API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 8th, 2017
118
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 12.79 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. define('USERNAME_MINLEN', 3);
  3. define('USERNAME_MAXLEN', 25);
  4. define('PASSWORD_MINLEN', 5);
  5. define('PASSWORD_MAXLEN', 15);
  6.  
  7. /**
  8.  * Handles actions related to (single) users, such as logging in/out, profiles, posthistory, etc.
  9.  * @author Nils W.
  10.  *
  11.  */
  12. class UserController extends AppController
  13. {
  14.     protected $requireLogin = array('logout', 'edit_profile');
  15.    
  16.     /**
  17.      * Handles login requests.
  18.      */
  19.     function login()
  20.     {
  21.         if($this->logged_in())
  22.         {
  23.             $this->redirect(mkurl('user/logout'));
  24.             return;
  25.         }
  26.        
  27.         $this->title = 'Login';
  28.         $this->push('ipAddress', Tunar::get()->ipaddress());
  29.         if(!$this->form->is_postback())
  30.         {
  31.             return;
  32.         }
  33.  
  34.         // Grab the data from the form and ensure all data is here
  35.         $username = $this->form->username;
  36.         $password = $this->form->password;
  37.         if(empty($username) || empty($password))
  38.         {
  39.             $this->set_flash(TDE_INCOMPLETEFORM, 'Please fill in both your username and password.');
  40.             return;
  41.         }
  42.            
  43.         // Fetch user object
  44.         $user = $this->db->single
  45.         (
  46.             "SELECT
  47.                 id,
  48.                 username,
  49.                 password,
  50.                 role,
  51.                 activationkey
  52.             FROM users
  53.             WHERE username = '" . tun_escape($username) . "'"
  54.         );
  55.            
  56.         // Valid details?
  57.         if($user == NULL || $user->password != tun_sha1($password, $user->username))
  58.         {
  59.             $this->set_flash(TDE_LOGIN_BAD, 'This combination of username/password is invalid. Lost your password? ' . hyperlink('Request a reset', 'user/forgot'));
  60.             return;
  61.         }
  62.        
  63.         // Requires activation?
  64.         if($user->activationkey != NULL)
  65.         {
  66.             $this->set_flash(TDE_LOGIN_BAD, 'This account exists, but has not been activated yet. Please follow the link in your email to activate it, or this account will expire in 24 hours.');
  67.             return;
  68.         }
  69.        
  70.         // Logged in!
  71.         $this->session->login($user, $this->form->location, intval($this->form->maxAge), ($this->form->lockIp == '1'));
  72.        
  73.         // Yay, login OK!
  74.         $this->set_flash(TDE_LOGIN_OK, 'You are logged in! Stand by while we ' . hyperlink('send you back', $this->session->referer) . '...', FALSE, $this->session->referer);
  75.     }
  76.    
  77.     /**
  78.      * Offers the user to logout one or more sessions.
  79.      */
  80.     function logout()
  81.     {
  82.         $this->title = 'Logout';
  83.        
  84.         // Stop session, delete everything and then redirect to the referer from the $_SERVER array. (because the one in Session just got destroyed)
  85.         $this->session->stop();
  86.         $this->set_flash(TDE_LOGOUT_OK, 'All cookies deleted! You are now logged out. Stand by while we ' . hyperlink('send you back', $_SERVER['HTTP_REFERER']) . '...', FALSE, $_SERVER['HTTP_REFERER']);
  87.     }
  88.    
  89.     /**
  90.      * Allows the user to request a password reset link.
  91.      */
  92.     function forgot()
  93.     {
  94.         $this->title = 'Forgot Password';
  95.        
  96.         // No form to process? Don't move my shit man then
  97.         if(!$this->form->is_postback())
  98.         {
  99.             return;
  100.         }
  101.        
  102.         // Alright...
  103.         $username = $this->form->username;
  104.         $user = $this->db->single("SELECT id,username,email FROM users WHERE username = '" . tun_escape($username) . "'");
  105.         if($user == NULL)
  106.         {
  107.             $this->set_flash(TDE_USER_NOTFOUND, 'This user does not exist!', TRUE);
  108.             return;
  109.         }
  110.        
  111.         // Store resetkey
  112.         $resetkey = tun_uniquestring($user->username);
  113.         $this->db->update('users', $user->id, array
  114.         (
  115.             'resetkey' => $resetkey
  116.         ));
  117.        
  118.         // Mail resetkey
  119.         $body = "Hai " . $user->username . ",\n\nOur records indicate that you have requested a password reset from IP address " . Tunar::get()->ipaddress() . ".\nPlease follow this link to set a new password: " . mkurl('user/reset', $resetkey) . "\nIf you haven't requested a password reset, then you can safely ignore this email.\n\nThank you!";
  120.         mail($user->email, $body, 'Password Reset', 'From: ' . TDE_MAILER);
  121.        
  122.         // Alright, all done
  123.         $this->set_flash(TDE_USER_RESET_MSG, 'We have sent a reset link to your email address. Follow the link to set a new password for your account.');
  124.     }
  125.    
  126.     /**
  127.      * Allows a user to reset a password!
  128.      * @param string $key The unique resetkey for this user account, generated by forgot_password.
  129.      */
  130.     function reset($key = 'x')
  131.     {
  132.         // Find user matching this resetkey
  133.         $user = $this->db->single("SELECT id,username FROM users WHERE resetkey = '" . tun_escape($key) . "' LIMIT 1");
  134.         if($user == NULL)
  135.         {
  136.             $this->set_flash(TDE_USER_RESET_MSG, 'This resetkey is invalid. If you are sure you have followed a correct link, then ' . hyperlink('request a new resetkey', 'user/forgot') . '.');
  137.             return;
  138.         }
  139.        
  140.         // Woei
  141.         $this->push('username', $user->username);
  142.        
  143.         // Form to submit?
  144.         if(!$this->form->is_postback())
  145.         {
  146.             return;
  147.         }
  148.        
  149.         // Validate new password
  150.         $newPassword = $this->form->password;
  151.         if($this->form->password2 != $newPassword)
  152.         {
  153.             $this->set_flash(TDE_USER_RESET_MSG, 'Passwords do not match!', TRUE);
  154.             return;
  155.         }
  156.         if(strlen($newPassword) < PASSWORD_MINLEN || strlen($newPassword) > PASSWORD_MAXLEN)
  157.         {
  158.             $this->set_flash(TDE_USER_RESET_MSG, 'The new password has to be between ' . PASSWORD_MINLEN . '-' . PASSWORD_MAXLEN . ' characters.', TRUE);
  159.         }
  160.        
  161.         // Store password hash and null resetkey
  162.         $hash = tun_sha1($newPassword, $user->username);
  163.         $this->db->update('users', $user->id, array
  164.         (
  165.             'password' => $hash,
  166.             'resetkey' => NULL
  167.         ));
  168.        
  169.         // All done!
  170.         $this->set_flash(TDE_USER_RESET_MSG, 'Your new password has been set! ' . hyperlink('Click here', 'user/login') . ' to login. :-)');
  171.     }
  172.    
  173.     /**
  174.      * Handles the signup of a new user.
  175.      */
  176.     function register($referer = NULL)
  177.     {
  178.         $this->title = 'Register';
  179.         $this->push('ipAddress', Tunar::get()->ipaddress());
  180.         if($referer) $this->push('referer', $referer);
  181.         if(!$this->form->is_postback())
  182.         {
  183.             return;
  184.         }
  185.         $errors = array();
  186.        
  187.         // Validate username
  188.         $username = $this->form->username;
  189.         if(strlen($username) < USERNAME_MINLEN || strlen($username) > USERNAME_MAXLEN)
  190.         {
  191.             $errors['username'] = 'Has to be ' . USERNAME_MINLEN . '-' . USERNAME_MAXLEN .' characters long';  
  192.         }
  193.         elseif($this->db->hits("SELECT 1 FROM users WHERE username = '" . tun_escape($username) . "'") > 0)
  194.         {
  195.             $errors['username'] = 'Already taken. Please pick a different username';
  196.         }
  197.        
  198.         // Validate email
  199.         $email = $this->form->email;
  200.         if(!tun_validate_email($email))
  201.         {
  202.             $errors['email'] = 'Invalid email address';
  203.         }
  204.        
  205.         // Validate password
  206.         $password = $this->form->password;
  207.         if($this->form->password2 != $password)
  208.         {
  209.             $errors['password2'] = 'The passwords do not match';
  210.         }
  211.         elseif(strlen($password) < PASSWORD_MINLEN || strlen($password) > PASSWORD_MAXLEN)
  212.         {
  213.             $errors['password'] = 'Your password has to be between ' . PASSWORD_MINLEN . '-' . PASSWORD_MAXLEN . ' characters.';
  214.         }
  215.        
  216.         // Validate subtitle
  217.         $subtitle = $this->form->subtitle;
  218.         if(strlen($subtitle) > 30)
  219.         {
  220.             $subtitle = substr($subtitle, 0, 30);
  221.         }
  222.        
  223.         // Validate signature
  224.         $signature = $this->form->signature;
  225.        
  226.         // TOS accepted?
  227.         if(!$this->form->acceptTos)
  228.         {
  229.             $errors['policy'] = 'You have to accept the policy!';
  230.         }
  231.        
  232.         // Alrighty, any errors?
  233.         if(count($errors) > 0)
  234.         {
  235.             if(!isset($errors['username'])) $this->push('username', $username);
  236.             if(!isset($errors['email'])) $this->push('email', $email);
  237.             $this->push('subtitle', $subtitle);
  238.             $this->push('signature', $signature);
  239.             $this->push('error', $errors);
  240.             $this->set_flash(TDE_REGISTER_ERROR, 'Invalid registration data, please correct', TRUE);
  241.             return;
  242.         }
  243.        
  244.         // Lowercase the email
  245.         $email = strtolower($email);
  246.        
  247.         /// Generate activation key
  248.         $activationkey = tun_uniquestring($username);
  249.        
  250.         // Insert the user
  251.         $time = tun_now();
  252.         $user_id = $this->db->insert('users', array
  253.         (
  254.             'username' => $username,
  255.             'password' => tun_sha1($password, $username),
  256.             'email' => $email,
  257.             'subtitle' => $subtitle,
  258.             'signature' => $signature,
  259.             'lastactivity' => $time,
  260.             'registered' => $time,
  261.             'registration_ip' => Tunar::get()->ipaddress(),
  262.             'activationkey' => $activationkey
  263.         ));
  264.        
  265.         // Send the activation key!
  266.         $body = "Hai " . $username . ",\n\nOur records indicate that you have registered to our service from IP address " . Tunar::get()->ipaddress() . ".\nIn order to start using your new account, you will have to activate it. Please click this activation link and you can your account will be activated: " . mkurl('user/activate', $activationkey) . "\n\nThank you!";
  267.         mail($email, $body, 'Activate Account', 'From: ' . TDE_MAILER);
  268.        
  269.         // Yay!
  270.         $this->set_flash(TDE_REGISTER_OK, 'You have been successfully registered! We have sent an email to ' . $email . ', with instructions to activate your account. You must activate your account before you are able to login. If you do not activate your account within 24h, it will be deleted and the username will be released. See you soon! :-)');
  271.     }
  272.    
  273.     /**
  274.      * Activates a user account so that it's ready for using TDE.
  275.      * @param string $key The unique user activation key sent to the user by email.
  276.      */
  277.     function activate($key = 'x')
  278.     {
  279.         $this->title = 'Activate User';
  280.        
  281.         // Find the user matching this key
  282.         $user = $this->db->single("SELECT id,username FROM users WHERE activationkey = '" . tun_escape($key) . "' LIMIT 1");
  283.         if($user == NULL)
  284.         {
  285.             $this->set_flash(TDE_REGISTER_ERROR, 'Invalid activation key specified. The account either is activated already, or has expired. Do you want to ' . hyperlink('register a new account', 'user/register') . '?');
  286.             return;
  287.         }
  288.        
  289.         // Activate the account by nulling the activationkey
  290.         $this->db->update('users', $user->id, array
  291.         (
  292.             'activationkey' => NULL
  293.         ));
  294.        
  295.         // Redirect to login form
  296.         $this->set_flash(TDE_REGISTER_OK, 'The account <strong>' . $user->username . '</strong> has been activated successfully. You are being redirected to the ' . hyperlink('login form', 'user/login') . ' now...', FALSE, mkurl('user/login'));
  297.     }
  298.    
  299.     function resend_activationkey($username = '')
  300.     {
  301.         $this->title = 'Resend activationkey';
  302.         $user = $this->db->single("SELECT id,username,email,activationkey FROM users WHERE username = '" . tun_escape($username) . "'");
  303.         if($user == NULL || $user->activationkey == NULL)
  304.         {
  305.             $this->set_flash(TDE_REGISTER_ERROR, 'This account does not exist, or has already been activated.');
  306.         }
  307.         else
  308.         {
  309.             $body = "Hai " . $username . ",\n\Please activate your account by following this link: " . mkurl('user/activate', $user->activationkey) . "\n\nThank you!";
  310.             mail($email, $body, 'Activate Account', 'From: ' . TDE_MAILER);
  311.             $this->set_flash(TDE_REGISTER_OK, 'Resent activationkey for user <strong>' . $user->username . '</strong> to email ' . $user->email . '.');
  312.         }
  313.     }
  314.    
  315.     /**
  316.      * Allows the user to modify his/her profile, such as email, subtitle, password, location, gender, age, etc.
  317.      */
  318.     function edit_profile()
  319.     {
  320.         $this->title = 'Edit Profile';
  321.        
  322.         // Fetch complete user object
  323.         $user = $this->db->single("SELECT * FROM users WHERE id = " . $this->session->user->id);
  324.        
  325.         // Push to the view
  326.         $this->push('user', $user);
  327.        
  328.         // Any data to process?
  329.         if(!$this->form->is_postback())
  330.         {
  331.             return;
  332.         }
  333.     }
  334.     /**
  335.      * Shows the profile of a given user.
  336.      * @param int $id The ID of the user to lookup.
  337.      */
  338.     function profile($id = 0)
  339.     {
  340.         $id = intval($id);
  341.         $user = $this->db->single("SELECT * FROM users WHERE id = '" . $id . "'");
  342.         if($user == NULL)
  343.         {
  344.             $this->set_flash(TDE_USERNOTFOUND, 'The requested user does not exist.');
  345.         }
  346.         else
  347.         {
  348.             $this->title = 'Profile of ' . $user->username;
  349.             $this->breadcrumb('Profile of ' . $user->username, mkurl('user/profile', $user->id));
  350.             $this->push('user', $user);
  351.         }
  352.     }
  353.    
  354.     /**
  355.      * Shows a list of topics where this user has recently posted in.
  356.      * @param int $id The ID of the user to lookup.
  357.      */
  358.     function history($id = 0)
  359.     {
  360.         $id = intval($id);
  361.         $user = $this->db->single("SELECT * FROM users WHERE id = '" . $id . "'");
  362.         if($user == NULL)
  363.         {
  364.             $this->set_flash(TDE_USERNOTFOUND, 'The requested user does not exist');
  365.         }
  366.         else
  367.         {
  368.             $this->title = 'Posthistory of ' . $user->username;
  369.             $this->breadcrumb('Profile of ' . $user->username, mkurl('user/profile', $user->id));
  370.             $this->breadcrumb('Posthistory', mkurl('user/history', $user->id));
  371.             $this->push('user', $user);
  372.             $this->push('topics', $this->db->multiple
  373.             (
  374.                 "SELECT
  375.                     t.id AS id,
  376.                     t.title AS title,
  377.                     t.icon AS icon,
  378.                     t.closed AS closed,
  379.                     t.sticky AS sticky,
  380.                     t.views AS views,
  381.                     (SELECT COUNT(0)-1 FROM tde_posts AS p WHERE p.topic_id = t.id) AS posts,
  382.                     t.lastpost_id AS lastpost_id,
  383.                     t.lastpost_time AS lastpost_time,
  384.                
  385.                     u.id AS starter_id,
  386.                     u.username AS starter,
  387.                     (SELECT username FROM users WHERE id = t.lastpost_user_id) AS lastpost_user
  388.                 FROM tde_topics AS t
  389.                 LEFT JOIN users AS u ON u.id = t.user_id
  390.                 WHERE t.user_id = '" . $user->id . "'
  391.                 ORDER BY t.lastpost_time DESC"
  392.             ));
  393.         }
  394.     }
  395. }
  396. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!