Skip to content

Commit

Permalink
Merge pull request #35 from OnePlc/1.0.28-dev
Browse files Browse the repository at this point in the history 
1.0.28 dev
  • Loading branch information
@Praesidiarius
Praesidiarius authored Apr 12, 2021
2 parents 4df18df + 041c8d7 commit ee85602
Show file tree
Hide file tree
Showing 9 changed files with 283 additions and 21 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ All notable changes to oneplace-event will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [1.0.28] -

### Added

## [1.0.27] - 2021-04-01

### Fixed
Expand Down
2 changes: 1 addition & 1 deletion composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"description": "onePlace User Module",
"type": "oneplace-module",
"license": "BSD-3-Clause",
"version": "1.0.27",
"version": "1.0.28",
"keywords": [
"laminas",
"mvc",
Expand Down
11 changes: 11 additions & 0 deletions data/structure.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,17 @@ ALTER TABLE `user_registration`
ALTER TABLE `user_registration`
MODIFY `Registration_ID` int(11) NOT NULL AUTO_INCREMENT;

CREATE TABLE `user_session` (
`user_idfs` int(11) NOT NULL,
`ipaddress` varchar(30) NOT NULL,
`browser` text NOT NULL,
`date_created` datetime NOT NULL,
`date_last_login` datetime NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

ALTER TABLE `user_session`
ADD PRIMARY KEY (`user_idfs`);

--
-- Save
--
Expand Down
253 changes: 235 additions & 18 deletions src/Controller/AuthController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
use Laminas\Db\TableGateway\TableGateway;
use Laminas\Session\Container;
use Laminas\Math\Rand;
use Laminas\Http\ClientStatic;

class AuthController extends CoreController
{
Expand Down Expand Up @@ -59,7 +60,37 @@ public function __construct(AdapterInterface $oDbAdapter, UserTable $oTableGatew
*/
public function loginAction()
{
$this->layout('layout/login');
$oResolver = $this->getEvent()
->getApplication()
->getServiceManager()
->get('Laminas\View\Resolver\TemplatePathStack');

if (false === $oResolver->resolve('layout/login_custom')) {
$this->layout('layout/login');
} else {
$this->layout('layout/login_custom');
}

if(isset($_REQUEST['g-recaptcha-response'])) {
$response = ClientStatic::post(
'https://www.google.com/recaptcha/api/siteverify', [
'secret' => CoreController::$aGlobalSettings['recaptcha-secret-login'],
'response' => $_REQUEST['g-recaptcha-response']
]);

$iStatus = $response->getStatusCode();
$sRespnse = $response->getBody();

$oJson = json_decode($sRespnse);

if(!$oJson->success) {
$this->layout()->sErrorMessage = 'Please solve Captcha';
# Show Login Form
return new ViewModel([
'sErrorMessage' => 'Please solve Captcha',
]);
}
}

# Check if user is already logged in
if (isset(CoreController::$oSession->oUser)) {
Expand All @@ -73,6 +104,8 @@ public function loginAction()
# Get User from Login Form
$sUser = $oRequest->getPost('plc_login_user');

$oMetricTbl = new TableGateway('core_metric', CoreController::$oDbAdapter);

try {
# Try Login by E-Mail
$oUser = $this->oTableGateway->getSingle($sUser, 'email');
Expand All @@ -81,6 +114,14 @@ public function loginAction()
# Try Login by Username
$oUser = $this->oTableGateway->getSingle($sUser, 'username');
} catch (\Exception $e) {
$oMetricTbl->insert([
'user_idfs' => 0,
'action' => 'login',
'type' => 'error',
'date' => date('Y-m-d H:i:s', time()),
'comment' => 'user not found ('.$sUser.')',
]);
$this->layout()->sErrorMessage = $e->getMessage();
# Show Login Form
return new ViewModel([
'sErrorMessage' => $e->getMessage(),
Expand All @@ -91,6 +132,14 @@ public function loginAction()
# Check Password
$sPasswordForm = $oRequest->getPost('plc_login_pass');
if (! password_verify($sPasswordForm, $oUser->password)) {
$oMetricTbl->insert([
'user_idfs' => $oUser->getID(),
'action' => 'login',
'type' => 'error',
'date' => date('Y-m-d H:i:s', time()),
'comment' => 'wrong password',
]);
$this->layout()->sErrorMessage = 'Wrong password';
# Show Login Form
return new ViewModel([
'sErrorMessage' => 'Wrong password',
Expand Down Expand Up @@ -182,7 +231,45 @@ public function loginAction()
# Add XP for successful login
$oUser->addXP('login');

