We use cookies to ensure you get the best experience on our website
Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
0ct0pu5
/
forkbb
1
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: fd84958f0b
Branche Tagy
forkbb
/
app
/
Models
/
Pages
/
Auth.php

Auth.php 17 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * This file is part of the ForkBB <https://github.com/forkbb>.
    4. 

  4.  *
    5. 

  5.  * @copyright (c) Visman <mio.visman@yandex.ru, https://github.com/MioVisman>
    6. 

  6.  * @license   The MIT License (MIT)
    7. 

  7.  */
    8. 

  8. 

  9. declare(strict_types=1);
    10. 

  10. 

  11. namespace ForkBB\Models\Pages;
    12. 

  12. 

  13. use ForkBB\Core\Validator;
    14. 

  14. use ForkBB\Core\Exceptions\MailException;
    15. 

  15. use ForkBB\Models\Page;
    16. 

  16. use ForkBB\Models\User\Model as User;
    17. 

  17. use function \ForkBB\__;
    18. 

  18. 

  19. class Auth extends Page
    20. 

  20. {
    21. 

  21.     /**
    22. 

  22.      * Выход пользователя
    23. 

  23.      */
    24. 

  24.     public function logout(array $args): Page
    25. 

  25.     {
    26. 

  26.         if (! $this->c->Csrf->verify($args['token'], 'Logout', $args)) {
    27. 

  27.             $this->c->Log->warning('Logout: fail', [
    28. 

  28.                 'user' => $this->user->fLog(),
    29. 

  29.             ]);
    30. 

  30. 

  31.             return $this->c->Redirect->page('Index')->message($this->c->Csrf->getError());
    32. 

  32.         }
    33. 

  33. 

  34.         $this->c->Cookie->deleteUser();
    35. 

  35.         $this->c->Online->delete($this->user);
    36. 

  36.         $this->c->users->updateLastVisit($this->user);
    37. 

  37. 

  38.         $this->c->Log->info('Logout: ok', [
    39. 

  39.             'user' => $this->user->fLog(),
    40. 

  40.         ]);
    41. 

  41. 

  42.         $this->c->Lang->load('auth');
    43. 

  43. 

  44.         return $this->c->Redirect->page('Index')->message('Logout redirect');
    45. 

  45.     }
    46. 

  46. 

  47.     /**
    48. 

  48.      * Вход на форум
    49. 

  49.      */
    50. 

  50.     public function login(array $args, string $method, string $username = ''): Page
    51. 

  51.     {
    52. 

  52.         $this->c->Lang->load('validator');
    53. 

  53.         $this->c->Lang->load('auth');
    54. 

  54. 

  55.         $v = null;
    56. 

  56.         if ('POST' === $method) {
    57. 

  57.             $v = $this->c->Validator->reset()
    58. 

  58.                 ->addValidators([
    59. 

  59.                     'login_check' => [$this, 'vLoginCheck'],
    60. 

  60.                 ])->addRules([
    61. 

  61.                     'token'    => 'token:Login',
    62. 

  62.                     'redirect' => 'required|referer:Index',
    63. 

  63.                     'username' => 'required|string',
    64. 

  64.                     'password' => 'required|string|login_check',
    65. 

  65.                     'save'     => 'checkbox',
    66. 

  66.                     'login'    => 'required|string',
    67. 

  67.                 ])->addAliases([
    68. 

  68.                     'username' => 'Username',
    69. 

  69.                     'password' => 'Passphrase',
    70. 

  70.                 ]);
    71. 

  71. 

  72.             $v = $this->c->Test->beforeValidation($v);
    73. 

  73. 

  74.             if ($v->validation($_POST, true)) {
    75. 

  75.                 $this->loginEnd($v);
    76. 

  76. 

  77.                 return $this->c->Redirect->url($v->redirect)->message('Login redirect');
    78. 

  78.             }
    79. 

  79. 

  80.             $this->fIswev = $v->getErrors();
    81. 

  81. 

  82.             $this->c->Log->warning('Login: fail', [
    83. 

