public function logout($id, $token)
{
global $lang_login;
if ($this->user->is_guest || !isset($id) || $id != $this->user->id || !isset($token) || $token != feather_hash($this->user->id . feather_hash(get_remote_address()))) {
header('Location: ' . get_base_url());
exit;
}
// Remove user from "users online" list
DB::for_table('online')->where('user_id', $this->user->id)->delete_many();
// Update last_visit (make sure there's something to update it with)
if (isset($this->user->logged)) {
DB::for_table('users')->where('id', $this->user->id)->find_one()->set('last_visit', $this->user->logged)->save();
}
feather_setcookie(1, feather_hash(uniqid(rand(), true)), time() + 31536000);
redirect(get_base_url(), $lang_login['Logout redirect']);
}
function check_cookie()
{
global $cookie_name, $cookie_seed;
// Get Slim current session
$feather = \Slim\Slim::getInstance();
$now = time();
// Get FeatherBB cookie
$cookie_raw = $feather->getCookie($cookie_name);
// Check if cookie exists and is valid (getCookie method returns false if the data has been tampered locally so it can't decrypt the cookie);
if (isset($cookie_raw)) {
$cookie = json_decode($cookie_raw, true);
$checksum = hash_hmac('sha1', $cookie['user_id'] . $cookie['expires'], $cookie_seed . '_checksum');
// If cookie has a non-guest user, hasn't expired and is legit
if ($cookie['user_id'] > 1 && $cookie['expires'] > $now && $checksum == $cookie['checksum']) {
// Get user info from db
$select_check_cookie = array('u.*', 'g.*', 'o.logged', 'o.idle');
$where_check_cookie = array('u.id' => intval($cookie['user_id']));
$result = \DB::for_table('users')->table_alias('u')->select_many($select_check_cookie)->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->left_outer_join('online', array('o.user_id', '=', 'u.id'), 'o')->where($where_check_cookie)->find_result_set();
foreach ($result as $feather->user) {
}
// Another security check, to prevent identity fraud by changing the user id in the cookie) (might be useless considering the strength of encryption)
if (isset($feather->user->id) && hash_hmac('sha1', $feather->user->password, $cookie_seed . '_password_hash') === $cookie['password_hash']) {
$expires = $cookie['expires'] > $now + $feather->config['o_timeout_visit'] ? $now + 1209600 : $now + $feather->config['o_timeout_visit'];
$feather->user->is_guest = false;
$feather->user->is_admmod = $feather->user->g_id == FEATHER_ADMIN || $feather->user->g_moderator == '1';
feather_setcookie($feather->user->id, $feather->user->password, $expires);
set_preferences();
return true;
}
}
}
// If there is no cookie, or cookie is guest or expired, let's reconnect.
$expires = $now + 31536000;
// The cookie expires after a year
feather_setcookie(1, feather_hash(uniqid(rand(), true)), $expires);
return set_default_user();
}
public function insert_user($user)
{
global $lang_register;
// Insert the new user into the database. We do this now to get the last inserted ID for later use
$now = time();
$intial_group_id = $this->config['o_regs_verify'] == '0' ? $this->config['o_default_user_group'] : FEATHER_UNVERIFIED;
$password_hash = feather_hash($user['password1']);
// Add the user
$insert_user = array('username' => $user['username'], 'group_id' => $intial_group_id, 'password' => $password_hash, 'email' => $user['email1'], 'email_setting' => $this->config['o_default_email_setting'], 'timezone' => $this->config['o_default_timezone'], 'dst' => 0, 'language' => $user['language'], 'style' => $this->config['o_default_style'], 'registered' => $now, 'registration_ip' => get_remote_address(), 'last_visit' => $now);
DB::for_table('users')->create()->set($insert_user)->save();
$new_uid = DB::get_db()->lastInsertId($this->feather->prefix . 'users');
if ($this->config['o_regs_verify'] == '0') {
// Regenerate the users info cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require FEATHER_ROOT . 'include/cache.php';
}
generate_users_info_cache();
}
// If the mailing list isn't empty, we may need to send out some alerts
if ($this->config['o_mailing_list'] != '') {
// If we previously found out that the email was banned
if (isset($user['banned_email'])) {
// Load the "banned email register" template
$mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/banned_email_register.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<email>', $user['email1'], $mail_message);
$mail_message = str_replace('<profile_url>', get_link('user/' . $new_uid . '/'), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
pun_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
// If we previously found out that the email was a dupe
if (!empty($dupe_list)) {
// Load the "dupe email register" template
$mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/dupe_email_register.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
$mail_message = str_replace('<profile_url>', get_link('user/' . $new_uid . '/'), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
pun_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
// Should we alert people on the admin mailing list that a new user has registered?
if ($this->config['o_regs_report'] == '1') {
// Load the "new user" template
$mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/new_user.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<base_url>', get_base_url() . '/', $mail_message);
$mail_message = str_replace('<profile_url>', get_link('user/' . $new_uid . '/'), $mail_message);
$mail_message = str_replace('<admin_url>', get_link('user/' . $new_uid . '/section/admin/'), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
pun_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
}
// Must the user verify the registration or do we log him/her in right now?
if ($this->config['o_regs_verify'] == '1') {
// Load the "welcome" template
$mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/welcome.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_subject = str_replace('<board_title>', $this->config['o_board_title'], $mail_subject);
$mail_message = str_replace('<base_url>', get_base_url() . '/', $mail_message);
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<password>', $user['password1'], $mail_message);
$mail_message = str_replace('<login_url>', get_link('login/'), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
pun_mail($user['email1'], $mail_subject, $mail_message);
message($lang_register['Reg email'] . ' <a href="mailto:' . feather_escape($this->config['o_admin_email']) . '">' . feather_escape($this->config['o_admin_email']) . '</a>.', true);
}
feather_setcookie($new_uid, $password_hash, time() + $this->config['o_timeout_visit']);
redirect(get_base_url(), $lang_register['Reg complete']);
}
public function change_pass($id)
{
global $lang_profile, $lang_common, $lang_prof_reg;
if ($this->request->get('key')) {
// If the user is already logged in we shouldn't be here :)
if (!$this->user->is_guest) {
header('Location: ' . get_base_url());
exit;
}
$key = $this->request->get('key');
$cur_user = DB::for_table('users')->where('id', $id)->find_one();
if ($key == '' || $key != $cur_user['activate_key']) {
message($lang_profile['Pass key bad'] . ' <a href="mailto:' . feather_escape($this->config['o_admin_email']) . '">' . feather_escape($this->config['o_admin_email']) . '</a>.');
} else {
DB::for_table('users')->where('id', $id)->find_one()->set('password', $cur_user['activate_string'])->set_expr('activate_string', 'NULL')->set_expr('activate_key', 'NULL')->save();
message($lang_profile['Pass updated'], true);
}
}
// Make sure we are allowed to change this user's password
if ($this->user->id != $id) {
if (!$this->user->is_admmod) {
// A regular user trying to change another user's password?
message($lang_common['No permission'], '403');
} elseif ($this->user->g_moderator == '1') {
// A moderator trying to change a user's password?
$select_change_password = array('u.group_id', 'g.g_moderator');
$user = DB::for_table('users')->table_alias('u')->select_many($select_change_password)->inner_join('groups', array('g.g_id', '=', 'u.group_id'), 'g')->where('u.id', $id)->find_one();
if (!$user) {
message($lang_common['Bad request'], '404');
}
if ($this->user->g_mod_edit_users == '0' || $this->user->g_mod_change_passwords == '0' || $user['group_id'] == FEATHER_ADMIN || $user['g_moderator'] == '1') {
message($lang_common['No permission'], '403');
}
}
}
if ($this->request->isPost()) {
$old_password = $this->request->post('req_old_password') ? feather_trim($this->request->post('req_old_password')) : '';
$new_password1 = feather_trim($this->request->post('req_new_password1'));
$new_password2 = feather_trim($this->request->post('req_new_password2'));
if ($new_password1 != $new_password2) {
message($lang_prof_reg['Pass not match']);
}
if (feather_strlen($new_password1) < 6) {
message($lang_prof_reg['Pass too short']);
}
$cur_user = DB::for_table('users')->where('id', $id)->find_one();
$authorized = false;
if (!empty($cur_user['password'])) {
$old_password_hash = feather_hash($old_password);
if ($cur_user['password'] == $old_password_hash || $this->user->is_admmod) {
$authorized = true;
}
}
if (!$authorized) {
message($lang_profile['Wrong pass']);
}
$new_password_hash = feather_hash($new_password1);
DB::for_table('users')->where('id', $id)->find_one()->set('password', $new_password_hash)->save();
if ($this->user->id == $id) {
feather_setcookie($this->user->id, $new_password_hash, time() + $this->config['o_timeout_visit']);
}
redirect(get_link('user/' . $id . '/section/essentials/'), $lang_profile['Pass updated redirect']);
}
}