public function sendEmail($emailbody, $time, $value, $options) { global $user, $session; $timeformated = DateTime::createFromFormat("U", (int) $time); $timeformated->setTimezone(new DateTimeZone($this->parentProcessModel->timezone)); $timeformated = $timeformated->format("Y-m-d H:i:s"); $tag = array("{id}", "{type}", "{time}", "{value}"); $replace = array($options['sourceid'], $options['sourcetype'], $timeformated, $value); $emailbody = str_replace($tag, $replace, $emailbody); if ($options['sourcetype'] == "INPUT") { $inputdetails = $this->parentProcessModel->input->get_details($options['sourceid']); $tag = array("{key}", "{name}", "{node}"); $replace = array($inputdetails['name'], $inputdetails['description'], $inputdetails['nodeid']); $emailbody = str_replace($tag, $replace, $emailbody); } else { if ($options['sourcetype'] == "VIRTUALFEED") { // Not suported for VIRTUAL FEEDS } } $emailto = $user->get_email($session['userid']); require_once "Lib/email.php"; $email = new Email(); //$email->from(from); $email->to($emailto); $email->subject('Emoncms event alert'); $email->body($emailbody); $result = $email->send(); if (!$result['success']) { $this->log->error("Email send returned error. message='" . $result['message'] . "'"); } else { $this->log->info("Email sent to {$emailto}"); } }
function _sendPasswordTo($email) { $user = User::findBy('email', $email); if ($user) { use_helper('Email'); $new_pass = '******' . dechex(rand(100000000, 4294967295)) . 'K'; $user->password = sha1($new_pass); $user->save(); $email = new Email(); $email->from('*****@*****.**', 'Frog CMS'); $email->to($user->email); $email->subject('Your new password from Frog CMS'); $email->message('username: '******'success', 'An email has been send with your new password!'); redirect(get_url('login')); } else { Flash::set('email', $email); Flash::set('error', 'No user found!'); redirect(get_url('login/forgot')); } }
public function passwordreset($username, $emailto) { $username_out = preg_replace('/[^\\p{N}\\p{L}_\\s-]/u', '', $username); if (!filter_var($emailto, FILTER_VALIDATE_EMAIL)) { return array('success' => false, 'message' => _("Email address format error")); } $result = $this->mysqli->query("SELECT * FROM users WHERE `username`='{$username_out}' AND `email`='{$emailto}'"); if ($result->num_rows == 1) { $row = $result->fetch_array(); $userid = $row['id']; if ($userid > 0) { // Generate new random password $newpass = hash('sha256', md5(uniqid(rand(), true))); $newpass = substr($newpass, 0, 10); // Hash and salt $hash = hash('sha256', $newpass); $salt = md5(uniqid(rand(), true)); $password = hash('sha256', $salt . $hash); // Save password and salt $this->mysqli->query("UPDATE users SET password = '******', salt = '{$salt}' WHERE id = '{$userid}'"); //------------------------------------------------------------------------------ global $enable_password_reset; if ($enable_password_reset == true) { require "Lib/email.php"; $email = new Email(); //$email->from(from); $email->to($emailto); $email->subject('Emoncms password reset'); $email->body("<p>A password reset was requested for your emoncms account.</p><p>Your can now login with password: {$newpass} </p>"); $result = $email->send(); if (!$result['success']) { $this->log->error("Email send returned error. emailto=" + $emailto . " message='" . $result['message'] . "'"); } else { $this->log->info("Email sent to {$emailto}"); } } //------------------------------------------------------------------------------ // Sent email with $newpass to $email return array('success' => true, 'message' => "Password recovery email sent!"); } } return array('success' => false, 'message' => "An error occured"); }
public function sendMail($sendTo, $title, $msg) { $Email = new Email(); $config['protocol'] = 'sendmail'; $Email->initialize($config); $Email->from('*****@*****.**'); $Email->to($sendTo); //$Email->bcc('*****@*****.**'); $Email->subject($title); $Email->message($msg); $Email->send(); }