  83.                 'user'   => $this->user->fLog(),
    84. 

  84.                 'errors' => $v->getErrorsWithoutType(),
    85. 

  85.                 'form'   => $v->getData(false, ['token', 'password']),
    86. 

  86.             ]);
    87. 

  87. 

  88.             $this->httpStatus = 400;
    89. 

  89.         }
    90. 

  90. 

  91.         $ref = $this->c->Secury->replInvalidChars($_SERVER['HTTP_REFERER'] ?? '');
    92. 

  92. 

  93.         $this->hhsLevel   = 'secure';
    94. 

  94.         $this->fIndex     = 'login';
    95. 

  95.         $this->nameTpl    = 'login';
    96. 

  96.         $this->onlinePos  = 'login';
    97. 

  97.         $this->robots     = 'noindex';
    98. 

  98.         $this->titles     = __('Login');
    99. 

  99.         $this->regLink    = '1' == $this->c->config->o_regs_allow ? $this->c->Router->link('Register') : null;
    100. 

  100. 

  101.         $username         = $v ? $v->username : $username;
    102. 

  102.         $save             = $v ? $v->save : 1;
    103. 

  103.         $redirect         = $v ? $v->redirect : $this->c->Router->validate($ref, 'Index');
    104. 

  104.         $this->form       = $this->formLogin($username, $save, $redirect);
    105. 

  105. 

  106.         return $this;
    107. 

  107.     }
    108. 

  108. 

  109.     /**
    110. 

  110.      * Обрабатывает вход пользователя
    111. 

  111.      */
    112. 

  112.     protected function loginEnd(Validator $v): void
    113. 

  113.     {
    114. 

  114.         $this->c->users->updateLoginIpCache($this->userAfterLogin, true); // ????
    115. 

  115. 

  116.         // сбросить запрос на смену кодовой фразы
    117. 

  117.         if (32 === \strlen($this->userAfterLogin->activate_string)) {
    118. 

  118.             $this->userAfterLogin->activate_string = '';
    119. 

  119.         }
    120. 

  120.         // изменения юзера в базе
    121. 

  121.         $this->c->users->update($this->userAfterLogin);
    122. 

  122. 

  123.         $this->c->Online->delete($this->user);
    124. 

  124.         $this->c->Cookie->setUser($this->userAfterLogin, (bool) $v->save);
    125. 

  125. 

  126.         $this->c->Log->info('Login: ok', [
    127. 

  127.             'user'    => $this->userAfterLogin->fLog(),
    128. 

  128.             'form'    => $v->getData(false, ['token', 'password']),
    129. 

  129.             'headers' => true,
    130. 

  130.         ]);
    131. 

  131.     }
    132. 

  132. 

  133.     /**
    134. 

  134.      * Подготавливает массив данных для формы
    135. 

  135.      */
    136. 

  136.     protected function formLogin(string $username, /* mixed */ $save, string $redirect): array
    137. 

  137.     {
    138. 

  138.         return [
    139. 

  139.             'action' => $this->c->Router->link('Login'),
    140. 

  140.             'hidden' => [
    141. 

  141.                 'token'    => $this->c->Csrf->create('Login'),
    142. 

  142.                 'redirect' => $redirect,
    143. 

  143.             ],
    144. 

  144.             'sets'   => [
    145. 

  145.                 'login' => [
    146. 

  146.                     'fields' => [
    147. 

  147.                         'username' => [
    148. 

  148.                             'autofocus' => true,
    149. 

  149.                             'type'      => 'text',
    150. 

  150.                             'value'     => $username,
    151. 

  151.                             'caption'   => __('Username'),
    152. 

  152.                             'required'  => true,
    153. 

  153.                         ],
    154. 

  154.                         'password' => [
    155. 

  155.                             'id'        => 'passinlogin',
    156. 

  156.                             'type'      => 'password',
    157. 

  157.                             'caption'   => __('Passphrase'),
    158. 

  158.                             'help'      => ['<a href="%s">Forgotten?</a>', $this->c->Router->link('Forget')],
    159. 

  159.                             'required'  => true,
    160. 

  160.                         ],
    161. 

  161.                         'save' => [
    162. 

  162.                             'type'    => 'checkbox',
    163. 

  163.                             'label'   => __('Remember me'),
    164. 

  164.                             'value'   => '1',
    165. 

  165.                             'checked' => $save,
    166. 

  166.                         ],
    167. 

  167.                     ],
    168. 

  168.                 ],
    169. 

  169.             ],
    170. 

  170.             'btns'   => [
    171. 

  171.                 'login' => [
    172. 

  172.                     'type'  => 'submit',
    173. 

  173.                     'value' => __('Sign in'),
    174. 

  174.                 ],
    175. 

  175.             ],
    176. 

  176.         ];
    177. 

  177.     }
    178. 

  178. 

  179.     /**
    180. 

  180.      * Проверка пользователя по базе
    181. 

  181.      */
    182. 

  182.     public function vLoginCheck(Validator $v, $password)
    183. 

  183.     {
    184. 

  184.         if (empty($v->getErrors())) {
    185. 

  185.             $this->userAfterLogin = $this->c->users->loadByName($v->username);
    186. 

  186. 

  187.             if (
    188. 

  188.                 ! $this->userAfterLogin instanceof User
    189. 

  189.                 || $this->userAfterLogin->isGuest
    190. 

  190.             ) {
    191. 

  191.                 $v->addError('Wrong user/pass');
    192. 

  192.             } elseif ($this->userAfterLogin->isUnverified) {
    193. 

  193.                 $v->addError('Account is not activated', 'w');
    194. 

  194.             } elseif (! \password_verify($password, $this->userAfterLogin->password)) {
    195. 

  195.                 $v->addError('Wrong user/pass');
    196. 

  196.             }
    197. 

  197.         }
    198. 

  198. 

  199.         if (! empty($v->getErrors())) {
    200. 

  200.             $this->userAfterLogin = null;
    201. 

  201.         }
    202. 

  202. 

  203.         return $password;
    204. 

  204.     }
    205. 

  205. 

  206.     /**
    207. 

  207.      * Запрос на смену кодовой фразы
    208. 

  208.      */
    209. 

  209.     public function forget(array $args, string $method, string $email = ''): Page
    210. 

  210.     {
    211. 

  211.         $this->c->Lang->load('validator');
    212. 

  212.         $this->c->Lang->load('auth');
    213. 

  213. 

  214.         $v = null;
    215. 

  215. 

  216.         if ('POST' === $method) {
    217. 

  217.             $v = $this->c->Validator->reset()
    218. 

  218.                 ->addValidators([
    219. 

  219.                 ])->addRules([
    220. 

  220.                     'token'  => 'token:Forget',
    221. 

  221.                     'email'  => 'required|string:trim|email',
    222. 

  222.                     'submit' => 'required|string',
    223. 

  223.                 ])->addAliases([
    224. 

  224.                 ])->addMessages([
    225. 

  225.                     'email.email' => 'Invalid email',
    226. 

  226.                 ])->addArguments([
    227. 

  227.                 ]);
    228. 

  228. 

  229.             $v       = $this->c->Test->beforeValidation($v);
    230. 

  230.             $isValid = $v->validation($_POST, true);
    231. 

  231.             $context = [
    232. 

  232.                 'user'    => $this->user->fLog(), // ???? Guest only?
    233. 

  233.                 'errors'  => $v->getErrorsWithoutType(),
    234. 

  234.                 'form'    => $v->getData(false, ['token']),
    235. 

  235.                 'headers' => true,
    236. 

  236.             ];
    237. 

  237. 

  238.             if ($isValid) {
    239. 

  239.                 $tmpUser = $this->c->users->create();
    240. 

  240.                 $isSent  = false;
    241. 

  241. 

  242.                 $v = $v->reset()
    243. 

  243.                     ->addRules([
    244. 

  244.                         'email' => 'required|string:trim|email:nosoloban,exists,flood',
    245. 

