2018-01-08 Auth, Register

app/Controllers/Routing.php

@@ -36,14 +36,11 @@ class Routing
         // регистрация/вход/выход
         if ($user->isGuest) {
             // вход
-            $r->add('GET',  '/login', 'Auth:login', 'Login');
-            $r->add('POST', '/login', 'Auth:loginPost');
+            $r->add(['GET', 'POST'], '/login', 'Auth:login', 'Login');
             // забыли кодовую фразу
-            $r->add('GET',  '/login/forget', 'Auth:forget', 'Forget');
-            $r->add('POST', '/login/forget', 'Auth:forgetPost');
+            $r->add(['GET', 'POST'],  '/login/forget', 'Auth:forget', 'Forget');
             // смена кодовой фразы
-            $r->add('GET',  '/login/{email}/{key}/{hash}', 'Auth:changePass', 'ChangePassword');
-            $r->add('POST', '/login/{email}/{key}/{hash}', 'Auth:changePassPost');
+            $r->add(['GET', 'POST'],  '/login/{email}/{key}/{hash}', 'Auth:changePass', 'ChangePassword');
 
             // регистрация
             if ($config->o_regs_allow == '1') {

app/Core/Mail.php

@@ -540,7 +540,11 @@ class Mail
     {
         // завершение сеанса smtp
         if (is_resource($this->connect)) {
-            $this->smtpData('QUIT', null);
+            try {
+                $this->smtpData('QUIT', null);
+            } catch (MailException $e) {
+                //????
+            }
             @fclose($this->connect);
         }
     }

app/Models/BanList/IsBanned.php

@@ -16,11 +16,11 @@ class IsBanned extends Method
      */
     public function isBanned(User $user)
     {
-        $name  = $this->model->trimToNull($this->model->username, true);
+        $name  = $this->model->trimToNull($user->username, true);
         if (null !== $name && isset($this->model->userList[$name])) {
             return 1;
         }
-        $email = $this->model->trimToNull($this->model->email);
+        $email = $this->model->trimToNull($user->email);
         if (null !== $email) {
             foreach ($this->model->otherList as $row) {
                 if (null === $row['email']) {

app/Models/Pages/Admin/Categories.php

@@ -26,6 +26,7 @@ class Categories extends Admin
                 'form.*.cat_name'      => 'required|string:trim|max:80',
                 'form.*.disp_position' => 'required|integer|min:0|max:9999999999',
                 'new'                  => 'string:trim|max:80'
+            ])->setAliases([
             ])->setArguments([
             ])->setMessages([
             ]);
@@ -138,6 +139,7 @@ class Categories extends Admin
                 'confirm'   => 'integer',
                 'delete'    => 'string',
                 'cancel'    => 'string',
+            ])->setAliases([
             ])->setArguments([
                 'token' => $args,
             ]);

app/Models/Pages/Admin/Censoring.php

@@ -24,6 +24,7 @@ class Censoring extends Admin
                 'o_censoring'         => 'required|integer|in:0,1',
                 'form.*.search_for'   => 'string:trim|max:60',
                 'form.*.replace_with' => 'string:trim|max:60',
+            ])->setAliases([
             ])->setArguments([
             ])->setMessages([
             ]);

app/Models/Pages/Admin/Forums.php

@@ -114,6 +114,7 @@ class Forums extends Admin
             $v = $this->c->Validator->setRules([
                 'token'                => 'token:AdminForums',
                 'form.*.disp_position' => 'required|integer|min:0|max:9999999999',
+            ])->setAliases([
             ])->setArguments([
             ])->setMessages([
             ]);
@@ -249,6 +250,7 @@ class Forums extends Admin
                 'confirm'   => 'integer',
                 'delete'    => 'string',
                 'cancel'    => 'string',
+            ])->setAliases([
             ])->setArguments([
                 'token' => $args,
             ]);
@@ -366,6 +368,7 @@ class Forums extends Admin
                 'perms.*.post_topics'  => 'checkbox',
                 'submit'               => 'string',
                 'reset'                => empty($forum->id) ? 'absent' : 'string',
+            ])->setAliases([
             ])->setArguments([
                 'token' => $args,
             ]);