$dataline[$feedid] = ""; } } } if (!$firstline) { $time = $helperclass->getTimeZoneFormated($time, $usertimezone); } fputcsv($fh, array($time) + $dataline, $csv_field_separator); $firstline = false; } fclose($fh); if ($firstline == false) { $emailbody = "Attached is CSV for '" . $tag . "' tag."; $emailbody .= "\nTime range: " . $startText . " to " . $endText; require_once "Lib/email.php"; $email = new Email(); //$email->from(from); $email->to($emailto); $email->subject('Emoncms CSV Export ' . $tag . " (" . $startText . "-" . $endText . ")"); $email->body($emailbody); $email->attach($filename); $result = $email->send(); if (!$result['success']) { echo "Email send returned error. message='" . $result['message'] . "'"; $log->error("Email send returned error. message='" . $result['message'] . "'"); } else { $log->info("Email sent to {$emailto}"); } } } }
/** * Send the error page by e-mail * * @param string $message * @param string $error */ private function _sendErrorByEmail($message, $error) { $email = Config::get('debug.notification_email'); if ($email === false || $email === '' || !String::checkEmail($email)) { return; } $sender = Config::get('debug.notification_sender', 'noreply@' . $_SERVER['HTTP_HOST']); Email::to($email)->from($sender)->subject($message)->bodyHtml($error)->bodyText(strip_tags($error))->send(); }
public static function UpdateHandler(\Form $form){ /** @var \UserModel $user */ $user = $form->getElement('user')->get('value'); $userid = $user->get('id'); $usermanager = \Core\user()->checkAccess('p:/user/users/manage'); // Only allow this if the user is either the same user or has the user manage permission. if(!($userid == \Core\user()->get('id') || $usermanager)){ \Core\set_message('t:MESSAGE_ERROR_INSUFFICIENT_ACCESS_PERMISSIONS'); return false; } if(!$user->exists()){ \Core\set_message('t:MESSAGE_ERROR_REQUESTED_RESOURCE_NOT_FOUND'); return false; } $userisactive = $user->get('active'); $user->setFromForm($form); if($userisactive == 1 && $user->get('active') == 0){ // User was set from active to inactive. // Instead of setting to a new account, set to deactivated. $user->set('active', '-1'); } elseif($userisactive == -1 && $user->get('active') == 0){ // User was deactivated before, reset back to that. // This is because the active form element is simply an on/off checkbox. $user->set('active', '-1'); } $user->save(); if($userisactive == 0 && $user->get('active') == 1){ // If the user wasn't active before, but is now.... // Send an activation notice email to the user. try{ $email = new \Email(); $email->templatename = 'emails/user/activation.tpl'; $email->assign('user', $user); $email->assign('sitename', SITENAME); $email->assign('rooturl', ROOT_URL); $email->assign('loginurl', \Core\resolve_link('/user/login')); $email->setSubject('Welcome to ' . SITENAME); $email->to($user->get('email')); // TESTING //error_log($email->renderBody()); $email->send(); } catch(\Exception $e){ \Core\ErrorManagement\exception_handler($e); } } // If this was the current user, update the session data too! if($user->get('id') == \core\user()->get('id')){ Session::SetUser($user); if(\ConfigHandler::Get('/user/profileedits/requireapproval') && \Core::IsComponentAvailable('model-audit')){ \Core\set_message('t:MESSAGE_SUCCESS_UPDATED_OWN_USER_ACCOUNT_PENDING_APPROVAL'); } else{ \Core\set_message('t:MESSAGE_SUCCESS_UPDATED_OWN_USER_ACCOUNT'); } } else{ \Core\set_message('t:MESSAGE_SUCCESS_UPDATED_USER_ACCOUNT'); } return true; }
