1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
use CMSFactory\Events; |
4
|
|
|
|
5
|
|
|
if (!defined('BASEPATH')) { |
6
|
|
|
exit('No direct script access allowed'); |
7
|
|
|
} |
8
|
|
|
|
9
|
|
|
/* |
10
|
|
|
* Image CMS |
11
|
|
|
* auth.php |
12
|
|
|
*/ |
13
|
|
|
|
14
|
|
|
class Auth extends MY_Controller |
15
|
|
|
{ |
16
|
|
|
|
17
|
|
|
// Used for registering and changing password form validation |
18
|
|
|
public $min_username = 4; |
19
|
|
|
|
20
|
|
|
public $max_username = 150; |
21
|
|
|
|
22
|
|
|
public $min_password = 5; |
23
|
|
|
|
24
|
|
|
public $max_password = 20; |
25
|
|
|
|
26
|
|
|
public $ban_reason = NULL; |
27
|
|
|
|
28
|
|
|
public function __construct() { |
29
|
|
|
parent::__construct(); |
30
|
|
|
|
31
|
|
|
$this->min_password = ($this->config->item('DX_login_min_length')) ? $this->config->item('DX_login_min_length') : $this->min_password; |
32
|
|
|
$this->max_password = ($this->config->item('DX_login_max_length')) ? $this->config->item('DX_login_max_length') : $this->max_password; |
33
|
|
|
|
34
|
|
|
$this->load->language('auth'); |
35
|
|
|
$this->load->helper('url'); |
36
|
|
|
$this->load->library('Form_validation'); |
37
|
|
|
|
38
|
|
|
$lang = new MY_Lang(); |
39
|
|
|
$lang->load('auth'); |
40
|
|
|
} |
41
|
|
|
|
42
|
|
|
public function index() { |
43
|
|
|
$this->login(); |
44
|
|
|
} |
45
|
|
|
|
46
|
|
|
/* Callback functions */ |
47
|
|
|
|
48
|
|
|
public function username_check($username) { |
49
|
|
|
// ($hook = get_hook('auth_username_check')) ? eval($hook) : NULL; |
50
|
|
|
// $result = $this->dx_auth->is_username_available($username); |
51
|
|
|
// if (!$result) { |
52
|
|
|
// $this->form_validation->set_message('username_check', lang("This username is already registered.")); |
53
|
|
|
// } |
54
|
|
|
// if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') |
55
|
|
|
// return $result; |
56
|
|
|
// else |
57
|
|
|
// return $result; |
58
|
|
|
// // return json_encode(array('result' => $result)); |
59
|
|
|
return true; |
60
|
|
|
} |
61
|
|
|
|
62
|
|
|
/** |
63
|
|
|
* @param string $email |
64
|
|
|
* @return bool |
65
|
|
|
*/ |
66
|
|
View Code Duplication |
public function email_check($email) { |
67
|
|
|
$result = $this->dx_auth->is_email_available($email); |
68
|
|
|
if (!$result) { |
69
|
|
|
$this->form_validation->set_message('email_check', lang('A user with this email is already registered.', 'auth')); |
70
|
|
|
} |
71
|
|
|
|
72
|
|
|
return $result; |
73
|
|
|
} |
74
|
|
|
|
75
|
|
|
/** |
76
|
|
|
* @param string $code |
77
|
|
|
* @return bool |
78
|
|
|
*/ |
79
|
|
|
public function captcha_check($code) { |
80
|
|
|
if (!$this->dx_auth->captcha_check($code)) { |
|
|
|
|
81
|
|
|
return FALSE; |
82
|
|
|
} else { |
83
|
|
|
return TRUE; |
84
|
|
|
} |
85
|
|
|
} |
86
|
|
|
|
87
|
|
|
public function validate_username($str) { |
88
|
|
|
// $result = (!preg_match("/^([@.-a-z0-9_-])+$/i", $str)) ? false : true; |
89
|
|
|
// if ($result === false) |
90
|
|
|
// $this->form_validation->set_message('validate_username', lang('Login field can only contain letters, numbers, underscores, dashes, or e-mail address'). '.'); |
91
|
|
|
// return $result; |
92
|
|
|
} |
93
|
|
|
|
94
|
|
View Code Duplication |
public function recaptcha_check() { |
95
|
|
|
$result = $this->dx_auth->is_recaptcha_match(); |
96
|
|
|
if (!$result) { |
97
|
|
|