app/Models/Pages/Admin/Groups.php

@@ -114,6 +114,7 @@ class Groups extends Admin
         $v = $this->c->Validator->setRules([
             'token'        => 'token:AdminGroupsDefault',
             'defaultgroup' => 'required|integer|in:' . implode(',', array_keys($this->groupsDefault)),
+        ])->setAliases([
         ])->setMessages([
             'defaultgroup.in' => 'Invalid default group',
         ]);
@@ -143,6 +144,7 @@ class Groups extends Admin
             $v = $this->c->Validator->setRules([
                 'token'     => 'token:AdminGroupsNew',
                 'basegroup' => 'required|integer|in:' . implode(',', array_keys($this->groupsNew)),
+            ])->setAliases([
             ])->setMessages([
                 'basegroup.in' => 'Invalid group to create on base',
             ]);
@@ -223,6 +225,7 @@ class Groups extends Admin
                 'g_search_flood'         => 'integer|min:0|max:999999',
                 'g_email_flood'          => 'integer|min:0|max:999999',
                 'g_report_flood'         => 'integer|min:0|max:999999',
+            ])->setAliases([
             ])->setArguments([
                 'token' => $vars,
             ])->setMessages([
@@ -621,6 +624,7 @@ class Groups extends Admin
                 'confirm'   => 'integer',
                 'delete'    => 'string',
                 'cancel'    => 'string',
+            ])->setAliases([
             ])->setArguments([
                 'token' => $args,
             ]);

app/Models/Pages/Admin/Options.php

@@ -87,6 +87,7 @@ class Options extends Admin
                 'o_announcement_message'  => 'string:trim|max:65000 bytes',
                 'o_maintenance'           => 'required|integer|in:0,1|check_empty:o_maintenance_message',
                 'o_maintenance_message'   => 'string:trim|max:65000 bytes',
+            ])->setAliases([
             ])->setArguments([
             ])->setMessages([
                 'o_board_title'     => 'Must enter title message',

app/Models/Pages/Admin/Permissions.php

@@ -36,6 +36,7 @@ class Permissions extends Admin
                 'p_sig_all_caps'          => 'required|integer|in:0,1',
                 'p_sig_length'            => 'required|integer|min:0|max:16000',
                 'p_sig_lines'             => 'required|integer|min:0|max:100',
+            ])->setAliases([
             ])->setArguments([
             ])->setMessages([
             ]);

app/Models/Pages/Auth.php

@@ -24,7 +24,7 @@ class Auth extends Page
      */
     public function logout($args)
     {
-        if (empty($args['token']) || ! $this->c->Csrf->verify($args['token'], 'Logout', $args)) {
+        if (! $this->c->Csrf->verify($args['token'], 'Logout', $args)) {
             return $this->c->Redirect->page('Index')->message('Bad token');
         }
 
@@ -37,24 +37,37 @@ class Auth extends Page
     }
 
     /**
-     * Подготовка данных для страницы входа на форум
+     * Вход на форум
      * 
      * @param array $args
+     * @param string $method
      * 
      * @return Page
      */
-    public function login(array $args)
+    public function login(array $args, $method)
     {
         $this->c->Lang->load('auth');
 
-        $save = empty($args) || ! empty($args['_save']);
-
-        if (! isset($args['_username'])) {
-            $args['_username'] = '';
-        }
-        if (! isset($args['_redirect'])) {
-            $args['_redirect'] = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
-            $args['_redirect'] = $this->c->Router->validate($args['_redirect'], 'Index');
+        $v = null;
+        if ('POST' === $method) {
+            $v = $this->c->Validator->addValidators([
+                'login_process' => [$this, 'vLoginProcess'],
+            ])->setRules([
+                'token'    => 'token:Login',
+                'redirect' => 'required|referer:Index',
+                'username' => 'required|string',
+                'password' => 'required|string|login_process',
+                'save'     => 'checkbox',
+            ])->setAliases([
+                'username' => 'Username',
+                'password' => 'Passphrase',
+            ]);
+    
+            if ($v->validation($_POST)) {
+                return $this->c->Redirect->url($v->redirect)->message('Login redirect');
+            }
+            
+            $this->fIswev = $v->getErrors();
         }
 
