/** * Generate unique invite string * @return string */ private function makeInvite() { $token = Str::randomLatinNumeric(mt_rand(32, 128)); $find = Invite::where('token', '=', $token)->count(); return $find === 0 ? $token : $this->makeInvite(); // prevent duplication }
/** * Save configurations build by installer interface */ public function make() { // prepare configurations to save /** @var array $cfg */ $cfg = App::$Properties->getAll('default'); $this->before(); $cfg['baseDomain'] = $this->baseDomain; $cfg['database'] = $this->db; $cfg['adminEmail'] = $this->email; $cfg['singleLanguage'] = $this->singleLanguage; $cfg['multiLanguage'] = (bool) $this->multiLanguage; $cfg['passwordSalt'] = '$2a$07$' . Str::randomLatinNumeric(mt_rand(21, 30)) . '$'; $cfg['debug']['cookie']['key'] = 'fdebug_' . Str::randomLatinNumeric(mt_rand(4, 16)); $cfg['debug']['cookie']['value'] = Str::randomLatinNumeric(mt_rand(32, 128)); // import database tables $connectName = 'install'; include root . '/Private/Database/install.php'; // insert admin user $user = new User(); $user->setConnection('install'); $user->login = $this->user['login']; $user->email = $this->user['email']; $user->role_id = 4; $user->password = App::$Security->password_hash($this->user['password'], $cfg['passwordSalt']); $user->save(); $profile = new Profile(); $profile->setConnection('install'); $profile->user_id = $user->id; $profile->save(); // set installation version $system = new System(); $system->setConnection('install'); $system->var = 'version'; $system->data = Version::VERSION; $system->save(); // write config data App::$Properties->writeConfig('default', $cfg); // make routing configs based on preset property $routing = []; switch ($this->mainpage) { case 'news': $routing = ['Alias' => ['Front' => ['/' => '/content/list/news', '/about' => '/content/read/page/about-page']]]; break; case 'about': $routing = ['Alias' => ['Front' => ['/' => '/content/read/page/about-page']]]; break; } // write routing configurations App::$Properties->writeConfig('routing', $routing); // write installer lock File::write('/Private/Install/install.lock', 'Installation is locked!'); }
/** * Initialize validator. Set csrf protection token from request data if available. * @param bool $csrf */ public function initialize($csrf = false) { $this->_tokenRequired = $csrf; if ($csrf === true) { // get current token value from session $currentToken = App::$Session->get('_csrf_token', false); // set new token value to session $newToken = Str::randomLatinNumeric(mt_rand(32, 64)); App::$Session->set('_csrf_token', $newToken); // if request is submited for this model - try to validate input data if ($this->send()) { // token is wrong - update bool state if ($currentToken !== $this->getRequest('_csrf_token', 'all')) { $this->_tokenOk = false; } } // set token data to display $this->_csrf_token = $newToken; } }
/** * Process submit new request * @return FeedbackPost */ public function make() { // calculate security hash to direct-on access $hash = Str::randomLatinNumeric(mt_rand(16, 64)); // init new row and set row data $record = new FeedbackPost(); $record->name = $this->name; $record->email = $this->email; $record->message = $this->message; $record->hash = $hash; if (App::$User->isAuth()) { $record->user_id = App::$User->identity()->getId(); } $record->ip = App::$Request->getClientIp(); // save row to db $record->save(); // send notification to email $this->sendEmail($record); return $record; }