$this->form_validation->set_message('recaptcha_check', lang('Improper protection code')); |
98
|
|
|
} |
99
|
|
|
|
100
|
|
|
return $result; |
101
|
|
|
} |
102
|
|
|
|
103
|
|
|
/* End of Callback functions */ |
104
|
|
|
|
105
|
|
|
/* |
106
|
|
|
* Login function |
107
|
|
|
*/ |
108
|
|
|
|
109
|
|
|
public function login() { |
110
|
|
|
$this->template->registerMeta('ROBOTS', 'NOINDEX, NOFOLLOW'); |
111
|
|
|
$this->core->set_meta_tags(lang('Authorization', 'auth')); |
112
|
|
|
if (!$this->dx_auth->is_logged_in()) { |
113
|
|
|
$val = $this->form_validation; |
114
|
|
|
|
115
|
|
|
// Set form validation rules |
116
|
|
|
$val->set_rules('email', lang('Email'), 'trim|required|min_length[3]|xss_clean|valid_email'); |
117
|
|
|
$val->set_rules('password', lang('Password'), 'trim|required|min_length[3]|max_length[30]|xss_clean'); |
118
|
|
|
$val->set_rules('remember', 'Remember me', 'integer'); |
119
|
|
|
|
120
|
|
|
// Set captcha rules if login attempts exceed max attempts in config |
121
|
|
View Code Duplication |
if ($this->dx_auth->is_max_login_attempts_exceeded()) { |
122
|
|
|
if ($this->dx_auth->use_recaptcha) { |
123
|
|
|
$val->set_rules('recaptcha_response_field', lang('Code protection', 'auth'), 'trim|xss_clean|required|callback_captcha_check'); |
124
|
|
|
} else { |
125
|
|
|
$val->set_rules('captcha', lang('Code protection', 'auth'), 'trim|required|xss_clean|callback_captcha_check'); |
126
|
|
|
} |
127
|
|
|
} |
128
|
|
|
|
129
|
|
|
if ($val->run($this) AND $this->dx_auth->login($val->set_value('email'), $val->set_value('password'), $val->set_value('remember'))) { |
130
|
|
|
// Redirect to homepage |
131
|
|
|
if (class_exists('ShopCore') && SHOP_INSTALLED) { |
132
|
|
|
ShopCore::app()->SCart->transferCartData(); |
133
|
|
|
} |
134
|
|
|
if ($this->input->server('HTTP_X_REQUESTED_WITH') != 'XMLHttpRequest') { |
135
|
|
|
redirect('', 'location'); |
136
|
|
|
} else { |
137
|
|
|
$this->template->add_array( |
138
|
|
|
[ |
139
|
|
|
'is_logged_in' => $this->dx_auth->is_logged_in(), |
140
|
|
|
'success' => true, |
141
|
|
|
] |
142
|
|
|
); |
143
|
|
|
|
144
|
|
|
$this->template->display('login_popup'); |
145
|
|
|
|
146
|
|
|
} |
147
|
|
|
} else { |
148
|
|
|
$this->template->assign('info_message', $this->dx_auth->get_auth_error()); |
149
|
|
|
|
150
|
|
|
// Check if the user is failed logged in because user is banned user or not |
151
|
|
|
if ($this->dx_auth->is_banned()) { |
152
|
|
|
|
153
|
|
|
// Redirect to banned uri |
154
|
|
|
$this->ban_reason = $this->dx_auth->get_ban_reason(); |
155
|
|
|
$this->banned(); |
156
|
|
|
exit; |
157
|
|
|
} else { |
158
|
|
|
// Default is we don't show captcha until max login attempts eceeded |
159
|
|
|
$data['show_captcha'] = FALSE; |
|
|
|
|
160
|
|
|
|
161
|
|
|
// Show captcha if login attempts exceed max attempts in config |
162
|
|
View Code Duplication |
if ($this->dx_auth->is_max_login_attempts_exceeded()) { |
163
|
|
|
// Create catpcha |
164
|
|
|
$this->dx_auth->captcha(); |
165
|
|
|
$this->template->assign('cap_image', $this->dx_auth->get_captcha_image()); |
166
|
|
|
// Set view data to show captcha on view file |
167
|
|
|
$data['show_captcha'] = TRUE; |
168
|
|
|
} |
169
|
|
|
|
170
|
|
|
// Load login page view |
171
|
|
View Code Duplication |
if ($this->input->server('HTTP_X_REQUESTED_WITH') != 'XMLHttpRequest') { |
172
|
|
|
