Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- namespace framework\controllers;
- use framework\Router,
- framework\ModelFactory,
- framework\View;
- class AuthController
- {
- private $model;
- private $view;
- function __construct(ModelFactory $model, View $view)
- {
- $this->model = $model;
- $this->view = $view;
- }
- // call the view for user registration
- public function register()
- {
- // make sure user is logged out
- if ($user = $this->isLoggedIn()) {
- Router::redirect();
- }
- // initialize form
- $this->formInit();
- $this->model->data['page_title'] = 'Register';
- $this->model->data['description'] = '';
- $this->model->data['keywords'] = '';
- $this->view->load('auth/register');
- }
- // submit registration request
- public function registerSubmit()
- {
- // make sure user is logged out
- if ($user = $this->isLoggedIn()) {
- Router::redirect();
- }
- // process form if submitted
- if ($this->formSubmit()) {
- // validate input
- $username = isset($_POST['username']) && $this->validate($_POST['username'], null, 20) ? $_POST['username'] : null;
- $password = isset($_POST['password']) && $this->validate($_POST['password']) ? $_POST['password'] : null;
- $password = isset($_POST['password2']) && $_POST['password2'] == $password ? $password : null;
- $email = isset($_POST['email']) && $this->validate($_POST['email'], 'email', 255) ? $_POST['email'] : null;
- $bot = isset($_POST['email2']) && $this->validate($_POST['email2']) ? $_POST['email2'] : null;
- $terms = isset($_POST['terms']) && $_POST['terms'] == 'Y' ? $_POST['terms'] : 'N';
- $subscribe = isset($_POST['subscribe']) && $_POST['subscribe'] == 'Y' ? $_POST['subscribe'] : 'N';
- // ignore bots
- if (isset($bot)) {
- Router::redirect('success');
- }
- // proceed if required fields were validated
- $user = $this->model->build('user', true);
- if (isset($username, $password, $email) && $terms == 'Y' && $user->exists($username) === false) {
- // update user object
- $user->username = $username;
- $user->password = password_hash($password, PASSWORD_BCRYPT);
- $user->email = $email;
- $user->subscribe = $subscribe;
- $user->valid = 'Y';
- if ($uid = $user->insert()) {
- // update session
- $_SESSION['user'] = $uid;
- // log ip address
- $ip = isset($_SERVER['REMOTE_ADDR']) && $this->validate($_SERVER['REMOTE_ADDR'], 'ip') ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1';
- $user->logIP($uid, $ip);
- // status update
- $_SESSION['success'] = 'Thank you for registering! Please note that as a new user your account may be limited; this is only temporary and helps us weed out the riffraff.';
- // send e-mail notification
- $to = WEBMASTER;
- $from = $reply_to = 'no-reply@' . $_SERVER['SERVER_NAME'];
- $subject = $_SERVER['SERVER_NAME'] . ' - New registration';
- $message = 'Username: ' . $username . "\r\n";
- $message .= 'IP: ' . $ip . "\r\n";
- $mail = $this->model->build('mail');
- $mail->send($to, $from, $reply_to, $subject, $message);
- Router::redirect('user/profile/' . $uid . '/edit');
- }
- } else {
- // preserve input
- $_SESSION['preserve'] = $_POST;
- // highlight errors
- if (!isset($username)) {
- $_SESSION['failed']['username'] = 'Please enter a valid username.';
- } elseif ($user->exists($username)) {
- $_SESSION['failed']['username'] = 'That username has already been registered.';
- }
- if (!isset($password)) {
- $_SESSION['failed']['password'] = 'The passwords do not match.';
- }
- if (!isset($email)) {
- $_SESSION['failed']['email'] = 'Please enter a valid e-mail address.';
- }
- if ($terms != 'Y') {
- $_SESSION['failed']['terms'] = 'You must agree to the terms.';
- }
- }
- }
- Router::redirect('auth/register');
- }
- // call the view for user login
- public function login()
- {
- // make sure user is logged out
- if ($user = $this->isLoggedIn()) {
- Router::redirect();
- }
- // initialize form
- $this->formInit();
- $this->model->data['page_title'] = 'Login';
- $this->model->data['description'] = '';
- $this->model->data['keywords'] = '';
- $this->view->load('auth/login');
- }
- // submit login request
- public function loginSubmit()
- {
- // make sure user is logged out
- if ($user = $this->isLoggedIn()) {
- Router::redirect();
- }
- // process form if submitted
- if ($this->formSubmit()) {
- // validate input
- $username = isset($_POST['username']) && $this->validate($_POST['username'], null, 20) ? $_POST['username'] : null;
- $password = isset($_POST['password']) && $this->validate($_POST['password']) ? $_POST['password'] : null;
- // proceed if required fields were validated
- $user = $this->model->build('user', true);
- if (isset($username, $password) && $uid = $user->exists($username)) {
- $user->getByUID($uid);
- // compare password with existing hash and check if account is valid
- if (password_verify($password, $user->password) && $user->valid == 'Y') {
- // generate a new session ID to prevent session fixation
- session_regenerate_id();
- // update session
- $_SESSION['user'] = $uid;
- // log ip address
- $ip = isset($_SERVER['REMOTE_ADDR']) && $this->validate($_SERVER['REMOTE_ADDR'], 'ip') ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1';
- $user->logIP($uid, $ip);
- // update password (new salt) and last login date
- $user->password = password_hash($password, PASSWORD_BCRYPT);