/** * After validation generate new pwd, recovery token and send email * @throws SyntaxException * @throws \Ffcms\Core\Exception\NativeException */ public function make() { $user = App::$User->getIdentityViaEmail($this->email); if ($user === null) { throw new SyntaxException('Email not found'); } if ($user->approve_token !== '0' && Str::length($user->approve_token) > 0) { throw new SyntaxException('You must approve your account'); } $rows = UserRecovery::where('user_id', '=', $user->getId())->orderBy('id', 'DESC')->first(); if ($rows !== null && $rows !== false) { // prevent spam of recovery messages if (Date::convertToTimestamp($rows->created_at) > time() - self::DELAY) { return; } } // generate pwd, token and pwdCrypt $newPwd = Str::randomLatinNumeric(mt_rand(8, 16)); $pwdCrypt = App::$Security->password_hash($newPwd); $token = Str::randomLatinNumeric(mt_rand(64, 128)); // write new data to recovery table $rObject = new UserRecovery(); $rObject->user_id = $user->id; $rObject->password = $pwdCrypt; $rObject->token = $token; $rObject->save(); // write logs data $log = new UserLog(); $log->user_id = $user->id; $log->type = 'RECOVERY'; $log->message = __('Password recovery is initialized from: %ip%', ['ip' => App::$Request->getClientIp()]); $log->save(); // generate mail template $mailTemplate = App::$View->render('user/mail/recovery', ['login' => $user->login, 'email' => $this->email, 'password' => $newPwd, 'token' => $token, 'id' => $rObject->id]); $sender = App::$Properties->get('adminEmail'); // format SWIFTMailer format $mailMessage = \Swift_Message::newInstance(App::$Translate->get('Profile', 'Account recovery on %site%', ['site' => App::$Request->getHost()]))->setFrom([$sender])->setTo([$this->email])->setBody($mailTemplate, 'text/html'); // send message App::$Mailer->send($mailMessage); }
/** * Try to insert user data in database * @param bool $activation * @return bool * @throws \Ffcms\Core\Exception\SyntaxException * @throws \Ffcms\Core\Exception\NativeException */ public function tryRegister($activation = false) { $check = App::$User->where('login', '=', $this->login)->orWhere('email', '=', $this->email)->count(); if ($check !== 0) { return false; } $password = App::$Security->password_hash($this->password); // create row $user = new User(); $user->login = $this->login; $user->email = $this->email; $user->password = $password; // if need to be approved - make random token and send email if ($activation) { $user->approve_token = Str::randomLatinNumeric(mt_rand(32, 128)); // random token for validation url // send email $template = App::$View->render('user/mail/approve', ['token' => $user->approve_token, 'email' => $user->email, 'login' => $user->login]); $sender = App::$Properties->get('adminEmail'); // format SWIFTMailer format $mailMessage = \Swift_Message::newInstance(App::$Translate->get('Default', 'Registration approve', []))->setFrom([$sender])->setTo([$this->email])->setBody($template, 'text/html'); // send message App::$Mailer->send($mailMessage); } // save row $user->save(); // create profile $profile = new Profile(); $profile->user_id = $user->id; // save profile $profile->save(); // set user & profile objects to attributes to allow extending this model $this->_userObject = $user; $this->_profileObject = $profile; return true; }
/** * Generate random string for comment hash value * @return string */ private function generateCommentHash() { $hash = Str::randomLatinNumeric(mt_rand(32, 128)); $find = Content::where('comment_hash', '=', $hash)->count(); // hmmm, is always exist? Chance of it is TOOOO low, but lets recursion re-generate if ($find !== 0) { return $this->generateCommentHash(); } return $hash; }
/** * Update user information in database based on current obj attributes passed from input data */ public function save() { foreach ($this->getAllProperties() as $property => $value) { if ($property === 'password' || $property === 'newpassword') { // update password only if new is set and length >= 3 if ($this->newpassword !== null && Str::length($this->newpassword) >= 3) { $this->_user->password = App::$Security->password_hash($this->newpassword); } } elseif ($property === 'approve_token') { if ($value == "1") { $this->_user->approve_token = '0'; } else { if ($this->_approve_tmp === '0') { $this->_approve_tmp = Str::randomLatinNumeric(mt_rand(32, 128)); } $this->_user->approve_token = $this->_approve_tmp; } } else { $this->_user->{$property} = $value; } } $this->_user->save(); }
