=', 'u.id'), 'o'); if (is_int($user)) { $result = $result->where('u.id', intval($user)); } else { $result = $result->where('u.username', $user); } $result = $result->find_result_set(); foreach ($result as $feather->user) { } if (!isset($feather->user->id) || $password_is_hash && $password != $feather->user->password || !$password_is_hash && \FeatherBB\Core\Random::hash($password) != $feather->user->password) { set_default_user(); } else { $feather->user->is_guest = false; } load_textdomain('featherbb', FEATHER_ROOT . 'featherbb/lang/' . $feather->user->language . '/common.mo'); load_textdomain('featherbb', FEATHER_ROOT . 'featherbb/lang/' . $feather->user->language . '/index.mo'); }
public function forget() { if (!$this->feather->user->is_guest) { Url::redirect($this->feather->urlFor('home'), 'Already logged in'); } if ($this->feather->request->isPost()) { // Validate the email address $email = strtolower(Utils::trim($this->feather->request->post('req_email'))); if (!$this->feather->email->is_valid_email($email)) { throw new Error(__('Invalid email'), 400); } $user = ModelAuth::get_user_from_email($email); if ($user) { // Load the "activate password" template $mail_tpl = trim(file_get_contents($this->feather->forum_env['FEATHER_ROOT'] . 'featherbb/lang/' . $this->feather->user->language . '/mail_templates/activate_password.tpl')); $mail_tpl = $this->feather->hooks->fire('mail_tpl_password_forgotten', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_message = trim(substr($mail_tpl, $first_crlf)); // Do the generic replacements first (they apply to all emails sent out here) $mail_message = str_replace('<base_url>', Url::base() . '/', $mail_message); $mail_message = str_replace('<board_mailer>', $this->feather->forum_settings['o_board_title'], $mail_message); $mail_message = $this->feather->hooks->fire('mail_message_password_forgotten', $mail_message); if ($user->last_email_sent != '' && time() - $user->last_email_sent < 3600 && time() - $user->last_email_sent >= 0) { throw new Error(sprintf(__('Email flood'), intval((3600 - (time() - $user->last_email_sent)) / 60)), 429); } // Generate a new password and a new password activation code $new_password = Random::pass(12); $new_password_key = Random::pass(8); ModelAuth::set_new_password($new_password, $new_password_key, $user->id); // Do the user specific replacements to the template $cur_mail_message = str_replace('<username>', $user->username, $mail_message); $cur_mail_message = str_replace('<activation_url>', $this->feather->urlFor('profileAction', ['action' => 'change_pass']) . '?key=' . $new_password_key, $cur_mail_message); $cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message); $cur_mail_message = $this->feather->hooks->fire('cur_mail_message_password_forgotten', $cur_mail_message); $this->feather->email->feather_mail($email, $mail_subject, $cur_mail_message); Url::redirect($this->feather->urlFor('home'), __('Forget mail') . ' <a href="mailto:' . $this->feather->utils->escape($this->feather->forum_settings['o_admin_email']) . '">' . $this->feather->utils->escape($this->feather->forum_settings['o_admin_email']) . '</a>.', 200); } else { throw new Error(__('No email match') . ' ' . Utils::escape($email) . '.', 400); } } $this->feather->template->setPageInfo(array('active_page' => 'login', 'title' => array(Utils::escape($this->feather->forum_settings['o_board_title']), __('Request pass')), 'required_fields' => array('req_email' => __('Email')), 'focus_element' => array('request_pass', 'req_email')))->addTemplate('login/password_forgotten.php')->display(); }
?> </span> </td> </tr> <tr> <th scope="row"><?php _e('SMTP password label'); ?> </th> <td> <label><input type="checkbox" name="form_smtp_change_pass" value="1" /> <?php _e('SMTP change password help'); ?> </label> <?php $smtp_pass = !empty($feather->forum_settings['o_smtp_pass']) ? Random::key(Utils::strlen($feather->forum_settings['o_smtp_pass']), true) : ''; ?> <input type="password" name="form_smtp_pass1" size="25" maxlength="50" value="<?php echo $smtp_pass; ?> " /> <input type="password" name="form_smtp_pass2" size="25" maxlength="50" value="<?php echo $smtp_pass; ?> " /> <span><?php _e('SMTP password help'); ?> </span> </td> </tr>