Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- define('USERNAME_MINLEN', 3);
- define('USERNAME_MAXLEN', 25);
- define('PASSWORD_MINLEN', 5);
- define('PASSWORD_MAXLEN', 15);
- /**
- * Handles actions related to (single) users, such as logging in/out, profiles, posthistory, etc.
- * @author Nils W.
- *
- */
- class UserController extends AppController
- {
- protected $requireLogin = array('logout', 'edit_profile');
- /**
- * Handles login requests.
- */
- function login()
- {
- if($this->logged_in())
- {
- $this->redirect(mkurl('user/logout'));
- return;
- }
- $this->title = 'Login';
- $this->push('ipAddress', Tunar::get()->ipaddress());
- if(!$this->form->is_postback())
- {
- return;
- }
- // Grab the data from the form and ensure all data is here
- $username = $this->form->username;
- $password = $this->form->password;
- if(empty($username) || empty($password))
- {
- $this->set_flash(TDE_INCOMPLETEFORM, 'Please fill in both your username and password.');
- return;
- }
- // Fetch user object
- $user = $this->db->single
- (
- "SELECT
- id,
- username,
- password,
- role,
- activationkey
- FROM users
- WHERE username = '" . tun_escape($username) . "'"
- );
- // Valid details?
- if($user == NULL || $user->password != tun_sha1($password, $user->username))
- {
- $this->set_flash(TDE_LOGIN_BAD, 'This combination of username/password is invalid. Lost your password? ' . hyperlink('Request a reset', 'user/forgot'));
- return;
- }
- // Requires activation?
- if($user->activationkey != NULL)
- {
- $this->set_flash(TDE_LOGIN_BAD, 'This account exists, but has not been activated yet. Please follow the link in your email to activate it, or this account will expire in 24 hours.');
- return;
- }
- // Logged in!
- $this->session->login($user, $this->form->location, intval($this->form->maxAge), ($this->form->lockIp == '1'));
- // Yay, login OK!
- $this->set_flash(TDE_LOGIN_OK, 'You are logged in! Stand by while we ' . hyperlink('send you back', $this->session->referer) . '...', FALSE, $this->session->referer);
- }
- /**
- * Offers the user to logout one or more sessions.
- */
- function logout()
- {
- $this->title = 'Logout';
- // Stop session, delete everything and then redirect to the referer from the $_SERVER array. (because the one in Session just got destroyed)
- $this->session->stop();
- $this->set_flash(TDE_LOGOUT_OK, 'All cookies deleted! You are now logged out. Stand by while we ' . hyperlink('send you back', $_SERVER['HTTP_REFERER']) . '...', FALSE, $_SERVER['HTTP_REFERER']);
- }
- /**
- * Allows the user to request a password reset link.
- */
- function forgot()
- {
- $this->title = 'Forgot Password';
- // No form to process? Don't move my shit man then
- if(!$this->form->is_postback())
- {
- return;
- }
- // Alright...
- $username = $this->form->username;
- $user = $this->db->single("SELECT id,username,email FROM users WHERE username = '" . tun_escape($username) . "'");
- if($user == NULL)
- {
- $this->set_flash(TDE_USER_NOTFOUND, 'This user does not exist!', TRUE);
- return;
- }
- // Store resetkey
- $resetkey = tun_uniquestring($user->username);
- $this->db->update('users', $user->id, array
- (
- 'resetkey' => $resetkey
- ));
- // Mail resetkey
- $body = "Hai " . $user->username . ",\n\nOur records indicate that you have requested a password reset from IP address " . Tunar::get()->ipaddress() . ".\nPlease follow this link to set a new password: " . mkurl('user/reset', $resetkey) . "\nIf you haven't requested a password reset, then you can safely ignore this email.\n\nThank you!";
- mail($user->email, $body, 'Password Reset', 'From: ' . TDE_MAILER);
- // Alright, all done
- $this->set_flash(TDE_USER_RESET_MSG, 'We have sent a reset link to your email address. Follow the link to set a new password for your account.');
- }
- /**
- * Allows a user to reset a password!
- * @param string $key The unique resetkey for this user account, generated by forgot_password.
- */
- function reset($key = 'x')
- {
- // Find user matching this resetkey
- $user = $this->db->single("SELECT id,username FROM users WHERE resetkey = '" . tun_escape($key) . "' LIMIT 1");
- if($user == NULL)
- {
- $this->set_flash(TDE_USER_RESET_MSG, 'This resetkey is invalid. If you are sure you have followed a correct link, then ' . hyperlink('request a new resetkey', 'user/forgot') . '.');
- return;
- }
- // Woei
- $this->push('username', $user->username);
- // Form to submit?