$this->template->show('login'); |
173
|
|
|
} else { |
174
|
|
|
$this->template->display('login_popup'); |
175
|
|
|
} |
176
|
|
|
} |
177
|
|
|
} |
178
|
|
|
} else { |
179
|
|
|
redirect(site_url(), 301); |
180
|
|
|
|
181
|
|
|
$this->template->assign('content', lang('You are already logged.', 'auth')); |
182
|
|
|
$this->template->show(); |
183
|
|
|
} |
184
|
|
|
} |
185
|
|
|
|
186
|
|
|
public function render_min($name, $data = []) { |
187
|
|
|
$this->template->add_array($data); |
188
|
|
|
return $this->template->display($name . '.tpl'); |
189
|
|
|
} |
190
|
|
|
|
191
|
|
|
public function logout() { |
192
|
|
|
$this->dx_auth->logout(); |
193
|
|
|
|
194
|
|
|
redirect('', 'location'); |
195
|
|
|
} |
196
|
|
|
|
197
|
|
|
public function register() { |
198
|
|
|
$this->core->set_meta_tags(lang('Registration', 'auth')); |
199
|
|
|
$this->template->registerMeta('ROBOTS', 'NOINDEX, NOFOLLOW'); |
200
|
|
|
|
201
|
|
|
$this->load->library('Form_validation'); |
202
|
|
|
if (!$this->dx_auth->is_logged_in() AND $this->dx_auth->allow_registration) { |
203
|
|
|
$val = $this->form_validation; |
204
|
|
|
|
205
|
|
|
// Set form validation rules |
206
|
|
|
$val->set_rules('email', lang('Email', 'auth'), 'trim|required|xss_clean|valid_email|callback_email_check'); |
207
|
|
|
$val->set_rules('username', lang('Name'), 'trim|xss_clean'); |
208
|
|
|
$val->set_rules('password', lang('Password'), 'trim|required|xss_clean|min_length[' . $this->min_password . ']|max_length[' . $this->max_password . ']|matches[confirm_password]'); |
209
|
|
|
$val->set_rules('confirm_password', lang('Repeat Password'), 'trim|required|xss_clean'); |
210
|
|
|
|
211
|
|
|
if (SHOP_INSTALLED) { |
212
|
|
|
/** Проверка по кастомным полям */ |
213
|
|
View Code Duplication |
foreach (ShopCore::app()->CustomFieldsHelper->getCustomFielsdAsArray('user') as $item) { |
214
|
|
|
|
215
|
|
|
if ($item['is_active'] == 1) { |
216
|
|
|
if ($item['is_required'] == 1) { |
217
|
|
|
$val->set_rules('custom_field[' . $item['id'] . ']', lang($item['field_name']), 'trim|xss_clean|required'); |
218
|
|
|
} else { |
219
|
|
|
$val->set_rules('custom_field[' . $item['id'] . ']', lang($item['field_name']), 'trim|xss_clean'); |
220
|
|
|
} |
221
|
|
|
} |
222
|
|
|
} |
223
|
|
|
} |
224
|
|
|
|
225
|
|
View Code Duplication |
if ($this->dx_auth->captcha_registration) { |
226
|
|
|
if ($this->dx_auth->use_recaptcha) { |
227
|
|
|
$val->set_rules('recaptcha_response_field', lang('Code protection', 'auth'), 'trim|xss_clean|required|callback_captcha_check'); |
228
|
|
|
} else { |
229
|
|
|
$val->set_rules('captcha', lang('Code protection', 'auth'), 'trim|xss_clean|required|callback_captcha_check'); |
230
|
|
|
} |
231
|
|
|
} |
232
|
|
|
|
233
|
|
|
// Run form validation and register user if it's pass the validation |
234
|
|
|
$this->load->helper('string'); |
235
|
|
|
$key = random_string('alnum', 5); |
236
|
|
|
if ($val->run($this) AND $last_user = $this->dx_auth->register($val->set_value('username'), $val->set_value('password'), $val->set_value('email'), '', $key, '')) { |
237
|
|
|
// Set success message accordingly |
238
|
|
View Code Duplication |
if ($this->dx_auth->email_activation) { |
239
|
|
|
$data['auth_message'] = lang('You have successfully registered. Please check your email to activate your account.', 'auth'); |
|
|
|
|
240
|
|
|
} else { |
241
|
|
|