/** * Console installation * @return string * @throws NativeException */ public function actionInstall() { if (File::exist('/Private/Install/install.lock')) { throw new NativeException('Installation is locked! Please delete /Private/Install/install.lock'); } echo Console::$Output->writeHeader('License start'); echo File::read('/LICENSE') . PHP_EOL; echo Console::$Output->writeHeader('License end'); $config = Console::$Properties->get('database'); $newConfig = []; // creating default directory's foreach (self::$installDirs as $obj) { // looks like a directory if (!Str::contains('.', $obj)) { Directory::create($obj, 0777); } } echo Console::$Output->write('Upload and private directories are successful created!'); // set chmods echo $this->actionChmod(); // database config from input echo Console::$Output->writeHeader('Database connection configuration'); echo 'Driver(default:' . $config['driver'] . '):'; $dbDriver = Console::$Input->read(); if (Arr::in($dbDriver, ['mysql', 'pgsql', 'sqlite'])) { $newConfig['driver'] = $dbDriver; } // for sqlite its would be a path echo 'Host(default:' . $config['host'] . '):'; $dbHost = Console::$Input->read(); if (!Str::likeEmpty($dbHost)) { $newConfig['host'] = $dbHost; } echo 'Database name(default:' . $config['database'] . '):'; $dbName = Console::$Input->read(); if (!Str::likeEmpty($dbName)) { $newConfig['database'] = $dbName; } echo 'User(default:' . $config['username'] . '):'; $dbUser = Console::$Input->read(); if (!Str::likeEmpty($dbUser)) { $newConfig['username'] = $dbUser; } echo 'Password(default:' . $config['password'] . '):'; $dbPwd = Console::$Input->read(); if (!Str::likeEmpty($dbPwd)) { $newConfig['password'] = $dbPwd; } echo 'Table prefix(default:' . $config['prefix'] . '):'; $dbPrefix = Console::$Input->read(); if (!Str::likeEmpty($dbPrefix)) { $newConfig['prefix'] = $dbPrefix; } // merge configs and add new connection to db pull $dbConfigs = Arr::merge($config, $newConfig); Console::$Database->addConnection($dbConfigs, 'install'); try { Console::$Database->connection('install')->getDatabaseName(); } catch (\Exception $e) { return 'Testing database connection is failed! Run installer again and pass tested connection data! Log: ' . $e->getMessage(); } // autoload isn't work here include root . '/Apps/Controller/Console/Db.php'; // import db data $dbController = new DbController(); echo $dbController->actionImportAll('install'); // add system info about current install version $system = new System(); $system->setConnection('install'); $system->var = 'version'; $system->data = Version::VERSION; $system->save(); // set website send from email from input $emailConfig = Console::$Properties->get('adminEmail'); echo 'Website sendFrom email(default: ' . $emailConfig . '):'; $email = Console::$Input->read(); if (!Str::isEmail($email)) { $email = $emailConfig; } // set base domain echo 'Website base domain name(ex. ffcms.org):'; $baseDomain = Console::$Input->read(); if (Str::likeEmpty($baseDomain)) { $baseDomain = Console::$Properties->get('baseDomain'); } // generate other configuration data and security salt, key's and other echo Console::$Output->writeHeader('Writing configurations'); /** @var array $allCfg */ $allCfg = Console::$Properties->getAll('default'); $allCfg['database'] = $dbConfigs; $allCfg['adminEmail'] = $email; $allCfg['baseDomain'] = $baseDomain; echo Console::$Output->write('Generate password salt for BLOWFISH crypt'); $allCfg['passwordSalt'] = '$2a$07$' . Str::randomLatinNumeric(mt_rand(21, 30)) . '$'; echo Console::$Output->write('Generate security cookies for debug panel'); $allCfg['debug']['cookie']['key'] = 'fdebug_' . Str::randomLatinNumeric(mt_rand(8, 32)); $allCfg['debug']['cookie']['value'] = Str::randomLatinNumeric(mt_rand(32, 128)); // write config data $writeCfg = Console::$Properties->writeConfig('default', $allCfg); if ($writeCfg !== true) { return 'File /Private/Config/Default.php is unavailable to write data!'; } File::write('/Private/Install/install.lock', 'Install is locked'); return 'Configuration done! FFCMS 3 is successful installed! Visit your website. You can add administrator using command php console.php db/adduser'; }