private function _writeMail($title, $message, $user = array(), $paw = NULL) { if (!$this->_validateObject($user, false)) { return false; } // GET LOGIN URL $url = $this->config["account_pages"]["login"]; if (defined("CMS_BACKEND") && CMS_BACKEND == true && startsWith($url, ADMIN_DIR . "/")) { $url = str_replace(ADMIN_DIR . "/", "", $url); } if (!startsWith($url, "http") && !startsWith($url, "www")) { $url = get_url($url); } $url = endsWith($url, "/") ? substr($url, 0, -1) : $url; // DEFAULT REPLACEMENTS $replacements = array("{{USR_USERNAME}}" => $user->username, "{{USR_NAME}}" => $user->name, "{{USR_EMAIL}}" => $user->email, "{{WEB_TITLE}}" => Setting::get("admin_title"), "{{WEB_LINK}}" => "<a href='" . URL_PUBLIC . "'>" . Setting::get("admin_title") . "</a>", "{{WEB_URL}}" => URL_PUBLIC, "{{WEB_EMAIL}}" => Setting::get("admin_email"), "{{WEB_LOGIN}}" => "<a href='" . $url . "'>" . __("Login") . "</a>", "{{WEB_LOGIN_URL}}" => $url); // PAW-ACTION REPLACEMENTS if (is_array($paw)) { if (!isset($paw["code"]) || !isset($paw["link"]) || !isset($paw["url"])) { return false; } $replacements["{{PAW_CODE}}"] = $paw["code"]; $replacements["{{PAW_LINK}}"] = $paw["link"]; $replacements["{{PAW_URL}}"] = $paw["url"]; } // eMAIL $message = str_replace(array_keys($replacements), array_values($replacements), nl2br($message)); use_helper("Email"); $email = new Email(); $email->to($user->email); $email->from($this->config["message_from"], Setting::get("admin_title")); $email->replyto($this->config["message_replyto"], Setting::get("admin_title")); $email->setMailtype($this->config["message_type"]); $email->subject($title); $email->message($message); if (@$email->send()) { return true; } return false; }
/** * Form Handler for logging in. * * @static * * @param \Form $form * * @return bool|null|string */ public static function LoginHandler(\Form $form){ /** @var \FormElement $e */ $e = $form->getElement('email'); /** @var \FormElement $p */ $p = $form->getElement('pass'); /** @var \UserModel $u */ $u = \UserModel::Find(array('email' => $e->get('value')), 1); if(!$u){ // Log this as a login attempt! $logmsg = 'Failed Login. Email not registered' . "\n" . 'Email: ' . $e->get('value') . "\n"; \SystemLogModel::LogSecurityEvent('/user/login', $logmsg); $e->setError('t:MESSAGE_ERROR_USER_LOGIN_EMAIL_NOT_FOUND'); return false; } if($u->get('active') == 0){ // The model provides a quick cut-off for active/inactive users. // This is the control managed with in the admin. $logmsg = 'Failed Login. User tried to login before account activation' . "\n" . 'User: '******'email') . "\n"; \SystemLogModel::LogSecurityEvent('/user/login', $logmsg, null, $u->get('id')); $e->setError('t:MESSAGE_ERROR_USER_LOGIN_ACCOUNT_NOT_ACTIVE'); return false; } elseif($u->get('active') == -1){ // The model provides a quick cut-off for active/inactive users. // This is the control managed with in the admin. $logmsg = 'Failed Login. User tried to login after account deactivation.' . "\n" . 'User: '******'email') . "\n"; \SystemLogModel::LogSecurityEvent('/user/login', $logmsg, null, $u->get('id')); $e->setError('t:MESSAGE_ERROR_USER_LOGIN_ACCOUNT_DEACTIVATED'); return false; } try{ /** @var \Core\User\AuthDrivers\datastore $auth */ $auth = $u->getAuthDriver('datastore'); } catch(Exception $e){ $e->setError('t:MESSAGE_ERROR_USER_LOGIN_PASSWORD_AUTH_DISABLED'); return false; } // This is a special case if the password isn't set yet. // It can happen with imported users or if a password is invalidated. if($u->get('password') == ''){ // Use the Nonce system to generate a one-time key with this user's data. $nonce = \NonceModel::Generate( '20 minutes', ['type' => 'password-reset', 'user' => $u->get('id')] ); $link = '/datastoreauth/forgotpassword?e=' . urlencode($u->get('email')) . '&n=' . $nonce; $email = new \Email(); $email->setSubject('Initial Password Request'); $email->to($u->get('email')); $email->assign('link', \Core\resolve_link($link)); $email->assign('ip', REMOTE_IP); $email->templatename = 'emails/user/initialpassword.tpl'; try{ $email->send(); \SystemLogModel::LogSecurityEvent('/user/initialpassword/send', 'Initial password request sent successfully', null, $u->get('id')); \Core\set_message('t:MESSAGE_INFO_USER_LOGIN_MUST_SET_NEW_PASSWORD_INSTRUCTIONS_HAVE_BEEN_EMAILED'); return true; } catch(\Exception $e){ \Core\ErrorManagement\exception_handler($e); \Core\set_message('t:MESSAGE_ERROR_USER_LOGIN_MUST_SET_NEW_PASSWORD_UNABLE_TO_SEND_EMAIL'); return false; } } if(!