public function login($req, $res, $args) { if (!User::get()->is_guest) { return Router::redirect(Router::pathFor('home'), 'Already logged in'); } if (Request::isPost()) { Container::get('hooks')->fire('controller.login'); $form_username = Input::post('req_username'); $form_password = Input::post('req_password'); $save_pass = (bool) Input::post('save_pass'); $user = ModelAuth::get_user_from_name($form_username); if (!empty($user->password)) { $form_password_hash = Random::hash($form_password); // Will result in a SHA-1 hash if ($user->password == $form_password_hash) { if ($user->group_id == ForumEnv::get('FEATHER_UNVERIFIED')) { ModelAuth::update_group($user->id, ForumSettings::get('o_default_user_group')); if (!Container::get('cache')->isCached('users_info')) { Container::get('cache')->store('users_info', Cache::get_users_info()); } } ModelAuth::delete_online_by_ip(Utils::getIp()); // Reset tracked topics Track::set_tracked_topics(null); $expire = $save_pass ? Container::get('now') + 1209600 : Container::get('now') + ForumSettings::get('o_timeout_visit'); $expire = Container::get('hooks')->fire('controller.expire_login', $expire); $jwt = ModelAuth::generate_jwt($user, $expire); ModelAuth::feather_setcookie('Bearer ' . $jwt, $expire); return Router::redirect(Router::pathFor('home'), __('Login redirect')); } else { throw new Error(__('Wrong user/pass') . ' <a href="' . Router::pathFor('resetPassword') . '">' . __('Forgotten pass') . '</a>', 403); } } } else { View::setPageInfo(array('active_page' => 'login', 'title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Login')), 'required_fields' => array('req_username' => __('Username'), 'req_password' => __('Password')), 'focus_element' => array('login', 'req_username')))->addTemplate('login/form.php')->display(); } }
public function insert_user($user) { $user = Container::get('hooks')->fire('model.register.insert_user_start', $user); // Insert the new user into the database. We do this now to get the last inserted ID for later use $now = time(); $intial_group_id = ForumSettings::get('o_regs_verify') == '0' ? ForumSettings::get('o_default_user_group') : ForumEnv::get('FEATHER_UNVERIFIED'); $password_hash = Random::hash($user['password1']); // Add the user $user['insert'] = array('username' => $user['username'], 'group_id' => $intial_group_id, 'password' => $password_hash, 'email' => $user['email1'], 'email_setting' => ForumSettings::get('o_default_email_setting'), 'timezone' => ForumSettings::get('o_default_timezone'), 'dst' => 0, 'language' => $user['language'], 'style' => ForumSettings::get('o_default_style'), 'registered' => $now, 'registration_ip' => Utils::getIp(), 'last_visit' => $now); $user = DB::for_table('users')->create()->set($user['insert']); $user = Container::get('hooks')->fireDB('model.register.insert_user_query', $user); $user = $user->save(); $new_uid = DB::get_db()->lastInsertId(ForumSettings::get('db_prefix') . 'users'); // If the mailing list isn't empty, we may need to send out some alerts if (ForumSettings::get('o_mailing_list') != '') { // If we previously found out that the email was banned if (isset($user['banned_email'])) { // Load the "banned email register" template $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/banned_email_register.tpl')); $mail_tpl = Container::get('hooks')->fire('model.register.insert_user_banned_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = Container::get('hooks')->fire('model.register.insert_user_banned_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<email>', $user['email1'], $mail_message); $mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message); $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message); $mail_message = Container::get('hooks')->fire('model.register.insert_user_banned_mail_message', $mail_message); Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message); } // If we previously found out that the email was a dupe if (!empty($dupe_list)) { // Load the "dupe email register" template $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/dupe_email_register.tpl')); $mail_tpl = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message); $mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message); $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message); $mail_message = Container::get('hooks')->fire('model.register.insert_user_dupe_mail_message', $mail_message); Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message); } // Should we alert people on the admin mailing list that a new user has registered? if (ForumSettings::get('o_regs_report') == '1') { // Load the "new user" template $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/new_user.tpl')); $mail_tpl = Container::get('hooks')->fire('model.register.insert_user_new_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = Container::get('hooks')->fire('model.register.insert_user_new_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<base_url>', Router::pathFor('home'), $mail_message); $mail_message = str_replace('<profile_url>', Router::pathFor('userProfile', ['id' => $new_uid]), $mail_message); $mail_message = str_replace('<admin_url>', Router::pathFor('profileSection', ['id' => $new_uid, 'section' => 'admin']), $mail_message); $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message); $mail_message = Container::get('hooks')->fire('model.register.insert_user_new_mail_message', $mail_message); Container::get('email')->feather_mail(ForumSettings::get('o_mailing_list'), $mail_subject, $mail_message); } } // Must the user verify the registration or do we log him/her in right now? if (ForumSettings::get('o_regs_verify') == '1') { // Load the "welcome" template $mail_tpl = trim(file_get_contents(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . User::get()->language . '/mail_templates/welcome.tpl')); $mail_tpl = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_tpl', $mail_tpl); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_subject = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_subject', $mail_subject); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_subject = str_replace('<board_title>', ForumSettings::get('o_board_title'), $mail_subject); $mail_message = str_replace('<base_url>', Router::pathFor('home'), $mail_message); $mail_message = str_replace('<username>', $user['username'], $mail_message); $mail_message = str_replace('<password>', $user['password1'], $mail_message); $mail_message = str_replace('<login_url>', Router::pathFor('login'), $mail_message); $mail_message = str_replace('<board_mailer>', ForumSettings::get('o_board_title'), $mail_message); $mail_message = Container::get('hooks')->fire('model.register.insert_user_welcome_mail_message', $mail_message); Container::get('email')->feather_mail($user['email1'], $mail_subject, $mail_message); return Router::redirect(Router::pathFor('home'), __('Reg email') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.'); } $user_object = new \stdClass(); $user_object->id = $new_uid; $user_object->username = $user['username']; $expire = time() + ForumSettings::get('o_timeout_visit'); $jwt = AuthModel::generate_jwt($user_object, $expire); AuthModel::feather_setcookie('Bearer ' . $jwt, $expire); // Refresh cache Container::get('cache')->store('users_info', Cache::get_users_info()); Container::get('hooks')->fire('model.register.insert_user'); return Router::redirect(Router::pathFor('home'), __('Reg complete')); }
public function change_pass($id) { $id = Container::get('hooks')->fire('model.profile.change_pass_start', $id); if (Input::query('key')) { $key = Input::query('key'); $key = Container::get('hooks')->fire('model.profile.change_pass_key', $key); // If the user is already logged in we shouldn't be here :) if (!User::get()->is_guest) { return Router::redirect(Router::pathFor('home')); } $cur_user = DB::for_table('users')->where('id', $id); $cur_user = Container::get('hooks')->fireDB('model.profile.change_pass_user_query', $cur_user); $cur_user = $cur_user->find_one(); if ($key == '' || $key != $cur_user['activate_key']) { throw new Error(__('Pass key bad') . ' <a href="mailto:' . Utils::escape(ForumSettings::get('o_admin_email')) . '">' . Utils::escape(ForumSettings::get('o_admin_email')) . '</a>.', 400); } else { $query = DB::for_table('users')->where('id', $id)->find_one()->set('password', $cur_user['activate_string'])->set_expr('activate_string', 'NULL')->set_expr('activate_key', 'NULL'); $query = Container::get('hooks')->fireDB('model.profile.change_pass_activate_query', $query); $query = $query->save(); return Router::redirect(Router::pathFor('home'), __('Pass updated')); } } // Make sure we are allowed to change this user's password if (User::get()->id != $id) { $id = Container::get('hooks')->fire('model.profile.change_pass_key_not_id', $id); if (!User::get()->is_admmod) { // A regular user trying to change another user's password? throw new Error(__('No permission'), 403); } elseif (User::get()->g_moderator == '1') { // A moderator trying to change a user's password? $user['select'] = array('u.group_id', 'g.g_moderator'); $user = DB::for_table('users')->table_alias('u')->select_many($user['select'])->inner_join('groups', array('g.g_id', '=', 'u.group_id'), 'g')->where('u.id', $id); $user = Container::get('hooks')->fireDB('model.profile.change_pass_user_query', $user); $user = $user->find_one(); if (!$user) { throw new Error(__('Bad request'), 404); } if (User::get()->g_mod_edit_users == '0' || User::get()->g_mod_change_passwords == '0' || $user['group_id'] == ForumEnv::get('FEATHER_ADMIN') || $user['g_moderator'] == '1') { throw new Error(__('No permission'), 403); } } } if (Request::isPost()) { $old_password = Input::post('req_old_password') ? Utils::trim(Input::post('req_old_password')) : ''; $new_password1 = Utils::trim(Input::post('req_new_password1')); $new_password2 = Utils::trim(Input::post('req_new_password2')); if ($new_password1 != $new_password2) { throw new Error(__('Pass not match'), 400); } if (Utils::strlen($new_password1) < 6) { throw new Error(__('Pass too short'), 400); } $cur_user = DB::for_table('users')->where('id', $id); $cur_user = Container::get('hooks')->fireDB('model.profile.change_pass_find_user', $cur_user); $cur_user = $cur_user->find_one(); $authorized = false; if (!empty($cur_user['password'])) { $old_password_hash = Random::hash($old_password); if ($cur_user['password'] == $old_password_hash || User::get()->is_admmod) { $authorized = true; } } if (!$authorized) { throw new Error(__('Wrong pass'), 403); } $new_password_hash = Random::hash($new_password1); $update_password = DB::for_table('users')->where('id', $id)->find_one()->set('password', $new_password_hash); $update_password = Container::get('hooks')->fireDB('model.profile.change_pass_query', $update_password); $update_password = $update_password->save(); if (User::get()->id == $id) { $expire = time() + ForumSettings::get('o_timeout_visit'); $jwt = AuthModel::generate_jwt(User::get(), $expire); AuthModel::feather_setcookie('Bearer ' . $jwt, $expire); } Container::get('hooks')->fire('model.profile.change_pass'); return Router::redirect(Router::pathFor('profileSection', array('id' => $id, 'section' => 'essentials')), __('Pass updated redirect')); } }
public function __invoke($req, $res, $next) { $authCookie = Container::get('cookie')->get(ForumSettings::get('cookie_name')); if ($jwt = $this->get_cookie_data($authCookie)) { $user = AuthModel::load_user($jwt->data->userId); $expires = $jwt->exp > Container::get('now') + ForumSettings::get('o_timeout_visit') ? Container::get('now') + 1209600 : Container::get('now') + ForumSettings::get('o_timeout_visit'); $user->is_guest = false; $user->is_admmod = $user->g_id == ForumEnv::get('FEATHER_ADMIN') || $user->g_moderator == '1'; if (!$user->disp_topics) { $user->disp_topics = ForumSettings::get('o_disp_topics_default'); } if (!$user->disp_posts) { $user->disp_posts = ForumSettings::get('o_disp_posts_default'); } if (!file_exists(ForumEnv::get('FEATHER_ROOT') . 'featherbb/lang/' . $user->language)) { $user->language = ForumSettings::get('o_default_lang'); } if (!file_exists(ForumEnv::get('FEATHER_ROOT') . 'style/themes/' . $user->style . '/style.css')) { $user->style = ForumSettings::get('o_default_style'); } // Refresh cookie to avoid re-logging between idle $jwt = AuthModel::generate_jwt($user, $expires); AuthModel::feather_setcookie('Bearer ' . $jwt, $expires); // Add user to DIC Container::set('user', $user); $this->update_online(); } else { $user = AuthModel::load_user(1); $user->disp_topics = ForumSettings::get('o_disp_topics_default'); $user->disp_posts = ForumSettings::get('o_disp_posts_default'); $user->timezone = ForumSettings::get('o_default_timezone'); $user->dst = ForumSettings::get('o_default_dst'); $user->language = ForumSettings::get('o_default_lang'); $user->style = ForumSettings::get('o_default_style'); $user->is_guest = true; $user->is_admmod = false; // Update online list if (!$user->logged) { $user->logged = time(); // With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table switch (ForumSettings::get('db_type')) { case 'mysql': case 'mysqli': case 'mysql_innodb': case 'mysqli_innodb': case 'sqlite': case 'sqlite3': DB::for_table('online')->raw_execute('REPLACE INTO ' . ForumSettings::get('db_prefix') . 'online (user_id, ident, logged) VALUES(1, :ident, :logged)', array(':ident' => Utils::getIp(), ':logged' => $user->logged)); break; default: DB::for_table('online')->raw_execute('INSERT INTO ' . ForumSettings::get('db_prefix') . 'online (user_id, ident, logged) SELECT 1, :ident, :logged WHERE NOT EXISTS (SELECT 1 FROM ' . ForumSettings::get('db_prefix') . 'online WHERE ident=:ident)', array(':ident' => Utils::getIp(), ':logged' => $user->logged)); break; } } else { DB::for_table('online')->where('ident', Utils::getIp())->update_many('logged', time()); } // $jwt = AuthModel::generate_jwt($user, Container::get('now') + 31536000); // AuthModel::feather_setcookie('Bearer '.$jwt, Container::get('now') + 31536000); // Add $user as guest to DIC Container::set('user', $user); } translate('common'); // Load bans from cache if (!Container::get('cache')->isCached('bans')) { Container::get('cache')->store('bans', Cache::get_bans()); } // Add bans to the container Container::set('bans', Container::get('cache')->retrieve('bans')); // Check if current user is banned $this->check_bans(); // Update online list $this->update_users_online(); return $next($req, $res); }