         $this->fIndex     = 'login';
@@ -66,46 +79,15 @@ class Auth extends Page
         $this->formToken  = $this->c->Csrf->create('Login');
         $this->forgetLink = $this->c->Router->link('Forget');
         $this->regLink    = $this->c->config->o_regs_allow == '1' ? $this->c->Router->link('Register') : null;
-        $this->username   = $args['_username'];
-        $this->redirect   = $args['_redirect'];
-        $this->save       = $save;
+        $this->username   = $v ? $v->username : (isset($args['_username']) ? $args['_username'] : '');
+        $this->redirect   = $v ? $v->redirect : $this->c->Router->validate($_SERVER['HTTP_REFERER'], 'Index'); //????
+        $this->save       = $v ? $v->save : 1;
 
         return $this;
     }
 
     /**
-     * Вход на форум
-     * 
-     * @return Page
-     */
-    public function loginPost()
-    {
-        $this->c->Lang->load('auth');
-
-        $v = $this->c->Validator->addValidators([
-            'login_process' => [$this, 'vLoginProcess'],
-        ])->setRules([
-            'token'    => 'token:Login',
-            'redirect' => 'referer:Index',
-            'username' => ['required|string', \ForkBB\__('Username')],
-            'password' => ['required|string|login_process', \ForkBB\__('Passphrase')],
-            'save'     => 'checkbox',
-        ]);
-
-        if ($v->validation($_POST)) {
-            return $this->c->Redirect->url($v->redirect)->message('Login redirect');
-        } else {
-            $this->fIswev = $v->getErrors();
-            return $this->login([
-                '_username' => $v->username,
-                '_redirect' => $v->redirect,
-                '_save'     => $v->save,
-            ]);
-        }
-    }
-
-    /**
-     * Проверка по базе и вход на форум
+     * Проверка по базе и вход
      * 
      * @param Validator $v
      * @param string $password
@@ -143,6 +125,10 @@ class Auth extends Page
                 ) {
                     $user->registration_ip = $this->c->user->ip;
                 }
+                // сбросить запрос на смену кодовой фразы
+                if (! empty($user->activate_string) && 'p' === $user->activate_string{0}) {
+                    $user->activate_string = null;
+                }
                 // изменения юзера в базе
                 $this->c->users->update($user);
 
@@ -154,18 +140,63 @@ class Auth extends Page
     }
 
     /**
-     * Подготовка данных для страницы восстановления пароля
+     * Запрос на смену кодовой фразы
      * 
      * @param array $args
+     * @param string $method
      * 
      * @return Page
      */
-    public function forget(array $args)
+    public function forget(array $args, $method)
     {
         $this->c->Lang->load('auth');
 
-        if (! isset($args['_email'])) {
-            $args['_email'] = '';
+        $v = null;
+        if ('POST' === $method) {
+            $v = $this->c->Validator->addValidators([
+                'check_email' => [$this, 'vCheckEmail'],
+            ])->setRules([
+                'token' => 'token:Forget',
+                'email' => 'required|string:trim,lower|email|check_email',
+            ])->setAliases([
+            ])->setMessages([
+                'email.email' => 'Invalid email',
+            ]);
+
+            if ($v->validation($_POST)) {
+                $key = 'p' . $this->c->Secury->randomPass(79);
+                $hash = $this->c->Secury->hash($v->email . $key);
+                $link = $this->c->Router->link('ChangePassword', ['email' => $v->email, 'key' => $key, 'hash' => $hash]);
+                $tplData = [
+                    'fRootLink' => $this->c->Router->link('Index'),
+                    'fMailer' => \ForkBB\__('Mailer', $this->c->config->o_board_title),
+                    'username' => $this->tmpUser->username,
+                    'link' => $link,
+                ];
+        
+                try {
+                    $isSent = $this->c->Mail
+                        ->reset()
+                        ->setFolder($this->c->DIR_LANG)
+                        ->setLanguage($this->tmpUser->language)
+                        ->setTo($v->email, $this->tmpUser->username)
+                        ->setFrom($this->c->config->o_webmaster_email, \ForkBB\__('Mailer', $this->c->config->o_board_title))
+                        ->setTpl('passphrase_reset.tpl', $tplData)
+                        ->send();
+                } catch (MailException $e) {
+                    $isSent = false;
+                }
+
+                if ($isSent) {
+                    $this->tmpUser->activate_string = $key;
+                    $this->tmpUser->last_email_sent = time();
+                    $this->c->users->update($this->tmpUser);
+                    return $this->c->Message->message(\ForkBB\__('Forget mail', $this->c->config->o_admin_email), false, 200);
+                } else {
+                    return $this->c->Message->message(\ForkBB\__('Error mail', $this->c->config->o_admin_email), true, 200);
+                }
+            }
+            $this->fIswev = $v->getErrors();
         }
 