$auth->checkPassword($p->get('value'))){ // Log this as a login attempt! $logmsg = 'Failed Login. Invalid password' . "\n" . 'Email: ' . $e->get('value') . "\n"; \SystemLogModel::LogSecurityEvent('/user/login/failed_password', $logmsg, null, $u->get('id')); // Also, I want to look up and see how many login attempts there have been in the past couple minutes. // If there are too many, I need to start slowing the attempts. $time = new \CoreDateTime(); $time->modify('-5 minutes'); $securityfactory = new \ModelFactory('SystemLogModel'); $securityfactory->where('code = /user/login/failed_password'); $securityfactory->where('datetime > ' . $time->getFormatted(\Time::FORMAT_EPOCH, \Time::TIMEZONE_GMT)); $securityfactory->where('ip_addr = ' . REMOTE_IP); $attempts = $securityfactory->count(); if($attempts > 4){ // Start slowing down the response. This should help deter brute force attempts. // (x+((x-7)/4)^3)-4 sleep( ($attempts+(($attempts-7)/4)^3)-4 ); // This makes a nice little curve with the following delays: // 5th attempt: 0.85 // 6th attempt: 2.05 // 7th attempt: 3.02 // 8th attempt: 4.05 // 9th attempt: 5.15 // 10th attempt: 6.52 // 11th attempt: 8.10 // 12th attempt: 10.05 } $e->setError('t:MESSAGE_ERROR_USER_LOGIN_INCORRECT_PASSWORD'); $p->set('value', ''); return false; } if($form->getElementValue('redirect')){ // The page was set via client-side javascript on the login page. // This is the most reliable option. $url = $form->getElementValue('redirect'); } elseif(REL_REQUEST_PATH == '/user/login'){ // If the user came from the registration page, get the page before that. $url = $form->referrer; } else{ // else the registration link is now on the same page as the 403 handler. $url = REL_REQUEST_PATH; } // Well, record this too! \SystemLogModel::LogSecurityEvent('/user/login', 'Login successful (via password)', null, $u->get('id')); // yay... $u->set('last_login', \CoreDateTime::Now('U', \Time::TIMEZONE_GMT)); $u->save(); \Core\Session::SetUser($u); // Allow an external script to override the redirecting URL. $overrideurl = \HookHandler::DispatchHook('/user/postlogin/getredirecturl'); if($overrideurl){ $url = $overrideurl; } return $url; }
/** * This method is used to send a newly generated password to a user. * * @param string $email The user's email adress. */ private function _sendPasswordTo($email) { $user = User::findBy('email', $email); if ($user) { use_helper('Email'); $new_pass = '******' . dechex(rand(100000000, 4294967295)) . 'K'; $user->password = AuthUser::generateHashedPassword($new_pass . $user->salt); $user->save(); $email = new Email(); $email->from(Setting::get('admin_email'), Setting::get('admin_title')); $email->to($user->email); $email->subject(__('Your new password from ') . Setting::get('admin_title')); $email->message(__('Username') . ': ' . $user->username . "\n" . __('Password') . ': ' . $new_pass); $email->send(); Flash::set('success', __('An email has been sent with your new password!')); redirect(get_url('login')); } else { Flash::set('email', $email); Flash::set('error', __('No user found!')); redirect(get_url('login/forgot')); } }