  245.                     ])->addArguments([
    246. 

  246.                         'email.email' => $tmpUser, // сюда идет возрат данных по найденному пользователю
    247. 

  247.                     ]);
    248. 

  248. 

  249.                 if (
    250. 

  250.                     $v->validation($_POST)
    251. 

  251.                     && 0 === $this->c->bans->banFromName($tmpUser->username)
    252. 

  252.                 ) {
    253. 

  253.                     $this->c->Csrf->setHashExpiration(259200); // ???? хэш действует 72 часа
    254. 

  254. 

  255.                     $key  = $this->c->Secury->randomPass(32);
    256. 

  256.                     $link = $this->c->Router->link(
    257. 

  257.                         'ChangePassword',
    258. 

  258.                         [
    259. 

  259.                             'id'   => $tmpUser->id,
    260. 

  260.                             'key'  => $key,
    261. 

  261.                         ]
    262. 

  262.                     );
    263. 

  263.                     $tplData = [
    264. 

  264.                         'fRootLink' => $this->c->Router->link('Index'),
    265. 

  265.                         'fMailer'   => __(['Mailer', $this->c->config->o_board_title]),
    266. 

  266.                         'username'  => $tmpUser->username,
    267. 

  267.                         'link'      => $link,
    268. 

  268.                     ];
    269. 

  269. 

  270.                     try {
    271. 

  271.                         $isSent = $this->c->Mail
    272. 

  272.                             ->reset()
    273. 

  273.                             ->setMaxRecipients(1)
    274. 

  274.                             ->setFolder($this->c->DIR_LANG)
    275. 

  275.                             ->setLanguage($tmpUser->language)
    276. 

  276.                             ->setTo($tmpUser->email, $tmpUser->username)
    277. 

  277.                             ->setFrom($this->c->config->o_webmaster_email, $tplData['fMailer'])
    278. 

  278.                             ->setTpl('passphrase_reset.tpl', $tplData)
    279. 

  279.                             ->send();
    280. 

  280.                     } catch (MailException $e) {
    281. 

  281.                         $this->c->Log->error('Passphrase reset: email form, MailException', [
    282. 

  282.                             'exception' => $e,
    283. 

  283.                             'headers'   => false,
    284. 

  284.                         ]);
    285. 

  285.                     }
    286. 

  286. 

  287.                     if ($isSent) {
    288. 

  288.                         $tmpUser->activate_string = $key;
    289. 

  289.                         $tmpUser->last_email_sent = \time();
    290. 

  290. 

  291.                         $this->c->users->update($tmpUser);
    292. 

  292. 

  293.                         $this->c->Log->info('Passphrase reset: email form, ok', $context);
    294. 

  294.                     }
    295. 

  295.                 }
    296. 

  296. 

  297.                 if (! $isSent) {
    298. 

  298.                     $context['errors'] = $v->getErrorsWithoutType();
    299. 

  299. 

  300.                     $this->c->Log->warning('Passphrase reset: email form, fail', $context);
    301. 

  301.                 }
    302. 

  302. 

  303.                 return $this->c->Message->message(['Forget mail', $this->c->config->o_admin_email], false, 0);
    304. 

  304.             }
    305. 

  305. 

  306.             $this->fIswev = $v->getErrors();
    307. 

  307. 

  308.             $this->c->Log->warning('Passphrase reset: email form, fail', $context);
    309. 

  309. 

  310.             $this->httpStatus = 400;
    311. 

  311.         }
    312. 

  312. 

  313.         $this->hhsLevel   = 'secure';
    314. 

  314.         $this->fIndex     = 'login';
    315. 

  315.         $this->nameTpl    = 'passphrase_reset';
    316. 

  316.         $this->onlinePos  = 'passphrase_reset';
    317. 

  317.         $this->robots     = 'noindex';
    318. 

  318.         $this->titles     = __('Passphrase reset');
    319. 

  319.         $this->form       = $this->formForget($v ? $v->email : $email);
    320. 