         $this->fIndex     = 'login';
@@ -175,69 +206,11 @@ class Auth extends Page
         $this->titles     = \ForkBB\__('Passphrase reset');
         $this->formAction = $this->c->Router->link('Forget');
         $this->formToken  = $this->c->Csrf->create('Forget');
-        $this->email      = $args['_email'];
+        $this->email      = $v ? $v->email : (isset($args['_email']) ? $args['_email'] : '');
 
         return $this;
     }
 
-    /**
-     * Отправка письма для восстановления пароля
-     * 
-     * @return Page
-     */
-    public function forgetPost()
-    {
-        $this->c->Lang->load('auth');
-
-        $v = $this->c->Validator->addValidators([
-            'check_email' => [$this, 'vCheckEmail'],
-        ])->setRules([
-            'token' => 'token:Forget',
-            'email' => 'required|string:trim,lower|email|check_email',
-        ])->setMessages([
-            'email.email' => 'Invalid email',
-        ]);
-
-        if (! $v->validation($_POST)) {
-            $this->fIswev = $v->getErrors();
-            return $this->forget([
-                '_email' => $v->email,
-            ]);
-        }
-
-        $key = 'p' . $this->c->Secury->randomPass(79);
-        $hash = $this->c->Secury->hash($v->email . $key);
-        $link = $this->c->Router->link('ChangePassword', ['email' => $v->email, 'key' => $key, 'hash' => $hash]);
-        $tplData = [
-            'fRootLink' => $this->c->Router->link('Index'),
-            'fMailer' => \ForkBB\__('Mailer', $this->c->config->o_board_title),
-            'username' => $this->tmpUser->username,
-            'link' => $link,
-        ];
-
-        try {
-            $isSent = $this->c->Mail
-                ->reset()
-                ->setFolder($this->c->DIR_LANG)
-                ->setLanguage($this->tmpUser->language)
-                ->setTo($v->email, $this->tmpUser->username)
-                ->setFrom($this->c->config->o_webmaster_email, \ForkBB\__('Mailer', $this->c->config->o_board_title))
-                ->setTpl('passphrase_reset.tpl', $tplData)
-                ->send();
-        } catch (MailException $e) {
-            $isSent = false;
-        }
-
-        if ($isSent) {
-            $this->tmpUser->activate_string = $key;
-            $this->tmpUser->last_email_sent = time();
-            $this->c->users->update($this->tmpUser);
-            return $this->c->Message->message(\ForkBB\__('Forget mail', $this->c->config->o_admin_email), false, 200);
-        } else {
-            return $this->c->Message->message(\ForkBB\__('Error mail', $this->c->config->o_admin_email), true, 200);
-        }
-    }
-
     /**
      * Дополнительная проверка email
      * 
@@ -249,17 +222,14 @@ class Auth extends Page
     public function vCheckEmail(Validator $v, $email)
     {
         if (! empty($v->getErrors())) {
-            return $email;
-        }
-            
         // email забанен
-        if ($this->c->bans->isBanned($this->c->users->create(['email' => $email])) > 0) {
+        } elseif ($this->c->bans->isBanned($this->c->users->create(['email' => $email])) > 0) {
             $v->addError('Banned email');
         // нет пользователя с таким email
         } elseif (! ($user = $this->c->users->load($email, 'email')) instanceof User) {
             $v->addError('Invalid email');
         // за последний час уже был запрос на этот email
-        } elseif (! empty($user->last_email_sent) && time() - $user->last_email_sent < 3600) {
+        } elseif ($user->last_email_sent > 0 && time() - $user->last_email_sent < 3600) {
             $v->addError(\ForkBB\__('Email flood', (int) (($user->last_email_sent + 3600 - time()) / 60)), 'e');
         } else {
             $this->tmpUser = $user;
@@ -268,33 +238,57 @@ class Auth extends Page
     }
 