/** * Page to enable Facebook logins for user accounts. * * @return int|null|string */ public function enable() { $request = $this->getPageRequest(); $auths = \Core\User\Helper::GetEnabledAuthDrivers(); if (!isset($auths['facebook'])) { // Facebook isn't enabled, simply redirect to the home page. \Core\redirect('/'); } if (!FACEBOOK_APP_ID) { \Core\redirect('/'); } if (!FACEBOOK_APP_SECRET) { \Core\redirect('/'); } // If it was a POST, then it should be the first page. if ($request->isPost()) { $facebook = new Facebook(['appId' => FACEBOOK_APP_ID, 'secret' => FACEBOOK_APP_SECRET]); // Did the user submit the facebook login request? if (isset($_POST['login-method']) && $_POST['login-method'] == 'facebook' && $_POST['access-token']) { try { $facebook->setAccessToken($_POST['access-token']); /** @var int $fbid The user ID from facebook */ $fbid = $facebook->getUser(); /** @var array $user_profile The array of user data from Facebook */ $user_profile = $facebook->api('/me'); } catch (Exception $e) { \Core\set_message($e->getMessage(), 'error'); \Core\go_back(); return null; } // If the user is logged in, then the verification logic is slightly different. if (\Core\user()->exists()) { // Logged in users, the email must match. if (\Core\user()->get('email') != $user_profile['email']) { \Core\set_message('Your Facebook email is ' . $user_profile['email'] . ', which does not match your account email! Unable to link accounts.', 'error'); \Core\go_back(); return null; } $user = \Core\user(); } else { /** @var \UserModel|null $user */ $user = UserModel::Find(['email' => $user_profile['email']], 1); if (!$user) { \Core\set_message('No local account found with the email ' . $user_profile['email'] . ', please <a href="' . \Core\resolve_link('/user/register') . '"create an account</a> instead.', 'error'); \Core\go_back(); return null; } } // Send an email with a nonce link that will do the actual activation. // This is a security feature so just anyone can't link another user's account. $nonce = NonceModel::Generate('20 minutes', null, ['user' => $user, 'access_token' => $_POST['access-token']]); $email = new Email(); $email->to($user->get('email')); $email->setSubject('Facebook Activation Request'); $email->templatename = 'emails/facebook/enable_confirmation.tpl'; $email->assign('link', \Core\resolve_link('/facebook/enable/' . $nonce)); if ($email->send()) { \Core\set_message('An email has been sent to your account with a link enclosed. Please click on that to complete activation within twenty minutes.', 'success'); \Core\go_back(); return null; } else { \Core\set_message('Unable to send a confirmation email, please try again later.', 'error'); \Core\go_back(); return null; } } } // If there is a nonce enclosed, then it should be the second confirmation page. // This is the one that actually performs the action. if ($request->getParameter(0)) { /** @var NonceModel $nonce */ $nonce = NonceModel::Construct($request->getParameter(0)); if (!$nonce->isValid()) { \Core\set_message('Invalid key requested.', 'error'); \Core\redirect('/'); return null; } $nonce->decryptData(); $data = $nonce->get('data'); /** @var UserModel $user */ $user = $data['user']; try { $facebook = new Facebook(['appId' => FACEBOOK_APP_ID, 'secret' => FACEBOOK_APP_SECRET]); $facebook->setAccessToken($data['access_token']); $facebook->getUser(); $facebook->api('/me'); } catch (Exception $e) { \Core\set_message($e->getMessage(), 'error'); \Core\redirect('/'); return null; } $user->enableAuthDriver('facebook'); /** @var \Facebook\UserAuth $auth */ $auth = $user->getAuthDriver('facebook'); $auth->syncUser($data['access_token']); \Core\set_message('Linked Facebook successfully!', 'success'); // And log the user in! if (!\Core\user()->exists()) { $user->set('last_login', \CoreDateTime::Now('U', \Time::TIMEZONE_GMT)); $user->save(); \Core\Session::SetUser($user); } \Core\redirect('/'); return null; } }
/** * Add a receiver * * @param \Email $mailer * @param $email * @param null $name */ protected function addReceiver(Email $mailer, $email, $name = null) { if (!is_string($email)) { $email = $name; $name = null; } if (Valid::email($email)) { Kohana::$log->add(Log::INFO, '-----> Recipient: ' . $email . ' (' . $name . ')'); $mailer->to($email, $name); } }
