public function action_lostpw()
{
$this->template->page_title = 'Passwort vergessen';
$this->template->content = View::factory('user/lostpw');
$replies = new stdClass();
$recaptcha_config = (object) Kohana::$config->load('recaptcha');
$this->template->content->captcha = recaptcha_get_html($recaptcha_config->recaptcha_pubkey);
if (Request::POST === $this->request->method()) {
$resp = recaptcha_check_answer($recaptcha_config->recaptcha_privkey, $_SERVER["REMOTE_ADDR"], $this->request->post('recaptcha_challenge_field'), $this->request->post('recaptcha_response_field'));
$continue = false;
$using = '';
if (filter_var($this->request->post('email'), FILTER_VALIDATE_EMAIL) && $this->request->post('email') === $this->request->post('email_confirm')) {
$continue = true;
$using = 'mail';
} else {
if ($this->request->post('username')) {
$continue = true;
$using = 'username';
}
}
// correct captcha?
if ($resp->is_valid && $continue) {
// Key = ID+Register-Date+1hour
switch ($using) {
case 'mail':
$restore_user = ORM::factory('User')->where('email', '=', $this->request->post('email'))->find();
break;
case 'username':
$restore_user = ORM::factory('User')->where('username', '=', $this->request->post('username'))->find();
break;
}
if ($restore_user->loaded()) {
$encryption = Kohana_Encrypt::instance();
$encryption->_key = '>;`];#k7>T}7f?$>{u"XK^K~Db/.P!//';
$confirmation_key = $encryption->encode($restore_user->id . '-' . $restore_user->email . '-' . (time() + 3600));
$confirmation_key = base64_encode($confirmation_key);
$confirmation_url = '<a href="' . $this->project_config->project_url . '/lostpw/' . $confirmation_key . '">' . $this->project_config->project_url . '/lostpw/' . $confirmation_key . '</a>';
// SWIFTMAILER MAGIC
$swc = (object) Kohana::$config->load('smtp.default');
$transport = Swift_SmtpTransport::newInstance($swc->host, $swc->port, $swc->ssl ? 'ssl' : null)->setUsername($swc->user)->setPassword($swc->password);
$mailer = Swift_Mailer::newInstance($transport);
$body = $swc->body_lostPassword;
$body = str_replace('%USERNAME%', $restore_user->username, $body);
$body = str_replace('%CONFIRMATION_URL%', $confirmation_url, $body);
$body = str_replace('%PROJECTURL%', $this->project_config->project_url, $body);
$message = Swift_Message::newInstance(__('Dein neues Kennwort für') . ' ' . $this->project_config->project_name)->setFrom($swc->from)->setTo(array($restore_user->email))->setBody($body, 'text/html');
$result = $mailer->send($message);
$replies->confirmation_sent = true;
ORM::factory('Log')->log('resetpw_confirm', 'sent confirmation to: ' . $restore_user->email);
} else {
$replies->user_does_not_exist = true;
ORM::factory('Log')->log('resetpw_error', 'user does not exist: ' . $this->request->post('email'));
}
} else {
$replies->input_invalid = true;
}
}
if (Request::GET === $this->request->method()) {
if (strlen($this->request->param('restore_key')) > 10) {
$encryption = Kohana_Encrypt::instance();
$encryption->_key = '>;`];#k7>T}7f?$>{u"XK^K~Db/.P!//';
$restore_key = $encryption->decode(base64_decode($this->request->param('restore_key')));
if (preg_match('/^[\\d]+\\-(.*?)\\-[\\d]+$/', $restore_key)) {
list($user_id, $user_email, $valid_until) = explode('-', $restore_key);
if ($valid_until > time()) {
$restore_user = ORM::factory('User')->where('id', '=', $user_id)->where('email', '=', $user_email)->find();
if ($restore_user->loaded()) {
$new_password = helper::pwgen(8);
$restore_user->password = $new_password;
$restore_user->save();
// SWIFTMAILER MAGIC
$swc = (object) Kohana::$config->load('smtp.default');
$transport = Swift_SmtpTransport::newInstance($swc->host, $swc->port, $swc->ssl ? 'ssl' : null)->setUsername($swc->user)->setPassword($swc->password);
$mailer = Swift_Mailer::newInstance($transport);
$body = $swc->body_newPassword;
$body = str_replace('%USERNAME%', $restore_user->username, $body);
$body = str_replace('%PASSWORD%', $new_password, $body);
$message = Swift_Message::newInstance(__('Dein neues Kennwort für') . ' ' . $this->project_config->project_name)->setFrom($swc->from)->setTo(array($restore_user->email))->setBody($body, 'text/html');
$result = $mailer->send($message);
$replies->password_changed = true;
ORM::factory('Log')->log('restore', 'user restored password: '******'/login');
}
} else {
$replies->url_expired = true;
ORM::factory('Log')->log('restore_error', 'called expired url: #' . "{$user_id}/{$user_email}/{$valid_until}");
}
} else {
$replies->hacking = true;
ORM::factory('Log')->log('restore_error', 'possible hacking attempt! Key: ' . $this->request->param('restore_key'));
}
}
}
$this->template->content->replies = $replies;
}
public function action_edit()
{
$this->template->page_title = 'Bearbeiten';
$id = (int) base64_decode($this->request->param('id'));
if (!$id) {
$this->redirect('/diary');
}
$diaries = array();
foreach (ORM::factory('Diary')->getDiaries() as $diary) {
switch ($diary->type) {
case 'public':
$dtype = 'Öffentlich';
break;
default:
$dtype = 'Privat';
break;
}
$diaries[$diary->id] = $diary->name . ' (' . $dtype . ')';
}
if (Request::GET === $this->request->method()) {
$entry = ORM::factory('Diary')->getEntry($id);
$this->template->content = View::factory('diary/edit');
$this->template->content->diaries = $diaries;
// DECRYPT 4 EDIT
$this->template->content->decrypt = false;
if ($entry->encrypted) {
$encrypt = Kohana_Encrypt::instance();
$encrypt->_key = helper::pbkdf2(Session::instance()->get('upw'), $this->encryption_config->key);
$private_key = $encrypt->decode($this->user->private_key);
$encrypt = Kohana_Encrypt::instance();
$encrypt->_key = helper::pbkdf2($private_key, $this->encryption_config->key);
$entry->content = $encrypt->decode($entry->content);
$entry->headline = $encrypt->decode($entry->headline);
}
$this->template->content->entry = $entry;
}
// SAVE
if (Request::POST === $this->request->method()) {
try {
$entry = ORM::factory('Entry')->where('id', '=', $id)->where('user_id', '=', $this->user->id)->find();
$entry->values($this->request->post(), array('headline', 'content'));
$entry->user_id = $this->user->id;
$entry->encrypted = '0';
$entry->html = '1';
// 2013-05-31+
// allowed to use diary?
if (array_key_exists($this->request->post('diary'), $diaries)) {
$entry->diary = $this->request->post('diary');
$diary = ORM::factory('Diary', $entry->diary);
}
// ENCRYPTION!
if ($diary->type === 'private') {
$encrypt = Kohana_Encrypt::instance();
$encrypt->_key = helper::pbkdf2(Session::instance()->get('upw'), $this->encryption_config->key);
$private_key = $encrypt->decode($this->user->private_key);
$encryption = Kohana_Encrypt::instance();
$encryption->_key = helper::pbkdf2($private_key, $this->encryption_config->key);
$entry->content = $encryption->encode($entry->content);
$entry->headline = $encryption->encode($entry->headline);
$entry->encrypted = '1';
}
$entry->save();
$this->redirect('/diary');
} catch (ORM_Validation_Exception $e) {
$this->redirect('diary/edit/' . base64_encode($id));
}
}
$this->template->breadcrumbs[] = 'Bearbeiten';
}