     /**
-     * Подготовка данных для формы изменения пароля
+     * Смена кодовой фразы
      * 
      * @param array $args
+     * @param string $method
      * 
      * @return Page
      */
-    public function changePass(array $args)
+    public function changePass(array $args, $method)
     {
-        if (isset($args['_user'])) {
-            $user = $args['_user'];
-            unset($args['_user']);
-        } else {
-            // что-то пошло не так
-            if (! hash_equals($args['hash'], $this->c->Secury->hash($args['email'] . $args['key']))
-                || ! ($user = $this->c->users->load($args['email'], 'email')) instanceof User
-                || empty($user->activate_string)
-                || $user->activate_string{0} !== 'p'
-                || ! hash_equals($user->activate_string, $args['key'])
-            ) {
-                return $this->c->Message->message('Bad request', false);
-            }
+        // что-то пошло не так
+        if (! hash_equals($args['hash'], $this->c->Secury->hash($args['email'] . $args['key']))
+            || ! ($user = $this->c->users->load($args['email'], 'email')) instanceof User
+            || empty($user->activate_string)
+            || 'p' !== $user->activate_string{0}
+            || ! hash_equals($user->activate_string, $args['key'])
+        ) {
+            return $this->c->Message->message('Bad request', false);
         }
 
         $this->c->Lang->load('auth');
 
+        if ('POST' === $method) {
+            $v = $this->c->Validator->setRules([
+                'token'     => 'token:ChangePassword',
+                'password'  => 'required|string|min:16|password',
+                'password2' => 'required|same:password',
+            ])->setAliases([
+                'password'  => 'New pass',
+                'password2' => 'Confirm new pass',
+            ])->setArguments([
+                'token' => $args,
+            ])->setMessages([
+                'password.password'  => 'Pass format',
+                'password2.same'     => 'Pass not match',
+            ]);
+    
+            if ($v->validation($_POST)) {
+                $user->password        = password_hash($v->password, PASSWORD_DEFAULT);
+                $user->email_confirmed = 1;
+                $user->activate_string = null;
+                $this->c->users->update($user);
+        
+                $this->a['fIswev']['s'][] = \ForkBB\__('Pass updated');
+                return $this->login([], 'GET');
+            }
+
+            $this->fIswev = $v->getErrors();
+        }
+        // активация аккаунта (письмо активации не дошло, заказали восстановление)
         if ($user->isUnverified) {
-            $user->group_id = $this->c->config->o_default_user_group;
+            $user->group_id        = $this->c->config->o_default_user_group;
             $user->email_confirmed = 1;
             $this->c->users->update($user);
             $this->c->Cache->delete('stats');
@@ -311,53 +305,4 @@ class Auth extends Page
 
         return $this;
     }
-
-    /**
-     * Смена пароля
-     * 
-     * @param array $args
-     * 
-     * @return Page
-     */
-    public function changePassPost(array $args)
-    {
-        // что-то пошло не так
-        if (! hash_equals($args['hash'], $this->c->Secury->hash($args['email'] . $args['key']))
-            || ! ($user = $this->c->users->load($args['email'], 'email')) instanceof User
-            || empty($user->activate_string)
-            || $user->activate_string{0} !== 'p'
-            || ! hash_equals($user->activate_string, $args['key'])
-        ) {
-            return $this->c->Message->message('Bad request', false);
-        }
-
-        $this->c->Lang->load('auth');
-
-        $v = $this->c->Validator;
-        $v->setRules([
-            'token'     => 'token:ChangePassword',
-            'password'  => ['required|string|min:16|password', \ForkBB\__('New pass')],
-            'password2' => ['required|same:password', \ForkBB\__('Confirm new pass')],
-        ])->setArguments([
-            'token' => $args,
-        ])->setMessages([
-            'password.password'  => 'Pass format',
-            'password2.same'     => 'Pass not match',
-        ]);
-
-        if (! $v->validation($_POST)) {
-            $this->fIswev = $v->getErrors();
-            $args['_user'] = $user;
-            return $this->changePass($args);
-        }
-        $data = $v->getData();
-
-        $user->password = password_hash($data['password'], PASSWORD_DEFAULT);
-        $user->email_confirmed = 1;
-        $user->activate_string = null;
-        $this->c->users->update($user);
-
-        $this->a['fIswev']['s'][] = \ForkBB\__('Pass updated');
-        return $this->login(['_redirect' => $this->c->Router->link('Index')]);
-    }
 }