return $this->redirect()->toRoute('app-home');
$oMetricTbl->insert([
'user_idfs' => $oUser->getID(),
'action' => 'login',
'type' => 'success',
'date' => date('Y-m-d H:i:s', time()),
'comment' => '',
]);

if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$sIpAddr = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$sIpAddr = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$sIpAddr = $_SERVER['REMOTE_ADDR'];
}
$oSessTbl = new TableGateway('user_session', CoreController::$oDbAdapter);
$oCheckSess = $oSessTbl->select([
'user_idfs' => $oUser->getID(),
'ipaddress' => strip_tags($sIpAddr),
]);
if(count($oCheckSess) == 0) {
# todo: add security email check
$oSessTbl->insert([
'user_idfs' => $oUser->getID(),
'ipaddress' => strip_tags($sIpAddr),
'browser' => json_encode(getallheaders()),
'date_created' => date('Y-m-d H:i:s', time()),
'date_last_login' => date('Y-m-d H:i:s', time()),
]);
} else {
$oSessTbl->update([
'date_last_login' => date('Y-m-d H:i:s', time()),
]);
}

$sLoginRoute = (isset(CoreController::$aGlobalSettings['login-route']))
? CoreController::$aGlobalSettings['login-route'] : 'app-home';

return $this->redirect()->toRoute($sLoginRoute);
} else {
# Show Login Form
return new ViewModel();
Expand Down Expand Up @@ -422,7 +509,16 @@ public function resetAction()
}

public function signupAction() {
$this->layout('layout/signup');
$oResolver = $this->getEvent()
->getApplication()
->getServiceManager()
->get('Laminas\View\Resolver\TemplatePathStack');

if (false === $oResolver->resolve('layout/signup_custom')) {
$this->layout('layout/signup');
} else {
$this->layout('layout/signup_custom');
}

$oRequest = $this->getRequest();

Expand Down Expand Up @@ -481,40 +577,140 @@ public function signupAction() {
//$sStreet = $oRequest->getPost('plc_account_street');
//$sStreetNr = $oRequest->getPost('plc_account_street_nr');

if($sEmail == '') {
$this->layout()->sErrorMessage = 'Please provide a valid email address';
return new ViewModel();
} else {
$bCheck = true;
# blacklist check
if(isset(CoreController::$aGlobalSettings['username-blacklist'])) {
$aBlacklist = json_decode(CoreController::$aGlobalSettings['username-blacklist']);
foreach($aBlacklist as $sBlackText) {
if(stripos(strtolower($sEmail),$sBlackText) === false) {

} else {
$bCheck = false;
}
}
if(!$bCheck) {
$this->layout()->sErrorMessage = 'Please provide a valid email address';
return new ViewModel();
}
}
# check if user already exists
try {
$oUser = $this->oTableGateway->getSingle($sEmail, 'email');
$this->layout()->sErrorMessage = 'There is already an account with that e-mail address';
return new ViewModel();
} catch(\RuntimeException $e) {
}
}

if($sLastname == '') {
$this->layout()->sErrorMessage = 'Please provide a valid username';
return new ViewModel();
} else {
$bCheck = true;
# blacklist check
if(isset(CoreController::$aGlobalSettings['username-blacklist'])) {
$aBlacklist = json_decode(CoreController::$aGlobalSettings['username-blacklist']);
foreach($aBlacklist as $sBlackText) {
if(stripos(strtolower($sLastname),$sBlackText) === false) {

} else {
$bCheck = false;
}
}
if(!$bCheck) {
$this->layout()->sErrorMessage = 'Please provide a valid email username';
return new ViewModel();
}
}
# check if user already exists
try {
$oUser = $this->oTableGateway->getSingle($sLastname, 'email');
$this->layout()->sErrorMessage = 'There is already an account with that username';
return new ViewModel();
} catch(\RuntimeException $e) {
}
}

if($sPass == '' || $sPassRep == '') {
$this->layout()->sErrorMessage = 'Please provide a valid password';
return new ViewModel();
}

if($sPass !== $sPassRep) {
$this->layout()->sErrorMessage = 'Passwords do not match';
return new ViewModel();
}

if(isset($_REQUEST['g-recaptcha-response'])) {
$response = ClientStatic::post(
'https://www.google.com/recaptcha/api/siteverify', [
'secret' => CoreController::$aGlobalSettings['recaptcha-secret-login'],
'response' => $_REQUEST['g-recaptcha-response']
]);

$iStatus = $response->getStatusCode();
$sRespnse = $response->getBody();