/** * Simple controller to activate a user account. * Meant to be called with json only. */ public function activate(){ $req = $this->getPageRequest(); $view = $this->getView(); $userid = $req->getPost('user') ? $req->getPost('user') : $req->getParameter('user'); $active = ($req->getPost('status') !== null) ? $req->getPost('status') : $req->getParameter('status'); if($active === '') $active = 1; // default. if(!\Core\user()->checkAccess('p:/user/users/manage')){ return View::ERROR_ACCESSDENIED; } if(!$req->isPost()){ return View::ERROR_BADREQUEST; } if(!$userid){ return View::ERROR_BADREQUEST; } $user = UserModel::Construct($userid); if(!$user->exists()){ return View::ERROR_NOTFOUND; } $user->set('active', $active); $user->save(); // Send an activation notice email to the user if the active flag is set to true. if($active){ try{ $email = new Email(); if(!$user->get('password')){ // Generate a Nonce for this user with the password reset. // Use the Nonce system to generate a one-time key with this user's data. $nonce = NonceModel::Generate( '1 week', ['type' => 'password-reset', 'user' => $user->get('id')] ); $setpasswordlink = \Core\resolve_link('/datastoreauth/forgotpassword?e=' . urlencode($user->get('email')) . '&n=' . $nonce); } else{ $setpasswordlink = null; } $email->templatename = 'emails/user/activation.tpl'; $email->assign('user', $user); $email->assign('sitename', SITENAME); $email->assign('rooturl', ROOT_URL); $email->assign('loginurl', \Core\resolve_link('/user/login')); $email->assign('setpasswordlink', $setpasswordlink); $email->setSubject('Welcome to ' . SITENAME); $email->to($user->get('email')); // TESTING //error_log($email->renderBody()); $email->send(); } catch(\Exception $e){ \Core\ErrorManagement\exception_handler($e); } } if($req->isJSON()){ $view->mode = View::MODE_AJAX; $view->contenttype = View::CTYPE_JSON; $view->jsondata = array( 'userid' => $user->get('id'), 'active' => $user->get('active'), ); } else{ \Core\go_back(); } }
/** * Send the commands to a user to verify they have access to the provided GPG key. * * @param \UserModel $user * @param string $fingerprint * @param boolean $cli Set to false to send non-CLI instructions. * * @return false|string */ public static function SendVerificationEmail(\UserModel $user, $fingerprint, $cli = true){ $sentence = trim(\BaconIpsumGenerator::Make_a_Sentence()); $nonce = \NonceModel::Generate( '30 minutes', null, [ 'sentence' => $sentence, 'key' => $fingerprint, 'user' => $user->get('id'), ] ); $key = $user->get('apikey'); $url = \Core\resolve_link('/gpgauth/rawverify'); if($cli){ $cmd = <<<EOD echo -n "{$sentence}" \\ | gpg -b -a --default-key $fingerprint \\ | curl --data-binary @- \\ --header "X-Core-Nonce-Key: $nonce" \\ $url EOD; } else{ $cmd = <<<EOD echo -n "{$sentence}" | gpg -b -a EOD; } $email = new \Email(); $email->templatename = 'emails/user/gpgauth_key_verification.tpl'; $email->setSubject('GPG Key Change Request'); $email->assign('key', $fingerprint); $email->assign('sentence', $sentence); $email->assign('user', $user); $email->assign('cmd', $cmd); $email->to($user->get('email')); $email->setEncryption($fingerprint); \SystemLogModel::LogSecurityEvent('/user/gpg/submit', 'Verification requested for key ' . $fingerprint, null, $user->get('id')); if(!$email->send()){ return false; } else{ return $nonce; } }
/** * Send the user's welcome email * * @throw \Exception */ public function sendWelcomeEmail(){ $email = new \Email(); $email->templatename = 'emails/user/registration.tpl'; $email->assign('user', $this); $email->assign('sitename', SITENAME); $email->assign('rooturl', ROOT_URL); $email->assign('loginurl', \Core\resolve_link('/user/login')); $email->setSubject('Welcome to ' . SITENAME); $email->to($this->get('email')); // TESTING //error_log($email->renderBody()); $email->send(); }