app/Models/Pages/Delete.php

@@ -35,6 +35,7 @@ class Delete extends Page
                 'confirm' => 'integer',
                 'delete'  => 'string',
                 'cancel'  => 'string',
+            ])->setAliases([
             ])->setArguments([
                 'token' => $args,
             ]);

app/Models/Pages/PostValidatorTrait.php

@@ -217,6 +217,7 @@ trait PostValidatorTrait
             'preview'      => 'string',
             'submit'       => 'string|check_timeout',
             'message'      => 'required|string:trim|max:' . $this->c->MAX_POST_SIZE . '|check_message',
+        ])->setAliases([
         ])->setArguments([
             'token'                 => $args,
             'subject.check_subject' => $executive,

app/Models/Pages/Register.php

@@ -10,7 +10,7 @@ use ForkBB\Models\User\Model as User;
 class Register extends Page
 {
     /**
-     * Обработчик регистрации
+     * Регистрация
      * 
      * @return Page
      */
@@ -25,9 +25,13 @@ class Register extends Page
             'token'    => 'token:RegisterForm',
             'agree'    => 'required|token:Register',
             'on'       => 'integer',
-            'email'    => ['required_with:on|string:trim,lower|email|check_email', \ForkBB\__('Email')],
-            'username' => ['required_with:on|string:trim,spaces|min:2|max:25|login|check_username', \ForkBB\__('Username')],
-            'password' => ['required_with:on|string|min:16|password', \ForkBB\__('Passphrase')],
+            'email'    => 'required_with:on|string:trim,lower|email|check_email',
+            'username' => 'required_with:on|string:trim,spaces|min:2|max:25|login|check_username',
+            'password' => 'required_with:on|string|min:16|password',
+        ])->setAliases([
+            'email'    => 'Email',
+            'username' => 'Username',
+            'password' => 'Passphrase',
         ])->setMessages([
             'agree.required'    => ['cancel', 'cancel'],
             'agree.token'       => [\ForkBB\__('Bad agree', $this->c->Router->link('Register')), 'w'],
@@ -36,7 +40,7 @@ class Register extends Page
         ]);
 
         // завершение регистрации
-        if ($v->validation($_POST) && $v->on === 1) {
+        if ($v->validation($_POST) && 1 === $v->on) {
             return $this->regEnd($v);
         }
 
@@ -72,11 +76,8 @@ class Register extends Page
      */
     public function vCheckEmail(Validator $v, $email)
     {
-        $user = $this->c->users->create();
-        $user->__email = $email;
-
         // email забанен
-        if ($this->c->bans->isBanned($user) > 0) {
+        if ($this->c->bans->isBanned($this->c->users->create(['email' => $email])) > 0) {
             $v->addError('Banned email');
         // найден хотя бы 1 юзер с таким же email
         } elseif (empty($v->getErrors()) && 0 !== $this->c->users->load($email, 'email')) {
@@ -95,11 +96,10 @@ class Register extends Page
      */
     public function vCheckUsername(Validator $v, $username)
     {
-        $user = $this->c->users->create();
-        $user->__username = $username;
+        $user = $this->c->users->create(['username' => $username]);
 
         // username = Гость
-        if (preg_match('%^(guest|' . preg_quote(\ForkBB\__('Guest'), '%') . ')$%iu', $username)) {
+        if (preg_match('%^(guest|' . preg_quote(\ForkBB\__('Guest'), '%') . ')$%iu', $username)) { //????
             $v->addError('Username guest');
         // цензура
         } elseif ($this->c->censorship->censor($username) !== $username) {
@@ -117,13 +117,13 @@ class Register extends Page
     /**
      * Завершение регистрации
      * 
-     * @param array @data
+     * @param Validator $v
      * 
      * @return Page
      */
     protected function regEnd(Validator $v)
     {
-        if ($this->c->config->o_regs_verify == '1') {
+        if ('1' == $this->c->config->o_regs_verify) {
             $groupId = 0;
             $key = 'w' . $this->c->Secury->randomPass(79);
         } else {
@@ -143,20 +143,20 @@ class Register extends Page
         $user->email_setting   = $this->c->config->o_default_email_setting;
         $user->timezone        = $this->c->config->o_default_timezone;
         $user->dst             = $this->c->config->o_default_dst;
-        $user->language        = $user->language;
-        $user->style           = $user->style;
+        $user->language        = $user->language; //????
+        $user->style           = $user->style;    //????
         $user->registered      = time();
         $user->registration_ip = $this->c->user->ip;
             
         $newUserId = $this->c->users->insert($user);
 
         // обновление статистики по пользователям
-        if ($this->c->config->o_regs_verify != '1') {
+        if ('1' != $this->c->config->o_regs_verify) {
             $this->c->Cache->delete('stats');
         }
 
         // уведомление о регистрации
-        if ($this->c->config->o_regs_report == '1' && $this->c->config->o_mailing_list != '') {
+        if ('1' == $this->c->config->o_regs_report && '' != $this->c->config->o_mailing_list) {
             $tplData = [
                 'fTitle' => $this->c->config->o_board_title,
                 'fRootLink' => $this->c->Router->link('Index'),
@@ -182,7 +182,7 @@ class Register extends Page
         $this->c->Lang->load('register');
 
         // отправка письма активации аккаунта
-        if ($this->c->config->o_regs_verify == '1') {
+        if ('1' == $this->c->config->o_regs_verify) {
             $hash = $this->c->Secury->hash($newUserId . $key);
             $link = $this->c->Router->link('RegActivate', ['id' => $newUserId, 'key' => $key, 'hash' => $hash]);
             $tplData = [
@@ -213,13 +213,13 @@ class Register extends Page
             } else {
                 $auth = $this->c->Auth;
                 $auth->fIswev = ['w' => [\ForkBB\__('Error welcom mail', $this->c->config->o_admin_email)]];
-                return $auth->forget(['_email' => $v->email]);
+                return $auth->forget(['_email' => $v->email], 'GET');
             }
         // форма логина
         } else {
             $auth = $this->c->Auth;
             $auth->fIswev = ['s' => [\ForkBB\__('Reg complete')]];
-            return $auth->login(['_username' => $v->username]);
+            return $auth->login(['_username' => $v->username], 'GET');
         }
     }
 
@@ -235,23 +235,23 @@ class Register extends Page
         if (! hash_equals($args['hash'], $this->c->Secury->hash($args['id'] . $args['key']))
             || ! ($user = $this->c->users->load($args['id'])) instanceof User
             || empty($user->activate_string)
-            || $user->activate_string{0} !== 'w'
+            || 'w' !== $user->activate_string{0} 
             || ! hash_equals($user->activate_string, $args['key'])
         ) {
             return $this->c->Message->message('Bad request', false);
         }
 
-        $user->group_id = $this->c->config->o_default_user_group;
+        $user->group_id        = $this->c->config->o_default_user_group;
         $user->email_confirmed = 1;
         $user->activate_string = null;
         $this->c->users->update($user);
 
-        $this->c->Cache->delete('stats'); //????
+        $this->c->Cache->delete('stats');
 
         $this->c->Lang->load('register');
 
         $auth = $this->c->Auth;
         $auth->fIswev = ['s' => [\ForkBB\__('Reg complete')]];
-        return $auth->login(['_username' => $v->username]);
+        return $auth->login(['_username' => $user->username], 'GET');
     }
 }

app/Models/User/Save.php

@@ -28,7 +28,7 @@ class Save extends Action
         }
         $values = $user->getAttrs();
 
-        if ($user->isGuest) {
+        if ($user->isGuest && ! $user->isUnverified) {
             $fileds = $this->c->dbMap->online;
             $table  = 'online';
             $where  = 'user_id=1 AND ident=?s';
@@ -48,7 +48,7 @@ class Save extends Action
         if (empty($set)) {
             return $user;
         }
-        if ($user->isGuest) {
+        if ($user->isGuest && ! $user->isUnverified) {
             $vars[] = $user->ip;
         } else {
             $vars[] = $user->id;