$oJson = json_decode($sRespnse);

if(!$oJson->success) {
$this->layout()->sErrorMessage = 'Please solve Captcha';
# Show Login Form
return new ViewModel();
}
}

$bAgree = false;
if(isset($_REQUEST['plc_account_terms'])) {
if($_REQUEST['plc_account_terms'] == 'agree') {
$bAgree = true;
}
}
if(!$bAgree) {
$this->layout()->sErrorMessage = 'You must agree to our terms and conditions';
# Show Login Form
return new ViewModel();
}

/**
* Create User
*/
$sTheme = 'default';
if(isset(CoreController::$aGlobalSettings['default-theme'])) {
$sTheme = CoreController::$aGlobalSettings['default-theme'];
}
$sLang = 'en_US';
if(isset(CoreController::$aGlobalSettings['default-lang'])) {
$sLang = CoreController::$aGlobalSettings['default-lang'];
}
$oNewUser = $this->oTableGateway->generateNew();
$aDefSettings = [
'lang' => 'de_DE',
'theme' => 'vuze',
'lang' => $sLang,
'theme' => $sTheme,
];
$aUserData = [
'username' => str_replace([' '],['.'],strtolower($sLastname)),
'full_name' => $sLastname,
'email' => $sEmail,
'password' => password_hash($sPass, PASSWORD_DEFAULT),
];
if(isset(CoreController::$oSession->oRefUser)) {
$aUserData['ref_user_idfs'] = CoreController::$oSession->oRefUser->getID();
}
$aUserData = array_merge($aUserData,$aDefSettings);
$oNewUser->exchangeArray($aUserData);
$iNewUserID = $this->oTableGateway->saveSingle($oNewUser);

if(isset($_FILES['plc_account_profile'])) {
if(!is_dir($_SERVER['DOCUMENT_ROOT'].'/data/profile/'.$iNewUserID)) {
mkdir($_SERVER['DOCUMENT_ROOT'].'/data/profile/'.$iNewUserID);
}
move_uploaded_file($_FILES['plc_account_profile']['tmp_name'],$_SERVER['DOCUMENT_ROOT'].'/data/profile/'.$iNewUserID.'/avatar.png');
}

$oLoginUser = $this->oTableGateway->getSingle($iNewUserID);

/**
* Add Permissions
*/
$aUserPermissions = [
(object)['permission' => 'index', 'module' => 'Application\Controller\IndexController'],
(object)['permission' => 'profile', 'module' => 'OnePlace\User\Controller\UserController'],
(object)['permission' => 'upgrade', 'module' => 'OnePlace\Stockchart\Controller\StockchartController'],
];
$oUserPermTbl = new TableGateway('user_permission', CoreController::$oDbAdapter);
$oRegisterTbl = new TableGateway('user_registration', CoreController::$oDbAdapter);
Expand All @@ -530,7 +726,7 @@ public function signupAction() {
* Add Widgets
*/
$aUserWidgets = [
(object)['name' => 'echoapp_start'],
(object)['name' => ''],
];
$oUserWidgetTbl = new TableGateway('core_widget_user', CoreController::$oDbAdapter);
$oWidgetTbl = new TableGateway('core_widget', CoreController::$oDbAdapter);
Expand All @@ -544,13 +740,34 @@ public function signupAction() {
}
}

$oRegisterTbl->delete(['user_email' => $sEmail]);
//$oRegisterTbl->delete(['user_email' => $sEmail]);

# Login Successful - redirect to Dashboard
CoreController::$oSession->oUser = $oLoginUser;

$this->flashMessenger()->addSuccessMessage('Account created, please login');

# Success Message and back to settings
return $this->redirect()->toRoute('home');
$sLoginRoute = 'app-home';
if(isset(CoreController::$aGlobalSettings['login-route'])) {
$sLoginRoute = CoreController::$aGlobalSettings['login-route'];
}
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$sIpAddr = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$sIpAddr = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$sIpAddr = $_SERVER['REMOTE_ADDR'];
}
$oSessTbl = new TableGateway('user_session', CoreController::$oDbAdapter);
$oSessTbl->insert([
'user_idfs' => $oLoginUser->getID(),
'ipaddress' => strip_tags($sIpAddr),
'browser' => json_encode(getallheaders()),
'date_created' => date('Y-m-d H:i:s', time()),
'date_last_login' => date('Y-m-d H:i:s', time()),
]);
return $this->redirect()->toRoute($sLoginRoute);
} else {
/**
* Registration Step 1
Expand Down
Loading

0 comments on commit ee85602

Please sign in to comment.