public function __construct($sTable)
{
parent::__construct();
$oUserModel = new UserCoreModel();
$sMail = $this->httpRequest->post('mail');
if (!($iProfileId = $oUserModel->getId($sMail, null, $sTable))) {
sleep(1);
// Security against brute-force attack to avoid drowning the server and the database
\PFBC\Form::setError('form_forgot_password', t('Oops, this "%0%" is not associated with any %site_name% account. Please, make sure that you entered the e-mail address used in creating your account.', escape(substr($sMail, 0, PH7_MAX_EMAIL_LENGTH))));
} else {
$oUserModel->setNewHashValidation($iProfileId, Various::genRnd(), $sTable);
(new UserCore())->clearReadProfileCache($iProfileId, $sTable);
// Clean the profile data (for the new hash)
$oData = $oUserModel->readProfile($iProfileId, $sTable);
/** We place the text outside of Uri::get() otherwise special characters will be deleted and the parameters passed in the url will be unusable thereafter. **/
$sResetUrl = Uri::get('lost-password', 'main', 'reset', $this->httpRequest->get('mod')) . PH7_SH . $oData->email . PH7_SH . $oData->hashValidation;
$this->view->content = t('Hello %0%!<br />Somebody (from the IP address %1%) has requested a new password for their account.', $oData->username, Ip::get()) . '<br />' . t('If you requested for this, click on the link below, otherwise ignore this email and your password will remain unchanged.') . '<br /><a href="' . $sResetUrl . '">' . $sResetUrl . '</a>';
$sMessageHtml = $this->view->parseMail(PH7_PATH_SYS . 'global/' . PH7_VIEWS . PH7_TPL_NAME . '/mail/sys/mod/lost-password/confirm-lost-password.tpl', $oData->email);
$aInfo = ['to' => $oData->email, 'subject' => t('Request for new password - %site_name%')];
unset($oData);
if (!(new Mail())->send($aInfo, $sMessageHtml)) {
\PFBC\Form::setError('form_forgot_password', Form::errorSendingEmail());
} else {
\PFBC\Form::setSuccess('form_forgot_password', t('Successfully requested a new password, email sent!'));
}
}
unset($oUserModel);
}
public function __construct()
{
parent::__construct();
$oUserModel = new UserCoreModel();
$oSecurityModel = new SecurityModel();
$sEmail = $this->httpRequest->post('mail');
$sPassword = $this->httpRequest->post('password');
/** Check if the connection is not locked **/
$bIsLoginAttempt = (bool) DbConfig::getSetting('isUserLoginAttempt');
$iMaxAttempts = (int) DbConfig::getSetting('maxUserLoginAttempts');
$iTimeDelay = (int) DbConfig::getSetting('loginUserAttemptTime');
if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view)) {
\PFBC\Form::setError('form_login_user', Form::loginAttemptsExceededMsg($iTimeDelay));
return;
// Stop execution of the method.
}
// Check Login
$sLogin = $oUserModel->login($sEmail, $sPassword);
if ($sLogin === 'email_does_not_exist' || $sLogin === 'password_does_not_exist') {
sleep(1);
// Security against brute-force attack to avoid drowning the server and the database
if ($sLogin === 'email_does_not_exist') {
$this->session->set('captcha_enabled', 1);
// Enable Captcha
\PFBC\Form::setError('form_login_user', t('Oops! "%0%" is not associated with any %site_name% account.', escape(substr($sEmail, 0, PH7_MAX_EMAIL_LENGTH))));
$oSecurityModel->addLoginLog($sEmail, 'Guest', 'No Password', 'Failed! Incorrect Username');
} elseif ($sLogin === 'password_does_not_exist') {
$oSecurityModel->addLoginLog($sEmail, 'Guest', $sPassword, 'Failed! Incorrect Password');
if ($bIsLoginAttempt) {
$oSecurityModel->addLoginAttempt();
}
$this->session->set('captcha_enabled', 1);
// Enable Captcha
$sWrongPwdTxt = t('Oops! This password you entered is incorrect.') . '<br />';
$sWrongPwdTxt .= t('Please try again (make sure your caps lock is off).') . '<br />';
$sWrongPwdTxt .= t('Forgot your password? <a href="%0%">Request a new one</a>.', Uri::get('lost-password', 'main', 'forgot', 'user'));
\PFBC\Form::setError('form_login_user', $sWrongPwdTxt);
}
} else {
$oSecurityModel->clearLoginAttempts();
$this->session->remove('captcha_enabled');
$iId = $oUserModel->getId($sEmail);
$oUserData = $oUserModel->readProfile($iId);
if ($this->httpRequest->postExists('remember')) {
// We hash again the password
(new Framework\Cookie\Cookie())->set(array('member_remember' => Security::hashCookie($oUserData->password), 'member_id' => $oUserData->profileId));
}
$oUser = new UserCore();
if (true !== ($mStatus = $oUser->checkAccountStatus($oUserData))) {
\PFBC\Form::setError('form_login_user', $mStatus);
} else {
$oUser->setAuth($oUserData, $oUserModel, $this->session);
Header::redirect(Uri::get('user', 'account', 'index'), t('You are successfully logged!'));
}
}
}
/**
* @return void
*/
public function __construct()
{
parent::__construct();
// Import the library
Import::lib('Service.Twitter.tmhOAuth');
Import::lib('Service.Twitter.tmhUtilities');
$this->_oTwOAuth = new \tmhOAuth(Config::getInstance()->values['module.api']['twitter.consumer_key'], Config::getInstance()->values['module.api']['twitter.consumer_secret_key']);
// determine the authentication status
// default to 0
$this->_iState = 0;
if (isset($_COOKIE['access_token'], $_COOKIE['access_token_secret'])) {
// 2 (authenticated) if the cookies are set
$this->_iState = 2;
} elseif (isset($_SESSION['authstate'])) {
// otherwise use value stored in session
$this->_iState = (int) $_SESSION['authstate'];
}
if ($this->_iState == 1) {
// if we are in the process of authentication we continue
$this->auth();
} elseif ($this->_iState == 2 && !$this->auth()) {
// verify authentication, clearing cookies if it fails
$this->endSession();
}
if ($this->auth()) {
$aProfile = $this->_oTwOAuth->extract_params($this->_oTwOAuth->response['response']);
if (empty($aProfile['error'])) {
// User info is ok? Here we will be connect the user and/or adding the login and registering routines...
$oUserModel = new UserCoreModel();
if (!($iId = $oUserModel->getId($aProfile['email']))) {
// Add User if it does not exist in our database
$this->add(escape($aProfile, true), $oUserModel);
// Add User Avatar
$this->setAvatar($aProfile);
$this->oDesign->setFlashMsg(t('You have now been registered! %0%', (new Registration())->sendMail($this->_aUserInfo, true)->getMsg()));
$this->sUrl = Uri::get('connect', 'main', 'register');
} else {
// Login
$this->setLogin($iId, $oUserModel);
$this->sUrl = Uri::get('connect', 'main', 'home');
}
unset($oUserModel);
} else {
// For testing purposes, if there was an error, let's kill the script
$this->oDesign->setFlashMsg(t('Oops! An error has occurred. Please try again later.'));
$this->sUrl = Uri::get('connect', 'main', 'index');
}
} else {
$this->sUrl = Uri::get('connect', 'main', 'index');
}
}
/**
* Constructor.
*
* @param object \PH7\Framework\Session\Session $oSession
* @param object \PH7\Framework\Mvc\Request\Http $oHttpRequest
* @param object \PH7\Framework\Registry\Registry $oRegistry
* @return void
*/
public function __construct(Session $oSession, HttpRequest $oHttpRequest, Registry $oRegistry)
{
parent::__construct();
/*** Import the libraries ***/
Import::lib('Service.Google.OAuth.Google_Client');
Import::lib('Service.Google.OAuth.contrib.Google_Oauth2Service');
$oClient = new \Google_Client();
$oClient->setApplicationName($oRegistry->site_name);
$this->_setConfig($oClient);
$oOauth = new \Google_Oauth2Service($oClient);
if ($oHttpRequest->getExists('code')) {
$oClient->authenticate();
$oSession->set('token', $oClient->getAccessToken());
$this->sUrl = Uri::get('connect', 'main', 'home');
}
if ($oSession->exists('token')) {
$oClient->setAccessToken($oSession->get('token', false));
}
if ($oClient->getAccessToken()) {
// User info is ok? Here we will be connect the user and/or adding the login and registering routines...
$oUserModel = new UserCoreModel();
// Get information of user
$aUserData = $oOauth->userinfo->get();
if (!($iId = $oUserModel->getId($aUserData['email']))) {
// Add User if it does not exist in our database
$this->add(escape($aUserData, true), $oUserModel);
// Add User Avatar
if (!empty($aUserData['picture'])) {
$this->setAvatar($aUserData['picture']);
}
$this->oDesign->setFlashMsg(t('You have now been registered! %0%', (new Registration())->sendMail($this->_aUserInfo, true)->getMsg()));
$this->sUrl = Uri::get('connect', 'main', 'register');
} else {
// Login
$this->setLogin($iId, $oUserModel);
$this->sUrl = Uri::get('connect', 'main', 'home');
}
// Add the access token
$oSession->set('token', $oClient->getAccessToken());
unset($oUserModel);
} else {
$this->sUrl = $oClient->createAuthUrl();
}
unset($oClient, $oOauth);
}
/**
* @return void
*/
public function __construct()
{
parent::__construct();
// Import the library
Import::lib('Service.Microsoft.Live.oauth_client');
Import::lib('Service.Microsoft.Live.http');
$this->_oClient = new \oauth_client_class();
$this->_setConfig();
/* API permissions */
$this->_oClient->scope = 'wl.basic wl.emails wl.birthday';
if ($bSuccess = $this->_oClient->Initialize()) {
if ($bSuccess = $this->_oClient->Process()) {
if (strlen($this->_oClient->authorization_error)) {
$this->_oClient->error = $this->_oClient->authorization_error;
$bSuccess = false;
} elseif (strlen($this->_oClient->access_token)) {
$bSuccess = $this->_oClient->CallAPI('https://apis.live.net/v5.0/me', 'GET', array(), array('FailOnAccessError' => true), $oUserData);
}
}
$bSuccess = $this->_oClient->Finalize($bSuccess);
}
if ($this->_oClient->exit) {
exit(1);
}
if ($bSuccess) {
// User info is ok? Here we will be connect the user and/or adding the login and registering routines...
$oUserModel = new UserCoreModel();
if (!($iId = $oUserModel->getId($oUserData->emails->account))) {
// Add User if it does not exist in our database
$this->add(escape($oUserData, true), $oUserModel);
$this->oDesign->setFlashMsg(t('You have now been registered! %0%', (new Registration())->sendMail($this->_aUserInfo, true)->getMsg()));
$this->sUrl = Uri::get('connect', 'main', 'register');
} else {
// Login
$this->setLogin($iId, $oUserModel);
$this->sUrl = Uri::get('connect', 'main', 'home');
}
unset($oUserModel);
} else {
// For testing purposes, if there was an error, let's kill the script
$this->oDesign->setFlashMsg(t('Oops! An error has occurred. Please try again later.'));
$this->sUrl = Uri::get('connect', 'main', 'index');
}
}
/**
* @return void
*/
public function __construct()
{
parent::__construct();
Import::lib('Service.Facebook.Facebook');
// Import the library
$oFb = new \Facebook(array('appId' => Config::getInstance()->values['module.api']['facebook.id'], 'secret' => Config::getInstance()->values['module.api']['facebook.secret_key']));
$sUserId = $oFb->getUser();
if ($sUserId) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$aProfile = $oFb->api('/me');
} catch (\FacebookApiException $oE) {
Framework\Error\CException\PH7Exception::launch($oE);
$sUserId = null;
}
if ($aProfile) {
// User info is ok? Here we will be connect the user and/or adding the login and registering routines...