  320. 

  321.         return $this;
    322. 

  322.     }
    323. 

  323. 

  324.     /**
    325. 

  325.      * Подготавливает массив данных для формы
    326. 

  326.      */
    327. 

  327.     protected function formForget(string $email): array
    328. 

  328.     {
    329. 

  329.         return [
    330. 

  330.             'action' => $this->c->Router->link('Forget'),
    331. 

  331.             'hidden' => [
    332. 

  332.                 'token' => $this->c->Csrf->create('Forget'),
    333. 

  333.             ],
    334. 

  334.             'sets'   => [
    335. 

  335.                 'forget' => [
    336. 

  336.                     'fields' => [
    337. 

  337.                         'email' => [
    338. 

  338.                             'autofocus' => true,
    339. 

  339.                             'type'      => 'text',
    340. 

  340.                             'maxlength' => '80',
    341. 

  341.                             'value'     => $email,
    342. 

  342.                             'caption'   => __('Email'),
    343. 

  343.                             'help'      => 'Passphrase reset info',
    344. 

  344.                             'required'  => true,
    345. 

  345.                             'pattern'   => '.+@.+',
    346. 

  346.                         ],
    347. 

  347.                     ],
    348. 

  348.                 ],
    349. 

  349.             ],
    350. 

  350.             'btns'   => [
    351. 

  351.                 'submit' => [
    352. 

  352.                     'type'  => 'submit',
    353. 

  353.                     'value' => __('Send email'),
    354. 

  354.                 ],
    355. 

  355.             ],
    356. 

  356.         ];
    357. 

  357.     }
    358. 

  358. 

  359.     /**
    360. 

  360.      * Смена кодовой фразы
    361. 

  361.      */
    362. 

  362.     public function changePass(array $args, string $method): Page
    363. 

  363.     {
    364. 

  364.         if (
    365. 

  365.             ! $this->c->Csrf->verify($args['hash'], 'ChangePassword', $args)
    366. 

  366.             || ! ($user = $this->c->users->load($args['id'])) instanceof User
    367. 

  367.             || ! \hash_equals($user->activate_string, $args['key'])
    368. 

  368.         ) {
    369. 

  369.             $this->c->Log->warning('Passphrase reset: confirmation, fail', [
    370. 

  370.                 'user' => $user instanceof User ? $user->fLog() : $this->user->fLog(),
    371. 

  371.                 'args' => $args,
    372. 

  372.             ]);
    373. 

  373. 

  374.             // что-то пошло не так
    375. 

  375.             return $this->c->Message->message('Bad request', false);
    376. 

  376.         }
    377. 

  377. 

  378.         $this->c->Lang->load('validator');
    379. 

  379.         $this->c->Lang->load('auth');
    380. 

  380. 

  381.         if ('POST' === $method) {
    382. 

  382.             $v = $this->c->Validator->reset()
    383. 

  383.                 ->addRules([
    384. 

  384.                     'token'     => 'token:ChangePassword',
    385. 

  385.                     'password'  => 'required|string|min:16|password',
    386. 

  386.                     'password2' => 'required|same:password',
    387. 

  387.                     'submit'    => 'required|string',
    388. 

  388.                 ])->addAliases([
    389. 

  389.                     'password'  => 'New pass',
    390. 

  390.                     'password2' => 'Confirm new pass',
    391. 

  391.                 ])->addArguments([
    392. 

  392.                     'token' => $args,
    393. 

  393.                 ])->addMessages([
    394. 

  394.                     'password.password'  => 'Pass format',
    395. 

  395.                     'password2.same'     => 'Pass not match',
    396. 

  396.                 ]);
    397. 

  397. 

  398.             $v = $this->c->Test->beforeValidation($v);
    399. 

  399. 

  400.             if ($v->validation($_POST, true)) {
    401. 

  401.                 $user->password        = \password_hash($v->password, \PASSWORD_DEFAULT);
    402. 

  402.                 $user->email_confirmed = 1;
    403. 

