$app->get('/account/lang', function () use($app) {
ok(DatawrapperSession::getLanguage());
});
/* set a new language */
$app->put('/account/lang', function () use($app) {
$data = json_decode($app->request()->getBody());
DatawrapperSession::setLanguage($data->lang);
ok();
});
/* login user */
$app->post('/auth/login', function () use($app) {
$payload = json_decode($app->request()->getBody());
// v-- don't expire login anymore
$user = UserQuery::create()->findOneByEmail($payload->email);
if (!empty($user) && $user->getDeleted() == false) {
if ($user->getPwd() === secure_password($payload->pwhash)) {
DatawrapperSession::login($user, $payload->keeplogin == true);
ok();
} else {
Action::logAction($user, 'wrong-password', json_encode(get_user_ips()));
error('login-invalid', __('The password is incorrect.'));
}
} else {
error('login-email-unknown', __('The email is not registered yet.'));
}
});
/* return the server salt for secure auth */
$app->get('/auth/salt', function () use($app) {
ok(array('salt' => DW_AUTH_SALT));
});
/*
});
//GET route
$app->get('/setup', function () use($app) {
disable_cache($app);
if (DatawrapperSession::getUser()->isLoggedIn() || UserQuery::create()->filterByRole(array('admin', 'sysadmin'))->count() > 0) {
$app->redirect('/');
}
$page = array('title' => 'Datawrapper', 'pageClass' => 'setup', 'noHeader' => true, 'noFooter' => true, 'noSignup' => true, 'auth_salt' => DW_AUTH_SALT);
add_header_vars($page, '');
$app->render('setup.twig', $page);
});
/*
* endpoint for final setup script
*/
$app->post('/setup', function () use($app) {
$data = json_decode($app->request()->getBody());
// check that there is no admin user yet (only true right after setup)
if (UserQuery::create()->count() == 0) {
$user = new User();
$user->setCreatedAt(time());
$user->setEmail($data->email);
$user->setRole('admin');
$user->setPwd(secure_password($data->pwd));
$user->setLanguage(DatawrapperSession::getLanguage());
$user->save();
DatawrapperSession::login($user);
$app->redirect('/');
} else {
print json_encode(array('status' => 'fail'));
}
});
public function setPwd($pwd)
{
return parent::setPwd(secure_password($pwd));
}
if ($curUser->isLoggedIn()) {
if ($user_id == 'current' || $curUser->getId() === $user_id) {
$user = $curUser;
} else {
if ($curUser->isAdmin()) {
$user = UserQuery::create()->findPK($user_id);
}
}
if (!empty($user)) {
$messages = array();
$errors = array();
if (!empty($payload->pwd)) {
// update password
$chk = false;
if (!empty($payload->oldpwhash)) {
$chk = $user->getPwd() === secure_password($payload->oldpwhash);
}
if ($chk || $curUser->isSysAdmin()) {
$user->setPwd($payload->pwd);
Action::logAction($curUser, 'change-password', array('user' => $user->getId()));
} else {
Action::logAction($curUser, 'change-password-failed', array('user' => $user->getId(), 'reason' => 'old password is wrong'));
$errors[] = __('The password could not be changed because your old password was not entered correctly.');
}
}
if (!empty($payload->email) && $payload->email != $user->getEmail()) {
if (check_email($payload->email) || $curUser->isAdmin()) {
if (!email_exists($payload->email)) {
if ($curUser->isAdmin()) {
$user->setEmail($payload->email);
} else {
return;
}
} else {
$pwd = $payload->pwd;
}
if ($curUser->isLoggedIn()) {
if ($user_id == 'current' || $curUser->getId() == $user_id) {
$user = $curUser;
} else {
if ($curUser->isAdmin()) {
$user = UserQuery::create()->findPK($user_id);
$pwd = $user->getPwd();
}
}
if (!empty($user)) {
if ($user->getPwd() === secure_password($pwd)) {
// Delete user
if (!$curUser->isAdmin()) {
DatawrapperSession::logout();
}
$user->erase();
ok();
} else {
Action::logAction($user, 'delete-request-wrong-password', json_encode(get_user_ips()));
error('wrong-password', __('The password you entered is not correct.'));
}
} else {
error('user-not-found', 'no user found with that id');
}
} else {
error('need-login', 'you must be logged in to do that');
<?php
/*
* This scripts secures all passwords in the database with the
* secure_auth_key that was introduced in 1.3.2.
*
* Please run this script only once(!) when migrating to 1.3.2 and
* please BACK UP YOUR DATABASE first, in case something goes wrong.
*
* OTHERWISE your users won't be able to login anymore.
*/
define('ROOT_PATH', '../../');
define('NO_SLIM', 1);
require_once ROOT_PATH . 'lib/bootstrap.php';
if (empty($dw_config['secure_auth_key'])) {
die("You need to specify a secure auth key in config.yaml");
}
foreach (UserQuery::create()->find() as $user) {
$user->setPwd(secure_password($user->getPwd()));
$user->save();
}
print "ok.\n";