$oUserModel = new UserCoreModel();
if (!($iId = $oUserModel->getId($aProfile['email']))) {
// Add User if it does not exist in our database
$this->add(escape($aProfile, true), $oUserModel);
// Add User Avatar
$this->setAvatar($sUserId);
$this->oDesign->setFlashMsg(t('You have now been registered! %0%', (new Registration())->sendMail($this->_aUserInfo, true)->getMsg()));
$this->sUrl = Uri::get('connect', 'main', 'register');
} else {
// Login
$this->setLogin($iId, $oUserModel);
$this->sUrl = Uri::get('connect', 'main', 'home');
}
unset($oUserModel);
} else {
// For testing purposes, if there was an error, let's kill the script
$this->oDesign->setFlashMsg(t('Oops! An error has occurred. Please try again later.'));
$this->sUrl = Uri::get('connect', 'main', 'index');
}
} else {
// There's no active session, let's generate one
$this->sUrl = $oFb->getLoginUrl(array('scope' => 'email,user_birthday,user_relationships,user_relationship_details,user_hometown,user_location,user_interests,user_about_me,user_likes,user_website'));
}
unset($oFb);
}
public function __construct()
{
parent::__construct();
$oUserModel = new UserCoreModel();
$oMailModel = new MailModel();
$bIsAdmin = AdminCore::auth() && !UserCore::auth() && !$this->session->exists('login_user_as');
$sMessage = $this->httpRequest->post('message', Http::ONLY_XSS_CLEAN);
$sCurrentTime = $this->dateTime->get()->dateTime('Y-m-d H:i:s');
$iTimeDelay = (int) DbConfig::getSetting('timeDelaySendMail');
$sRecipient = $this->httpRequest->post('recipient');
$iRecipientId = $oUserModel->getId(null, $sRecipient);
$iSenderId = (int) ($bIsAdmin ? PH7_ADMIN_ID : $this->session->get('member_id'));
if ($iSenderId == $iRecipientId) {
\PFBC\Form::setError('form_compose_mail', t('Oops! You can not send a message to yourself.'));
} elseif ($sRecipient == PH7_ADMIN_USERNAME) {
\PFBC\Form::setError('form_compose_mail', t('Oops! You cannot reply to administrator! If you want to contact us, please use our <a href="%0%">contact form</a>.', Uri::get('contact', 'contact', 'index')));
} elseif (!(new ExistsCoreModel())->id($iRecipientId, 'Members')) {
\PFBC\Form::setError('form_compose_mail', t('Oops! The username "%0%" does not exist.', escape(substr($this->httpRequest->post('recipient'), 0, PH7_MAX_USERNAME_LENGTH), true)));
} elseif (!$bIsAdmin && !$oMailModel->checkWaitSend($iSenderId, $iTimeDelay, $sCurrentTime)) {
\PFBC\Form::setError('form_compose_mail', Form::waitWriteMsg($iTimeDelay));
} elseif (!$bIsAdmin && $oMailModel->isDuplicateContent($iSenderId, $sMessage)) {
\PFBC\Form::setError('form_compose_mail', Form::duplicateContentMsg());
} else {
$mSendMsg = $oMailModel->sendMsg($iSenderId, $iRecipientId, $this->httpRequest->post('title'), $sMessage, $sCurrentTime);
if (false === $mSendMsg) {
\PFBC\Form::setError('form_compose_mail', t('Problem while sending the message. Please try again later.'));
} else {
// If the notification is accepted and the message recipient isn't connected NOW, we send a message.
if (!$oUserModel->isNotification($iRecipientId, 'newMsg') && $oUserModel->isOnline($iRecipientId, 0)) {
$this->view->content = t('Hello %0%!<br />You have received a new message from <strong>%1%</strong>.<br /> <a href="%2%">Click here</a> to read your message.', $this->httpRequest->post('recipient'), $this->session->get('member_username'), Uri::get('mail', 'main', 'inbox', $mSendMsg));
$sRecipientEmail = $oUserModel->getEmail($iRecipientId);
$sMessageHtml = $this->view->parseMail(PH7_PATH_SYS . 'global/' . PH7_VIEWS . PH7_TPL_NAME . '/mail/sys/mod/mail/new_msg.tpl', $sRecipientEmail);
$aInfo = ['to' => $sRecipientEmail, 'subject' => t('New private message from %0% on %site_name%', $this->session->get('member_first_name'))];
(new Mail())->send($aInfo, $sMessageHtml);
}
$sUrl = $bIsAdmin ? Uri::get(PH7_ADMIN_MOD, 'user', 'browse') : Uri::get('mail', 'main', 'index');
Header::redirect($sUrl, t('Your message has been sent successfully!'));
}
unset($oUserModel, $oMailModel);
}
}
protected function isOnline($sUsername)
{
$oUserModel = new UserCoreModel();
$iProfileId = $oUserModel->getId(null, $sUsername);
$bIsOnline = $oUserModel->isOnline($iProfileId, Framework\Mvc\Model\DbConfig::getSetting('userTimeout'));
unset($oUserModel);
return $bIsOnline;
}