- if(!$this->form->is_postback())
- {
- return;
- }
- // Validate new password
- $newPassword = $this->form->password;
- if($this->form->password2 != $newPassword)
- {
- $this->set_flash(TDE_USER_RESET_MSG, 'Passwords do not match!', TRUE);
- return;
- }
- if(strlen($newPassword) < PASSWORD_MINLEN || strlen($newPassword) > PASSWORD_MAXLEN)
- {
- $this->set_flash(TDE_USER_RESET_MSG, 'The new password has to be between ' . PASSWORD_MINLEN . '-' . PASSWORD_MAXLEN . ' characters.', TRUE);
- }
- // Store password hash and null resetkey
- $hash = tun_sha1($newPassword, $user->username);
- $this->db->update('users', $user->id, array
- (
- 'password' => $hash,
- 'resetkey' => NULL
- ));
- // All done!
- $this->set_flash(TDE_USER_RESET_MSG, 'Your new password has been set! ' . hyperlink('Click here', 'user/login') . ' to login. :-)');
- }
- /**
- * Handles the signup of a new user.
- */
- function register($referer = NULL)
- {
- $this->title = 'Register';
- $this->push('ipAddress', Tunar::get()->ipaddress());
- if($referer) $this->push('referer', $referer);
- if(!$this->form->is_postback())
- {
- return;
- }
- $errors = array();
- // Validate username
- $username = $this->form->username;
- if(strlen($username) < USERNAME_MINLEN || strlen($username) > USERNAME_MAXLEN)
- {
- $errors['username'] = 'Has to be ' . USERNAME_MINLEN . '-' . USERNAME_MAXLEN .' characters long';
- }
- elseif($this->db->hits("SELECT 1 FROM users WHERE username = '" . tun_escape($username) . "'") > 0)
- {
- $errors['username'] = 'Already taken. Please pick a different username';
- }
- // Validate email
- $email = $this->form->email;
- if(!tun_validate_email($email))
- {
- $errors['email'] = 'Invalid email address';
- }
- // Validate password
- $password = $this->form->password;
- if($this->form->password2 != $password)
- {
- $errors['password2'] = 'The passwords do not match';
- }
- elseif(strlen($password) < PASSWORD_MINLEN || strlen($password) > PASSWORD_MAXLEN)
- {
- $errors['password'] = 'Your password has to be between ' . PASSWORD_MINLEN . '-' . PASSWORD_MAXLEN . ' characters.';
- }
- // Validate subtitle
- $subtitle = $this->form->subtitle;
- if(strlen($subtitle) > 30)
- {
- $subtitle = substr($subtitle, 0, 30);
- }
- // Validate signature
- $signature = $this->form->signature;
- // TOS accepted?
- if(!$this->form->acceptTos)
- {
- $errors['policy'] = 'You have to accept the policy!';
- }
- // Alrighty, any errors?
- if(count($errors) > 0)
- {
- if(!isset($errors['username'])) $this->push('username', $username);
- if(!isset($errors['email'])) $this->push('email', $email);
- $this->push('subtitle', $subtitle);
- $this->push('signature', $signature);
- $this->push('error', $errors);
- $this->set_flash(TDE_REGISTER_ERROR, 'Invalid registration data, please correct', TRUE);
- return;
- }
- // Lowercase the email
- $email = strtolower($email);
- /// Generate activation key
- $activationkey = tun_uniquestring($username);
- // Insert the user
- $time = tun_now();
- $user_id = $this->db->insert('users', array
- (
- 'username' => $username,
- 'password' => tun_sha1($password, $username),
- 'email' => $email,
- 'subtitle' => $subtitle,
- 'signature' => $signature,
- 'lastactivity' => $time,
- 'registered' => $time,
- 'registration_ip' => Tunar::get()->ipaddress(),
- 'activationkey' => $activationkey
- ));
- // Send the activation key!
- $body = "Hai " . $username . ",\n\nOur records indicate that you have registered to our service from IP address " . Tunar::get()->ipaddress() . ".\nIn order to start using your new account, you will have to activate it. Please click this activation link and you can your account will be activated: " . mkurl('user/activate', $activationkey) . "\n\nThank you!";
- mail($email, $body, 'Activate Account', 'From: ' . TDE_MAILER);
- // Yay!
- $this->set_flash(TDE_REGISTER_OK, 'You have been successfully registered! We have sent an email to ' . $email . ', with instructions to activate your account. You must activate your account before you are able to login. If you do not activate your account within 24h, it will be deleted and the username will be released. See you soon! :-)');
- }
- /**
- * Activates a user account so that it's ready for using TDE.
- * @param string $key The unique user activation key sent to the user by email.
- */
- function activate($key = 'x')
- {
- $this->title = 'Activate User';
- // Find the user matching this key
- $user = $this->db->single("SELECT id,username FROM users WHERE activationkey = '" . tun_escape($key) . "' LIMIT 1");
- if($user == NULL)
- {
- $this->set_flash(TDE_REGISTER_ERROR, 'Invalid activation key specified. The account either is activated already, or has expired. Do you want to ' . hyperlink('register a new account', 'user/register') . '?');
- return;
- }
- // Activate the account by nulling the activationkey
- $this->db->update('users', $user->id, array
- (
- 'activationkey' => NULL
- ));
- // Redirect to login form
- $this->set_flash(TDE_REGISTER_OK, 'The account <strong>' . $user->username . '</strong> has been activated successfully. You are being redirected to the ' . hyperlink('login form', 'user/login') . ' now...', FALSE, mkurl('user/login'));
- }
- function resend_activationkey($username = '')
- {
- $this->title = 'Resend activationkey';
- $user = $this->db->single("SELECT id,username,email,activationkey FROM users WHERE username = '" . tun_escape($username) . "'");
- if($user == NULL || $user->activationkey == NULL)
- {
- $this->set_flash(TDE_REGISTER_ERROR, 'This account does not exist, or has already been activated.');
- }
- else
- {
- $body = "Hai " . $username . ",\n\Please activate your account by following this link: " . mkurl('user/activate', $user->activationkey) . "\n\nThank you!";
- mail($email, $body, 'Activate Account', 'From: ' . TDE_MAILER);
- $this->set_flash(TDE_REGISTER_OK, 'Resent activationkey for user <strong>' . $user->username . '</strong> to email ' . $user->email . '.');
- }
- }
- /**
- * Allows the user to modify his/her profile, such as email, subtitle, password, location, gender, age, etc.
- */
- function edit_profile()
- {
- $this->title = 'Edit Profile';
- // Fetch complete user object
- $user = $this->db->single("SELECT * FROM users WHERE id = " . $this->session->user->id);
- // Push to the view
- $this->push('user', $user);
- // Any data to process?
- if(!$this->form->is_postback())
- {
- return;
- }
- }
- /**
- * Shows the profile of a given user.
- * @param int $id The ID of the user to lookup.
- */
- function profile($id = 0)
- {
- $id = intval($id);
- $user = $this->db->single("SELECT * FROM users WHERE id = '" . $id . "'");
- if($user == NULL)
- {
- $this->set_flash(TDE_USERNOTFOUND, 'The requested user does not exist.');
- }
- else
- {
- $this->title = 'Profile of ' . $user->username;
- $this->breadcrumb('Profile of ' . $user->username, mkurl('user/profile', $user->id));
- $this->push('user', $user);
- }
- }
- /**
- * Shows a list of topics where this user has recently posted in.
- * @param int $id The ID of the user to lookup.
- */
- function history($id = 0)
- {
- $id = intval($id);
- $user = $this->db->single("SELECT * FROM users WHERE id = '" . $id . "'");
- if($user == NULL)
- {
- $this->set_flash(TDE_USERNOTFOUND, 'The requested user does not exist');
- }
- else
- {
- $this->title = 'Posthistory of ' . $user->username;
- $this->breadcrumb('Profile of ' . $user->username, mkurl('user/profile', $user->id));
- $this->breadcrumb('Posthistory', mkurl('user/history', $user->id));
- $this->push('user', $user);
- $this->push('topics', $this->db->multiple
- (
- "SELECT
- t.id AS id,
- t.title AS title,
- t.icon AS icon,
- t.closed AS closed,
- t.sticky AS sticky,
- t.views AS views,
- (SELECT COUNT(0)-1 FROM tde_posts AS p WHERE p.topic_id = t.id) AS posts,
- t.lastpost_id AS lastpost_id,
- t.lastpost_time AS lastpost_time,
- u.id AS starter_id,
- u.username AS starter,
- (SELECT username FROM users WHERE id = t.lastpost_user_id) AS lastpost_user
- FROM tde_topics AS t
- LEFT JOIN users AS u ON u.id = t.user_id
- WHERE t.user_id = '" . $user->id . "'
- ORDER BY t.lastpost_time DESC"
- ));
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement