2013-10-05 12:55:03 +02:00
|
|
|
<?php
|
2013-10-05 21:24:20 +02:00
|
|
|
class AuthController
|
2013-10-05 12:55:03 +02:00
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @route /auth/login
|
|
|
|
|
*/
|
|
|
|
|
public function loginAction()
|
|
|
|
|
{
|
2013-10-12 22:37:18 +02:00
|
|
|
$this->context->handleExceptions = true;
|
2013-10-12 19:28:52 +02:00
|
|
|
$this->context->stylesheets []= 'auth.css';
|
2013-10-06 18:50:06 +02:00
|
|
|
$this->context->subTitle = 'authentication form';
|
2013-10-05 21:22:28 +02:00
|
|
|
|
2013-10-05 12:55:03 +02:00
|
|
|
//check if already logged in
|
|
|
|
|
if ($this->context->loggedIn)
|
|
|
|
|
{
|
2013-10-05 19:24:08 +02:00
|
|
|
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
|
2013-10-05 12:55:03 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-15 13:14:48 +02:00
|
|
|
$suppliedName = InputHelper::get('name');
|
|
|
|
|
$suppliedPassword = InputHelper::get('password');
|
|
|
|
|
if ($suppliedName !== null and $suppliedPassword !== null)
|
2013-10-05 12:55:03 +02:00
|
|
|
{
|
2013-10-15 13:14:48 +02:00
|
|
|
$dbUser = R::findOne('user', 'name = ?', [$suppliedName]);
|
2013-10-05 12:55:03 +02:00
|
|
|
if ($dbUser === null)
|
|
|
|
|
throw new SimpleException('Invalid username');
|
|
|
|
|
|
2013-10-15 13:14:48 +02:00
|
|
|
$suppliedPasswordHash = Model_User::hashPassword($suppliedPassword, $dbUser->pass_salt);
|
|
|
|
|
if ($suppliedPasswordHash != $dbUser->pass_hash)
|
2013-10-05 12:55:03 +02:00
|
|
|
throw new SimpleException('Invalid password');
|
|
|
|
|
|
2013-10-13 13:53:24 +02:00
|
|
|
if (!$dbUser->staff_confirmed and $this->config->registration->staffActivation)
|
|
|
|
|
throw new SimpleException('Staff hasn\'t confirmed your registration yet');
|
2013-10-05 12:55:03 +02:00
|
|
|
|
2013-10-15 13:14:48 +02:00
|
|
|
if ($dbUser->banned)
|
|
|
|
|
throw new SimpleException('You are banned');
|
|
|
|
|
|
2013-10-13 13:53:24 +02:00
|
|
|
if (!$dbUser->email_confirmed and $this->config->registration->emailActivation)
|
2013-10-05 12:55:03 +02:00
|
|
|
throw new SimpleException('You haven\'t confirmed your e-mail address yet');
|
|
|
|
|
|
|
|
|
|
$_SESSION['user-id'] = $dbUser->id;
|
2013-10-05 19:24:08 +02:00
|
|
|
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
|
2013-10-05 12:55:03 +02:00
|
|
|
$this->context->transport->success = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @route /auth/logout
|
|
|
|
|
*/
|
|
|
|
|
public function logoutAction()
|
|
|
|
|
{
|
|
|
|
|
$this->context->viewName = null;
|
|
|
|
|
$this->context->viewName = null;
|
|
|
|
|
unset($_SESSION['user-id']);
|
2013-10-05 19:24:08 +02:00
|
|
|
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
|
2013-10-05 12:55:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @route /register
|
|
|
|
|
*/
|
|
|
|
|
public function registerAction()
|
|
|
|
|
{
|
2013-10-12 22:37:18 +02:00
|
|
|
$this->context->handleExceptions = true;
|
2013-10-12 19:28:52 +02:00
|
|
|
$this->context->stylesheets []= 'auth.css';
|
2013-10-05 21:22:28 +02:00
|
|
|
$this->context->subTitle = 'registration form';
|
|
|
|
|
|
2013-10-05 12:55:03 +02:00
|
|
|
//check if already logged in
|
|
|
|
|
if ($this->context->loggedIn)
|
|
|
|
|
{
|
2013-10-05 19:24:08 +02:00
|
|
|
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
|
2013-10-05 12:55:03 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-15 13:14:48 +02:00
|
|
|
$suppliedName = InputHelper::get('name');
|
|
|
|
|
$suppliedPassword1 = InputHelper::get('password1');
|
|
|
|
|
$suppliedPassword2 = InputHelper::get('password2');
|
2013-10-05 12:55:03 +02:00
|
|
|
$suppliedEmail = InputHelper::get('email');
|
2013-10-15 13:14:48 +02:00
|
|
|
$this->context->suppliedName = $suppliedName;
|
|
|
|
|
$this->context->suppliedPassword1 = $suppliedPassword1;
|
|
|
|
|
$this->context->suppliedPassword2 = $suppliedPassword2;
|
2013-10-05 12:55:03 +02:00
|
|
|
$this->context->suppliedEmail = $suppliedEmail;
|
|
|
|
|
|
|
|
|
|
$regConfig = $this->config->registration;
|
|
|
|
|
$emailActivation = $regConfig->emailActivation;
|
2013-10-13 13:53:24 +02:00
|
|
|
$staffActivation = $regConfig->staffActivation;
|
2013-10-05 12:55:03 +02:00
|
|
|
|
2013-10-13 13:53:24 +02:00
|
|
|
$this->context->transport->staffActivation = $staffActivation;
|
2013-10-05 12:55:03 +02:00
|
|
|
$this->context->transport->emailActivation = $emailActivation;
|
|
|
|
|
|
2013-10-15 13:14:48 +02:00
|
|
|
if ($suppliedName !== null)
|
2013-10-05 12:55:03 +02:00
|
|
|
{
|
2013-10-15 13:14:48 +02:00
|
|
|
$suppliedName = Model_User::validateUserName($suppliedName);
|
2013-10-13 13:53:24 +02:00
|
|
|
|
2013-10-15 13:14:48 +02:00
|
|
|
if ($suppliedPassword1 != $suppliedPassword2)
|
2013-10-05 12:55:03 +02:00
|
|
|
throw new SimpleException('Specified passwords must be the same');
|
2013-10-15 13:14:48 +02:00
|
|
|
$suppliedPassword = Model_User::validatePassword($suppliedPassword1);
|
2013-10-05 12:55:03 +02:00
|
|
|
|
2013-10-15 13:14:48 +02:00
|
|
|
$suppliedEmail = Model_User::validateEmail($suppliedEmail);
|
2013-10-05 12:55:03 +02:00
|
|
|
if (empty($suppliedEmail) and $emailActivation)
|
|
|
|
|
throw new SimpleException('E-mail address is required - you will be sent confirmation e-mail.');
|
|
|
|
|
|
|
|
|
|
//register the user
|
|
|
|
|
$dbUser = R::dispense('user');
|
2013-10-15 13:14:48 +02:00
|
|
|
$dbUser->name = $suppliedName;
|
2013-10-05 12:55:03 +02:00
|
|
|
$dbUser->pass_salt = md5(mt_rand() . uniqid());
|
2013-10-15 13:14:48 +02:00
|
|
|
$dbUser->pass_hash = Model_User::hashPassword($suppliedPassword, $dbUser->pass_salt);
|
2013-10-05 12:55:03 +02:00
|
|
|
$dbUser->email = $suppliedEmail;
|
2013-10-14 10:22:53 +02:00
|
|
|
$dbUser->join_date = time();
|
2013-10-15 13:14:48 +02:00
|
|
|
if (R::findOne('user') === null)
|
|
|
|
|
{
|
|
|
|
|
$dbUser->staff_confirmed = true;
|
|
|
|
|
$dbUser->email_confirmed = true;
|
|
|
|
|
$dbUser->access_rank = AccessRank::Admin;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$dbUser->staff_confirmed = false;
|
|
|
|
|
$dbUser->email_confirmed = false;
|
|
|
|
|
$dbUser->access_rank = AccessRank::Registered;
|
|
|
|
|
}
|
2013-10-05 12:55:03 +02:00
|
|
|
|
2013-10-05 17:10:18 +02:00
|
|
|
//prepare unique registration token
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
$emailToken = md5(mt_rand() . uniqid());
|
|
|
|
|
}
|
|
|
|
|
while (R::findOne('user', 'email_token = ?', [$emailToken]) !== null);
|
|
|
|
|
$dbUser->email_token = $emailToken;
|
|
|
|
|
|
2013-10-05 12:55:03 +02:00
|
|
|
//send the e-mail
|
|
|
|
|
if ($emailActivation)
|
|
|
|
|
{
|
|
|
|
|
$tokens = [];
|
|
|
|
|
$tokens['host'] = $_SERVER['HTTP_HOST'];
|
|
|
|
|
$tokens['link'] = \Chibi\UrlHelper::route('auth', 'activation', ['token' => $dbUser->email_token]);
|
|
|
|
|
|
|
|
|
|
$body = wordwrap(TextHelper::replaceTokens($regConfig->activationEmailBody, $tokens), 70);
|
|
|
|
|
$subject = TextHelper::replaceTokens($regConfig->activationEmailSubject, $tokens);
|
|
|
|
|
$senderName = TextHelper::replaceTokens($regConfig->activationEmailSenderName, $tokens);
|
|
|
|
|
$senderEmail = $regConfig->activationEmailSenderEmail;
|
|
|
|
|
|
|
|
|
|
$headers = [];
|
|
|
|
|
$headers[] = sprintf('From: %s <%s>', $senderName, $senderEmail);
|
|
|
|
|
$headers[] = sprintf('Subject: %s', $subject);
|
|
|
|
|
$headers[] = sprintf('X-Mailer: PHP/%s', phpversion());
|
|
|
|
|
mail($dbUser->email, $subject, $body, implode("\r\n", $headers));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//save the user to db if everything went okay
|
|
|
|
|
R::store($dbUser);
|
|
|
|
|
$this->context->transport->success = true;
|
|
|
|
|
|
2013-10-13 13:53:24 +02:00
|
|
|
if (!$emailActivation and !$staffActivation)
|
2013-10-05 12:55:03 +02:00
|
|
|
{
|
|
|
|
|
$_SESSION['user-id'] = $dbUser->id;
|
2013-10-05 19:24:08 +02:00
|
|
|
\Chibi\Registry::getBootstrap()->attachUser();
|
2013-10-05 12:55:03 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @route /activation/{token}
|
|
|
|
|
*/
|
|
|
|
|
public function activationAction($token)
|
|
|
|
|
{
|
2013-10-05 21:22:28 +02:00
|
|
|
$this->context->subTitle = 'account activation';
|
|
|
|
|
|
2013-10-05 12:55:03 +02:00
|
|
|
//check if already logged in
|
|
|
|
|
if ($this->context->loggedIn)
|
|
|
|
|
{
|
2013-10-05 19:24:08 +02:00
|
|
|
\Chibi\UrlHelper::forward(\Chibi\UrlHelper::route('index', 'index'));
|
2013-10-05 12:55:03 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (empty($token))
|
|
|
|
|
throw new SimpleException('Invalid activation token');
|
|
|
|
|
|
|
|
|
|
$dbUser = R::findOne('user', 'email_token = ?', [$token]);
|
|
|
|
|
if ($dbUser === null)
|
|
|
|
|
throw new SimpleException('No user with such activation token');
|
|
|
|
|
|
|
|
|
|
if ($dbUser->email_confirmed)
|
|
|
|
|
throw new SimpleException('This user was already activated');
|
|
|
|
|
|
|
|
|
|
$dbUser->email_confirmed = true;
|
|
|
|
|
R::store($dbUser);
|
|
|
|
|
$this->context->transport->success = true;
|
|
|
|
|
|
2013-10-13 13:53:24 +02:00
|
|
|
$staffActivation = $this->config->registration->staffActivation;
|
|
|
|
|
$this->context->transport->staffActivation = $staffActivation;
|
|
|
|
|
if (!$staffActivation)
|
2013-10-05 12:55:03 +02:00
|
|
|
{
|
|
|
|
|
$_SESSION['user-id'] = $dbUser->id;
|
2013-10-05 19:24:08 +02:00
|
|
|
\Chibi\Registry::getBootstrap()->attachUser();
|
2013-10-05 12:55:03 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
