API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 1st, 2016
184
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 13.42 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. namespace framework\controllers;
  4.  
  5. use framework\Router,
  6.     framework\ModelFactory,
  7.     framework\View;
  8.  
  9. class AuthController
  10. {
  11.     private $model;
  12.     private $view;
  13.  
  14.     function __construct(ModelFactory $model, View $view)
  15.     {
  16.         $this->model = $model;
  17.         $this->view = $view;
  18.     }
  19.  
  20.     // call the view for user registration
  21.     public function register()
  22.     {
  23.         // make sure user is logged out
  24.         if ($user = $this->isLoggedIn()) {
  25.             Router::redirect();
  26.         }
  27.  
  28.         // initialize form
  29.         $this->formInit();
  30.  
  31.         $this->model->data['page_title'] = 'Register';
  32.         $this->model->data['description'] = '';
  33.         $this->model->data['keywords'] = '';
  34.  
  35.         $this->view->load('auth/register');
  36.     }
  37.  
  38.     // submit registration request
  39.     public function registerSubmit()
  40.     {
  41.         // make sure user is logged out
  42.         if ($user = $this->isLoggedIn()) {
  43.             Router::redirect();
  44.         }
  45.  
  46.         // process form if submitted
  47.         if ($this->formSubmit()) {
  48.             // validate input
  49.             $username = isset($_POST['username']) && $this->validate($_POST['username'], null, 20) ? $_POST['username'] : null;
  50.             $password = isset($_POST['password']) && $this->validate($_POST['password']) ? $_POST['password'] : null;
  51.             $password = isset($_POST['password2']) && $_POST['password2'] == $password ? $password : null;
  52.             $email = isset($_POST['email']) && $this->validate($_POST['email'], 'email', 255) ? $_POST['email'] : null;
  53.             $bot = isset($_POST['email2']) && $this->validate($_POST['email2']) ? $_POST['email2'] : null;
  54.             $terms = isset($_POST['terms']) && $_POST['terms'] == 'Y' ? $_POST['terms'] : 'N';
  55.             $subscribe = isset($_POST['subscribe']) && $_POST['subscribe'] == 'Y' ? $_POST['subscribe'] : 'N';
  56.  
  57.             // ignore bots
  58.             if (isset($bot)) {
  59.                 Router::redirect('success');
  60.             }
  61.  
  62.             // proceed if required fields were validated
  63.             $user = $this->model->build('user', true);
  64.             if (isset($username, $password, $email) && $terms == 'Y' && $user->exists($username) === false) {
  65.                 // update user object
  66.                 $user->username = $username;
  67.                 $user->password = password_hash($password, PASSWORD_BCRYPT);
  68.                 $user->email = $email;
  69.                 $user->subscribe = $subscribe;
  70.                 $user->valid = 'Y';
  71.  
  72.                 if ($uid = $user->insert()) {
  73.                     // update session
  74.                     $_SESSION['user'] = $uid;
  75.  
  76.                     // log ip address
  77.                     $ip = isset($_SERVER['REMOTE_ADDR']) && $this->validate($_SERVER['REMOTE_ADDR'], 'ip') ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1';
  78.                     $user->logIP($uid, $ip);
  79.  
  80.                     // status update
  81.                     $_SESSION['success'] = 'Thank you for registering! Please note that as a new user your account may be limited; this is only temporary and helps us weed out the riffraff.';
  82.  
  83.                     // send e-mail notification
  84.                     $to = WEBMASTER;
  85.                     $from = $reply_to = 'no-reply@' . $_SERVER['SERVER_NAME'];
  86.                     $subject = $_SERVER['SERVER_NAME'] . ' - New registration';
  87.                     $message = 'Username: ' . $username . "\r\n";
  88.                     $message .= 'IP: ' . $ip . "\r\n";
  89.                     $mail = $this->model->build('mail');
  90.                     $mail->send($to, $from, $reply_to, $subject, $message);
  91.  
  92.                     Router::redirect('user/profile/' . $uid . '/edit');
  93.                 }
  94.             } else {
  95.                 // preserve input
  96.                 $_SESSION['preserve'] = $_POST;
  97.  
  98.                 // highlight errors
  99.                 if (!isset($username)) {
  100.                     $_SESSION['failed']['username'] = 'Please enter a valid username.';
  101.                 } elseif ($user->exists($username)) {
  102.                     $_SESSION['failed']['username'] = 'That username has already been registered.';
  103.                 }
  104.                 if (!isset($password)) {
  105.                     $_SESSION['failed']['password'] = 'The passwords do not match.';
  106.                 }
  107.                 if (!isset($email)) {
  108.                     $_SESSION['failed']['email'] = 'Please enter a valid e-mail address.';
  109.                 }
  110.                 if ($terms != 'Y') {
  111.                     $_SESSION['failed']['terms'] = 'You must agree to the terms.';
  112.                 }
  113.             }
  114.         }
  115.  