- $user->last_login = date("Y-m-d H:i:s");
- $user->update();
- Router::redirect();
- } else {
- // preserve input
- $_SESSION['preserve'] = $_POST;
- // highlight errors
- if (password_verify($password, $user->password) === false) {
- $_SESSION['failed']['password'] = 'The password you entered is incorrect.';
- }
- if ($user->valid == 'N') {
- $_SESSION['failed']['username'] = 'This account has been suspended.';
- }
- }
- } else {
- // preserve input
- $_SESSION['preserve'] = $_POST;
- // highlight errors
- if (!isset($username)) {
- $_SESSION['failed']['username'] = 'Please enter a valid username.';
- } elseif ($user->exists($username) === FALSE) {
- $_SESSION['failed']['username'] = 'That username has not been registered.';
- }
- if (!isset($password)) {
- $_SESSION['failed']['password'] = 'Please enter a password.';
- }
- }
- }
- Router::redirect('auth/login');
- }
- // destroy session
- public function logout()
- {
- // unset all of the session variables
- $_SESSION = array();
- // delete the session cookie
- if (ini_get("session.use_cookies")) {
- $params = session_get_cookie_params();
- setcookie(session_name(), '', time() - 42000,
- $params["path"], $params["domain"],
- $params["secure"], $params["httponly"]
- );
- }
- // destroy session
- session_destroy();
- Router::redirect();
- }
- // call the view to verify a user account, or process a token to reset a users password
- public function verify($token = null)
- {
- // make sure user is logged out
- if ($user = $this->isLoggedIn()) {
- Router::redirect();
- }
- // validate input
- $token = isset($token) && $this->validate($token, 'alnum', 40, '-+') ? $token : null;
- // proceed if required fields were validated
- if (isset($token)) {
- $user = $this->model->build('user', true);
- if ($uid = $user->verifyBackdoor($token)) {
- $user->getByUID($uid);
- // close backdoor
- $user->closeBackdoor($token);
- // update session
- $_SESSION['user'] = $uid;
- // log ip address
- $ip = isset($_SERVER['REMOTE_ADDR']) && $this->validate($_SERVER['REMOTE_ADDR'], 'ip') ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1';
- $user->logIP($uid, $ip);
- // generate a new password
- $new_password = randText(8);
- $user->password = password_hash($new_password, PASSWORD_BCRYPT);
- // update last login date
- $user->last_login = date("Y-m-d H:i:s");
- $user->update();
- // status update
- $_SESSION['success'] = "Your new password is: '$new_password' without quotes. Please reset your password.";
- Router::redirect('user/profile/' . $uid . '/edit');
- }
- }
- // initialize form
- $this->formInit();
- $this->model->data['page_title'] = 'Verify Account';
- $this->model->data['description'] = '';
- $this->model->data['keywords'] = '';
- $this->view->load('auth/verify');
- }
- // submit verification request and create a token
- public function verifySubmit()
- {
- // make sure user is logged out
- if ($user = $this->isLoggedIn()) {
- Router::redirect();
- }
- // process form if submitted
- if ($this->formSubmit()) {
- // validate input
- $username = isset($_POST['username']) && $this->validate($_POST['username'], null, 20) ? $_POST['username'] : null;
- // proceed if required fields were validated
- $user = $this->model->build('user', true);
- if (isset($username) && $uid = $user->exists($username)) {
- $user->getByUID($uid);
- // make sure user has an active account
- if ($user->valid == 'Y') {
- // create a temporary backdoor
- $token = str_replace('/', '-', randText(40));
- $ip = isset($_SERVER['REMOTE_ADDR']) && $this->validate($_SERVER['REMOTE_ADDR'], 'ip') ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1';
- $user->insertBackdoor($uid, $token, $ip);
- // send message
- $mail = $this->model->build('mail');
- $to = $user->email;
- $from = WEBMASTER;
- $subject = $_SERVER['SERVER_NAME'] . ' - Account Notification';
- $body = 'You are receiving this e-mail by request in order to verify your account information. If you did not request to receive this e-mail and would like to report possible abuse, please contact the webmaster. If you would like to reset your password, please visit the following address:<br /><br />' . "\r\n\r\n";
- $body .= 'https://' . $_SERVER['SERVER_NAME'] . '/user/verify/' . $token . '<br /><br />' . "\r\n\r\n";
- $body .= 'This link can be accessed only once and will remain available for approximately one hour.';
- $mail->send($to, $from, $subject, $body);
- // status update
- $_SESSION['success'] = 'A notification has been sent. Please check your e-mail for further instructions on accessing your account. If you do not receive an e-mail, it is possible the message was marked as spam. If you continue to have any problems please contact the webmaster.';
- } else {
- // preserve input
- $_SESSION['preserve'] = $_POST;
- // highlight errors
- $_SESSION['failed']['username'] = 'This account has been suspended.';
- }
- } else {
- // preserve input
- $_SESSION['preserve'] = $_POST;
- // highlight errors
- if (!isset($username)) {
- $_SESSION['failed']['username'] = 'Please enter a valid username.';
- } elseif ($user->exists($username) === false) {
- $_SESSION['failed']['username'] = 'That username has not been registered.';
- }
- }
- }
- Router::redirect('auth/verify');
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement