API tools faq
paste
Guest User

Untitled

a guest
Jan 23rd, 2018
60
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.46 KB | None | 0 0
raw download clone embed print report
  1. <?php defined('BASEPATH') OR exit('No direct script access allowed');
  2.  
  3. if ( ! class_exists('Controller'))
  4. {
  5. class Controller extends CI_Controller {}
  6. }
  7.  
  8. class Auth extends Controller {
  9.  
  10. function __construct()
  11. {
  12. parent::__construct();
  13. $this->load->library('ion_auth');
  14. $this->load->library('session');
  15. $this->load->library('form_validation');
  16. $this->load->database();
  17. $this->load->helper('url');
  18. }
  19.  
  20. //redirect if needed, otherwise display the user list
  21. function index()
  22. {
  23.  
  24. if (!$this->ion_auth->logged_in())
  25. {
  26. //redirect them to the login page
  27. redirect('auth/login', 'refresh');
  28. }
  29. elseif (!$this->ion_auth->is_admin())
  30. {
  31. //redirect them to the home page because they must be an administrator to view this
  32. redirect($this->config->item('base_url'), 'refresh');
  33. }
  34. else
  35. {
  36. //set the flash data error message if there is one
  37. $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
  38.  
  39. //list the users
  40. $this->data['users'] = $this->ion_auth->users()->result();
  41. foreach ($this->data['users'] as $k => $user)
  42. {
  43. $this->data['users'][$k]->groups = $this->ion_auth->get_users_groups($user->id);
  44. }
  45.  
  46. $this->load->library('encrypt');
  47. $this->load->helper('url');
  48. $this->load->view('header');
  49. $this->load->view('auth/index', $this->data);
  50. }
  51. }
  52.  
  53. //log the user in
  54. function login()
  55. {
  56. $this->data['title'] = "Login";
  57.  
  58. //validate form input
  59. $this->form_validation->set_rules('identity', 'Identity', 'required');
  60. $this->form_validation->set_rules('password', 'Password', 'required');
  61.  
  62. if ($this->form_validation->run() == true)
  63. { //check to see if the user is logging in
  64. //check for "remember me"
  65. $remember = (bool) $this->input->post('remember');
  66.  
  67. if ($this->ion_auth->login($this->input->post('identity'), $this->input->post('password'), $remember))
  68. { //if the login is successful
  69. //redirect them back to the home page
  70. $this->session->set_flashdata('message', $this->ion_auth->messages());
  71. redirect($this->config->item('base_url'), 'refresh');
  72. }
  73. else
  74. { //if the login was un-successful
  75. //redirect them back to the login page
  76. $this->session->set_flashdata('message', $this->ion_auth->errors());
  77. redirect('auth/login', 'refresh'); //use redirects instead of loading views for compatibility with MY_Controller libraries
  78. }
  79. }
  80. else
  81. { //the user is not logging in so display the login page
  82. //set the flash data error message if there is one
  83. $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
  84.  
  85. $this->data['identity'] = array('name' => 'identity',
  86. 'id' => 'identity',
  87. 'type' => 'text',
  88. 'value' => $this->form_validation->set_value('identity'),
  89. );
  90. $this->data['password'] = array('name' => 'password',
  91. 'id' => 'password',
  92. 'type' => 'password',
  93. );
  94.  
  95. $this->load->library('encrypt');
  96. $this->load->helper('url');
  97. $this->load->view('header');
  98. $this->load->view('auth/login', $this->data);
  99. }
  100. }
  101.  
  102. //log the user out
  103. function logout()
  104. {
  105. $this->data['title'] = "Logout";
  106.  
  107. //log the user out
  108. $logout = $this->ion_auth->logout();
  109.  
  110. //redirect them back to the page they came from
  111. redirect('auth', 'refresh');
  112. }
  113.  
  114. //change password
  115. function change_password()
  116. {
  117. $this->form_validation->set_rules('old', 'Old password', 'required');
  118. $this->form_validation->set_rules('new', 'New Password', 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[new_confirm]');
  119. $this->form_validation->set_rules('new_confirm', 'Confirm New Password', 'required');
  120.  
  121. if (!$this->ion_auth->logged_in())
  122. {
  123. redirect('auth/login', 'refresh');
  124. }
  125.  
  126. $user = $this->ion_auth->current()->row();
  127.  
  128. if ($this->form_validation->run() == false)
  129. { //display the form
  130. //set the flash data error message if there is one
  131. $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
  132.  
  133. $this->data['old_password'] = array(
  134. 'name' => 'old',
  135. 'id' => 'old',
  136. 'type' => 'password',
  137. );
  138. $this->data['new_password'] = array(
  139. 'name' => 'new',
  140. 'id' => 'new',
  141. 'type' => 'password',
  142. );
  143. $this->data['new_password_confirm'] = array(
  144. 'name' => 'new_confirm',
  145. 'id' => 'new_confirm',
  146. 'type' => 'password',
  147. );
  148. $this->data['user_id'] = array(
  149. 'name' => 'user_id',
  150. 'id' => 'user_id',
  151. 'type' => 'hidden',
  152. 'value' => $user->id,
  153. );
  154.  
  155. //render
  156. $this->load->library('encrypt');
  157. $this->load->helper('url');
  158. $this->load->view('header');
  159. $this->load->view('auth/change_password', $this->data);
  160. }
  161. else
  162. {
  163. $identity = $this->session->userdata($this->config->item('identity', 'ion_auth'));
  164.  
  165. $change = $this->ion_auth->change_password($identity, $this->input->post('old'), $this->input->post('new'));
  166.  
  167. if ($change)
  168. { //if the password was successfully changed
  169. $this->session->set_flashdata('message', $this->ion_auth->messages());
  170. $this->logout();
  171. }
  172. else
  173. {
  174. $this->session->set_flashdata('message', $this->ion_auth->errors());
  175. redirect('auth/change_password', 'refresh');
  176. }
  177. }
  178. }
  179.  
  180. //forgot password
  181. function forgot_password()
  182. {
  183. $this->form_validation->set_rules('email', 'Email Address', 'required');
  184. if ($this->form_validation->run() == false)
  185. {
  186. //setup the input
  187. $this->data['email'] = array('name' => 'email',
  188. 'id' => 'email',
  189. );
  190. //set any errors and display the form
  191. $this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
  192. $this->load->library('encrypt');
  193. $this->load->helper('url');
  194. $this->load->view('header');
  195. $this->load->view('auth/forgot_password', $this->data);
  196. }
  197. else
  198. {
  199. //run the forgotten password method to email an activation code to the user
  200. $forgotten = $this->ion_auth->forgotten_password($this->input->post('email'));
  201.  
  202. if ($forgotten)
  203. { //if there were no errors
  204. $this->session->set_flashdata('message', $this->ion_auth->messages());
  205. redirect("auth/login", 'refresh'); //we should display a confirmation page here instead of the login page
  206. }
  207. else
  208. {
  209. $this->session->set_flashdata('message', $this->ion_auth->errors());
  210. redirect("auth/forgot_password", 'refresh');
  211. }
  212. }
  213. }
  214.  
  215. //reset password - final step for forgotten password
  216. public function reset_password($code)
  217. {
  218. $reset = $this->ion_auth->forgotten_password_complete($code);
  219.  
  220. if ($reset)
  221. { //if the reset worked then send them to the login page
  222. $this->session->set_flashdata('message', $this->ion_auth->messages());
  223. redirect("auth/login", 'refresh');
  224. }
  225. else
  226. { //if the reset didnt work then send them back to the forgot password page
  227. $this->session->set_flashdata('message', $this->ion_auth->errors());
  228. redirect("auth/forgot_password", 'refresh');
  229. }
  230. }
  231.  
  232. //activate the user
  233. function activate($id, $code=false)
  234. {
  235. if ($code !== false)
  236. $activation = $this->ion_auth->activate($id, $code);
  237. else if ($this->ion_auth->is_admin())
  238. $activation = $this->ion_auth->activate($id);
  239.  
  240. if ($activation)
  241. {
  242. //redirect them to the auth page
  243. $this->session->set_flashdata('message', $this->ion_auth->messages());
  244. redirect("auth", 'refresh');
  245. }
  246. else
  247. {
  248. //redirect them to the forgot password page
  249. $this->session->set_flashdata('message', $this->ion_auth->errors());
  250. redirect("auth/forgot_password", 'refresh');
  251. }
  252. }
  253.  
  254. //deactivate the user
  255. function deactivate($id = NULL)
  256. {
  257. // no funny business, force to integer
  258. $id = (int) $id;
  259.  
  260. $this->load->library('form_validation');
  261. $this->form_validation->set_rules('confirm', 'confirmation', 'required');
  262. $this->form_validation->set_rules('id', 'user ID', 'required|is_natural');
  263.  
  264. if ($this->form_validation->run() == FALSE)
  265. {
  266. // insert csrf check
  267. $this->data['csrf'] = $this->_get_csrf_nonce();
  268. $this->data['user'] = $this->ion_auth->user($id)->row();
  269.  
  270. $this->load->view('auth/deactivate_user', $this->data);
  271. }
  272. else
  273. {
  274. // do we really want to deactivate?
  275. if ($this->input->post('confirm') == 'yes')
  276. {
  277. // do we have a valid request?
  278. if ($this->_valid_csrf_nonce() === FALSE || $id != $this->input->post('id'))
  279. {
  280. show_404();
  281. }
  282.  
  283. // do we have the right userlevel?
  284. if ($this->ion_auth->logged_in() && $this->ion_auth->is_admin())
  285. {
  286. $this->ion_auth->deactivate($id);
  287. }
  288. }
  289.  
  290. //redirect them back to the auth page
  291. redirect('auth', 'refresh');
  292. }
  293. }
  294.  
  295. //create a new user
  296. function create_user()
  297. {
  298. $this->data['title'] = "Create User";
  299.  
  300. if (!$this->ion_auth->logged_in() || !$this->ion_auth->is_admin())
  301. {
  302. redirect('auth', 'refresh');
  303. }
  304.  
  305. //validate form input
  306. $this->form_validation->set_rules('first_name', 'First Name', 'required|xss_clean');
  307. $this->form_validation->set_rules('last_name', 'Last Name', 'required|xss_clean');
  308. $this->form_validation->set_rules('email', 'Email Address', 'required|valid_email');
  309. $this->form_validation->set_rules('phone1', 'First Part of Phone', 'required|xss_clean|min_length[3]|max_length[3]');
  310. $this->form_validation->set_rules('phone2', 'Second Part of Phone', 'required|xss_clean|min_length[3]|max_length[3]');
  311. $this->form_validation->set_rules('phone3', 'Third Part of Phone', 'required|xss_clean|min_length[4]|max_length[4]');
  312. $this->form_validation->set_rules('company', 'Company Name', 'required|xss_clean');
  313. $this->form_validation->set_rules('password', 'Password', 'required|min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[password_confirm]');
  314. $this->form_validation->set_rules('password_confirm', 'Password Confirmation', 'required');
  315.  
  316. if ($this->form_validation->run() == true)
  317. {
  318. $username = strtolower($this->input->post('first_name')) . ' ' . strtolower($this->input->post('last_name'));
  319. $email = $this->input->post('email');
  320. $password = $this->input->post('password');
  321.  
  322. $additional_data = array('first_name' => $this->input->post('first_name'),
  323. 'last_name' => $this->input->post('last_name'),
  324. 'company' => $this->input->post('company'),
  325. 'phone' => $this->input->post('phone1') . '-' . $this->input->post('phone2') . '-' . $this->input->post('phone3'),
  326. );
  327. }
  328. if ($this->form_validation->run() == true && $this->ion_auth->register($username, $password, $email, $additional_data))
  329. { //check to see if we are creating the user
  330. //redirect them back to the admin page
  331. $this->session->set_flashdata('message', "User Created");
  332. redirect("auth", 'refresh');
  333. }
  334. else
  335. { //display the create user form
  336. //set the flash data error message if there is one
  337. $this->data['message'] = (validation_errors() ? validation_errors() : ($this->ion_auth->errors() ? $this->ion_auth->errors() : $this->session->flashdata('message')));
  338.  
  339. $this->data['first_name'] = array('name' => 'first_name',
  340. 'id' => 'first_name',
  341. 'type' => 'text',
  342. 'value' => $this->form_validation->set_value('first_name'),
  343. );
  344. $this->data['last_name'] = array('name' => 'last_name',
  345. 'id' => 'last_name',
  346. 'type' => 'text',
  347. 'value' => $this->form_validation->set_value('last_name'),
  348. );
  349. $this->data['email'] = array('name' => 'email',
  350. 'id' => 'email',
  351. 'type' => 'text',
  352. 'value' => $this->form_validation->set_value('email'),
  353. );
  354. $this->data['company'] = array('name' => 'company',
  355. 'id' => 'company',
  356. 'type' => 'text',
  357. 'value' => $this->form_validation->set_value('company'),
  358. );
  359. $this->data['phone1'] = array('name' => 'phone1',
  360. 'id' => 'phone1',
  361. 'type' => 'text',
  362. 'value' => $this->form_validation->set_value('phone1'),
  363. );
  364. $this->data['phone2'] = array('name' => 'phone2',
  365. 'id' => 'phone2',
  366. 'type' => 'text',
  367. 'value' => $this->form_validation->set_value('phone2'),
  368. );
  369. $this->data['phone3'] = array('name' => 'phone3',
  370. 'id' => 'phone3',
  371. 'type' => 'text',
  372. 'value' => $this->form_validation->set_value('phone3'),
  373. );
  374. $this->data['password'] = array('name' => 'password',
  375. 'id' => 'password',
  376. 'type' => 'password',
  377. 'value' => $this->form_validation->set_value('password'),
  378. );
  379. $this->data['password_confirm'] = array('name' => 'password_confirm',
  380. 'id' => 'password_confirm',
  381. 'type' => 'password',
  382. 'value' => $this->form_validation->set_value('password_confirm'),
  383. );
  384. $this->load->library('encrypt');
  385. $this->load->helper('url');
  386. $this->load->view('header');
  387. $this->load->view('auth/create_user', $this->data);
  388. }
  389. }
  390.  
  391. function _get_csrf_nonce()
  392. {
  393. $this->load->helper('string');
  394. $key = random_string('alnum', 8);
  395. $value = random_string('alnum', 20);
  396. $this->session->set_flashdata('csrfkey', $key);
  397. $this->session->set_flashdata('csrfvalue', $value);
  398.  
  399. return array($key => $value);
  400. }
  401.  
  402. function _valid_csrf_nonce()
  403. {
  404. if ($this->input->post($this->session->flashdata('csrfkey')) !== FALSE &&
  405. $this->input->post($this->session->flashdata('csrfkey')) == $this->session->flashdata('csrfvalue'))
  406. {
  407. return TRUE;
  408. }
  409. else
  410. {
  411. return FALSE;
  412. }
  413. }
  414.  
  415. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!