  116.         Router::redirect('auth/register');
  117.     }
  118.  
  119.     // call the view for user login
  120.     public function login()
  121.     {
  122.         // make sure user is logged out
  123.         if ($user = $this->isLoggedIn()) {
  124.             Router::redirect();
  125.         }
  126.  
  127.         // initialize form
  128.         $this->formInit();
  129.  
  130.         $this->model->data['page_title'] = 'Login';
  131.         $this->model->data['description'] = '';
  132.         $this->model->data['keywords'] = '';
  133.  
  134.         $this->view->load('auth/login');
  135.     }
  136.  
  137.     // submit login request
  138.     public function loginSubmit()
  139.     {
  140.         // make sure user is logged out
  141.         if ($user = $this->isLoggedIn()) {
  142.             Router::redirect();
  143.         }
  144.  
  145.         // process form if submitted
  146.         if ($this->formSubmit()) {
  147.             // validate input
  148.             $username = isset($_POST['username']) && $this->validate($_POST['username'], null, 20) ? $_POST['username'] : null;
  149.             $password = isset($_POST['password']) && $this->validate($_POST['password']) ? $_POST['password'] : null;
  150.  
  151.             // proceed if required fields were validated
  152.             $user = $this->model->build('user', true);
  153.             if (isset($username, $password) && $uid = $user->exists($username)) {
  154.                 $user->getByUID($uid);
  155.                 // compare password with existing hash and check if account is valid
  156.                 if (password_verify($password, $user->password) && $user->valid == 'Y') {
  157.                     // generate a new session ID to prevent session fixation
  158.                     session_regenerate_id();
  159.  
  160.                     // update session
  161.                     $_SESSION['user'] = $uid;
  162.  
  163.                     // log ip address
  164.                     $ip = isset($_SERVER['REMOTE_ADDR']) && $this->validate($_SERVER['REMOTE_ADDR'], 'ip') ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1';
  165.                     $user->logIP($uid, $ip);
  166.  
  167.                     // update password (new salt) and last login date
  168.                     $user->password = password_hash($password, PASSWORD_BCRYPT);
  169.                     $user->last_login = date("Y-m-d H:i:s");
  170.                     $user->update();
  171.                     Router::redirect();
  172.                 } else {
  173.                     // preserve input
  174.                     $_SESSION['preserve'] = $_POST;
  175.  
  176.                     // highlight errors
  177.                     if (password_verify($password, $user->password) === false) {
  178.                         $_SESSION['failed']['password'] = 'The password you entered is incorrect.';
  179.                     }
  180.                     if ($user->valid == 'N') {
  181.                         $_SESSION['failed']['username'] = 'This account has been suspended.';
  182.                     }
  183.                 }
  184.             } else {
  185.                 // preserve input
  186.                 $_SESSION['preserve'] = $_POST;
  187.  
  188.                 // highlight errors
  189.                 if (!isset($username)) {
  190.                     $_SESSION['failed']['username'] = 'Please enter a valid username.';
  191.                 } elseif ($user->exists($username) === FALSE) {
  192.                     $_SESSION['failed']['username'] = 'That username has not been registered.';
  193.                 }
  194.                 if (!isset($password)) {
  195.                     $_SESSION['failed']['password'] = 'Please enter a password.';
  196.                 }
  197.             }
  198.         }
  199.  
  200.         Router::redirect('auth/login');
  201.     }
  202.  
  203.     // destroy session
  204.     public function logout()
  205.     {
  206.         // unset all of the session variables
  207.         $_SESSION = array();
  208.  
  209.         // delete the session cookie
  210.         if (ini_get("session.use_cookies")) {
  211.             $params = session_get_cookie_params();
  212.             setcookie(session_name(), '', time() - 42000,
  213.                 $params["path"], $params["domain"],
  214.                 $params["secure"], $params["httponly"]
  215.             );
  216.         }
  217.         // destroy session
  218.         session_destroy();
  219.  
  220.         Router::redirect();
  221.     }
  222.  
  223.     // call the view to verify a user account, or process a token to reset a users password
  224.     public function verify($token = null)
  225.     {
  226.         // make sure user is logged out
  227.         if ($user = $this->isLoggedIn()) {
  228.             Router::redirect();
  229.         }
  230.  
  231.         // validate input
  232.         $token = isset($token) && $this->validate($token, 'alnum', 40, '-+') ? $token : null;
  233.  
  234.         // proceed if required fields were validated
  235.         if (isset($token)) {
  236.             $user = $this->model->build('user', true);
  237.             if ($uid = $user->verifyBackdoor($token)) {
  238.                 $user->getByUID($uid);
  239.                 // close backdoor
  240.                 $user->closeBackdoor($token);
  241.  
  242.                 // update session
  243.                 $_SESSION['user'] = $uid;
  244.  
  245.                 // log ip address
  246.                 $ip = isset($_SERVER['REMOTE_ADDR']) && $this->validate($_SERVER['REMOTE_ADDR'], 'ip') ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1';
  247.                 $user->logIP($uid, $ip);
  248.  
  249.                 // generate a new password
  250.                 $new_password = randText(8);
  251.                 $user->password = password_hash($new_password, PASSWORD_BCRYPT);
  252.  
  253.                 // update last login date
  254.                 $user->last_login = date("Y-m-d H:i:s");
  255.                 $user->update();
  256.  
  257.                 // status update
  258.                 $_SESSION['success'] = "Your new password is: '$new_password' without quotes. Please reset your password.";
  259.                 Router::redirect('user/profile/' . $uid . '/edit');
  260.             }
  261.         }
  262.  
  263.         // initialize form
  264.         $this->formInit();
  265.  
  266.         $this->model->data['page_title'] = 'Verify Account';
  267.         $this->model->data['description'] = '';
  268.         $this->model->data['keywords'] = '';
  269.  
  270.         $this->view->load('auth/verify');
  271.     }
  272.  
  273.     // submit verification request and create a token
  274.     public function verifySubmit()
  275.     {
  276.         // make sure user is logged out
  277.         if ($user = $this->isLoggedIn()) {
  278.             Router::redirect();
  279.         }
  280.  
  281.         // process form if submitted
  282.         if ($this->formSubmit()) {
  283.             // validate input
  284.             $username = isset($_POST['username']) && $this->validate($_POST['username'], null, 20) ? $_POST['username'] : null;
  285.  
  286.             // proceed if required fields were validated
  287.             $user = $this->model->build('user', true);
  288.             if (isset($username) && $uid = $user->exists($username)) {
  289.                 $user->getByUID($uid);
  290.                 // make sure user has an active account
  291.                 if ($user->valid == 'Y') {
  292.                     // create a temporary backdoor
  293.                     $token = str_replace('/', '-', randText(40));
  294.                     $ip = isset($_SERVER['REMOTE_ADDR']) && $this->validate($_SERVER['REMOTE_ADDR'], 'ip') ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1';
  295.                     $user->insertBackdoor($uid, $token, $ip);
  296.  
  297.                     // send message
  298.                     $mail = $this->model->build('mail');
  299.                     $to = $user->email;
  300.                     $from = WEBMASTER;
  301.                     $subject = $_SERVER['SERVER_NAME'] . ' - Account Notification';
  302.                     $body = 'You are receiving this e-mail by request in order to verify your account information. If you did not request to receive this e-mail and would like to report possible abuse, please contact the webmaster. If you would like to reset your password, please visit the following address:<br /><br />' . "\r\n\r\n";
  303.                     $body .= 'https://' . $_SERVER['SERVER_NAME'] . '/user/verify/' . $token . '<br /><br />' . "\r\n\r\n";
  304.                     $body .= 'This link can be accessed only once and will remain available for approximately one hour.';
  305.                     $mail->send($to, $from, $subject, $body);
  306.  
  307.                     // status update
  308.                     $_SESSION['success'] = 'A notification has been sent. Please check your e-mail for further instructions on accessing your account. If you do not receive an e-mail, it is possible the message was marked as spam. If you continue to have any problems please contact the webmaster.';
  309.                 } else {
  310.                     // preserve input
  311.                     $_SESSION['preserve'] = $_POST;
  312.  
  313.                     // highlight errors
  314.                     $_SESSION['failed']['username'] = 'This account has been suspended.';
  315.                 }
  316.             } else {
  317.                 // preserve input
  318.                 $_SESSION['preserve'] = $_POST;
  319.  
  320.                 // highlight errors
  321.                 if (!isset($username)) {
  322.                     $_SESSION['failed']['username'] = 'Please enter a valid username.';
  323.                 } elseif ($user->exists($username) === false) {
  324.                     $_SESSION['failed']['username'] = 'That username has not been registered.';
  325.                 }
  326.             }
  327.         }
  328.  
  329.         Router::redirect('auth/verify');
  330.     }
  331. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!