  403.                 $user->activate_string = '';
    404. 

  404. 

  405.                 $this->c->users->update($user);
    406. 

  406. 

  407.                 $this->fIswev = ['s', 'Pass updated'];
    408. 

  408. 

  409.                 $this->c->Log->info('Passphrase reset: ok', [
    410. 

  410.                     'user' => $user->fLog(),
    411. 

  411.                 ]);
    412. 

  412. 

  413.                 return $this->login([], 'GET');
    414. 

  414.             }
    415. 

  415. 

  416.             $this->fIswev = $v->getErrors();
    417. 

  417. 

  418.             $this->c->Log->warning('Passphrase reset: change form, fail', [
    419. 

  419.                 'user'   => $user->fLog(),
    420. 

  420.                 'errors' => $v->getErrorsWithoutType(),
    421. 

  421.                 'form'   => $v->getData(false, ['token', 'password', 'password2']),
    422. 

  422.             ]);
    423. 

  423. 

  424.             $this->httpStatus = 400;
    425. 

  425.         }
    426. 

  426.         // активация аккаунта (письмо активации не дошло, заказали восстановление)
    427. 

  427.         if ($user->isUnverified) {
    428. 

  428.             $user->group_id        = $this->c->config->i_default_user_group;
    429. 

  429.             $user->email_confirmed = 1;
    430. 

  430. 

  431.             $this->c->users->update($user);
    432. 

  432. 

  433.             $this->fIswev = ['i', 'Account activated'];
    434. 

  434. 

  435.             $this->c->Log->info('Account activation: ok', [
    436. 

  436.                 'user' => $user->fLog(),
    437. 

  437.             ]);
    438. 

  438.         }
    439. 

  439. 

  440.         $this->hhsLevel   = 'secure';
    441. 

  441.         $this->fIndex     = 'login';
    442. 

  442.         $this->nameTpl    = 'change_passphrase';
    443. 

  443.         $this->onlinePos  = 'change_passphrase';
    444. 

  444.         $this->robots     = 'noindex';
    445. 

  445.         $this->titles     = __('Passphrase reset');
    446. 

  446.         $this->form       = $this->formChange($args);
    447. 

  447. 

  448.         return $this;
    449. 

  449.     }
    450. 

  450. 

  451.     /**
    452. 

  452.      * Подготавливает массив данных для формы
    453. 

  453.      */
    454. 

  454.     protected function formChange(array $args): array
    455. 

  455.     {
    456. 

  456.         return [
    457. 

  457.             'action' => $this->c->Router->link('ChangePassword', $args),
    458. 

  458.             'hidden' => [
    459. 

  459.                 'token' => $this->c->Csrf->create('ChangePassword', $args),
    460. 

  460.             ],
    461. 

  461.             'sets'   => [
    462. 

  462.                 'forget' => [
    463. 

  463.                     'fields' => [
    464. 

  464.                         'password' => [
    465. 

  465.                             'autofocus' => true,
    466. 

  466.                             'type'      => 'password',
    467. 

  467.                             'caption'   => __('New pass'),
    468. 

  468.                             'required'  => true,
    469. 

  469.                             'pattern'   => '^.{16,}$',
    470. 

  470.                         ],
    471. 

  471.                         'password2' => [
    472. 

  472.                             'type'      => 'password',
    473. 

  473.                             'caption'   => __('Confirm new pass'),
    474. 

  474.                             'help'      => 'Passphrase help',
    475. 

  475.                             'required'  => true,
    476. 

  476.                             'pattern'   => '^.{16,}$',
    477. 

  477.                         ],
    478. 

  478.                     ],
    479. 

  479.                 ],
    480. 

  480.             ],
    481. 

  481.             'btns'   => [
    482. 

  482.                 'submit' => [
    483. 

  483.                     'type'  => 'submit',
    484. 

  484.                     'value' => __('Change passphrase'),
    485. 

  485.                 ],
    486. 

  486.             ],
    487. 

  487.         ];
    488. 

  488.     }
    489. 

  489. }
    490.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5