$data['auth_message'] = lang('You have successfully registered. ', 'auth') . anchor(site_url($this->dx_auth->login_uri), lang('Login', 'auth')); |
|
|
|
|
242
|
|
|
} |
243
|
|
|
|
244
|
|
|
Events::create()->registerEvent($last_user, 'AuthUser:register'); |
245
|
|
|
Events::create()->runFactory(); |
246
|
|
|
|
247
|
|
|
// Load registration success page |
248
|
|
View Code Duplication |
if ($this->input->server('HTTP_X_REQUESTED_WITH') != 'XMLHttpRequest') { |
249
|
|
|
$this->template->show('register_success'); |
250
|
|
|
exit; |
251
|
|
|
} else { |
252
|
|
|
$this->template->display('register_popup', ['succes' => TRUE]); |
253
|
|
|
} |
254
|
|
|
} else { |
255
|
|
|
|
256
|
|
|
$this->template->assign('info_message', $this->dx_auth->get_auth_error()); |
257
|
|
|
|
258
|
|
|
// Is registration using captcha |
259
|
|
|
if ($this->dx_auth->captcha_registration) { |
260
|
|
|
$this->dx_auth->captcha(); |
261
|
|
|
$this->template->assign('cap_image', $this->dx_auth->get_captcha_image()); |
262
|
|
|
} |
263
|
|
View Code Duplication |
if ($this->input->server('HTTP_X_REQUESTED_WITH') != 'XMLHttpRequest') { |
264
|
|
|
$this->template->show('register'); |
265
|
|
|
} else { |
266
|
|
|
$this->template->display('register_popup'); |
267
|
|
|
} |
268
|
|
|
} |
269
|
|
View Code Duplication |
} elseif (!$this->dx_auth->allow_registration) { |
270
|
|
|
$data['auth_message'] = lang('Registration is prohibited.', 'auth'); |
|
|
|
|
271
|
|
|
|
272
|
|
|
$this->template->assign('content', $data['auth_message']); |
273
|
|
|
$this->template->show(); |
274
|
|
|
} else { |
275
|
|
|
redirect(site_url(), 301); |
276
|
|
|
} |
277
|
|
|
} |
278
|
|
|
|
279
|
|
|
public function activate() { |
280
|
|
|
// Get username and key |
281
|
|
|
$email = $this->uri->segment(3); |
282
|
|
|
$key = $this->uri->segment(4); |
283
|
|
|
|
284
|
|
|
// Activate user |
285
|
|
|
if ($this->dx_auth->activate($email, $key)) { |
286
|
|
|
$data['auth_message'] = lang('Your account has been successfully activated. ', 'auth') . anchor(site_url($this->dx_auth->login_uri), lang('Login', 'auth')); |
|
|
|
|
287
|
|
|
|
288
|
|
|
$this->template->assign('content', $data['auth_message']); |
289
|
|
|
$this->template->show(); |
290
|
|
View Code Duplication |
} else { |
291
|
|
|
$data['auth_message'] = lang('You have provided an incorrect activation code.', 'auth'); |
|
|
|
|
292
|
|
|
|
293
|
|
|
$this->template->assign('content', $data['auth_message']); |
294
|
|
|
$this->template->show(); |
295
|
|
|
} |
296
|
|
|
} |
297
|
|
|
|
298
|
|
|
public function forgot_password() { |
299
|
|
|
$this->core->set_meta_tags(lang('Forgot password', 'auth')); |
300
|
|
|
$this->template->registerMeta('ROBOTS', 'NOINDEX, NOFOLLOW'); |
301
|
|
|
$this->load->library('Form_validation'); |
302
|
|
|
|
303
|
|
|
$val = $this->form_validation; |
304
|
|
|
|
305
|
|
|
// Set form validation rules |
306
|
|
|
$val->set_rules('email', lang('Email'), 'trim|required|xss_clean|valid_email'); |
307
|
|
|
|
308
|
|
|
// Validate rules and call forgot password function |
309
|
|
|
if ($val->run() AND $this->dx_auth->forgot_password($val->set_value('email'))) { |
310
|
|
|
$data['auth_message'] = lang('Please check your email for instructions on how to activate the new password.', 'auth'); |
|
|
|
|
311
|
|
|
$this->template->assign('info_message', $data['auth_message']); |
312
|
|
|
$this->template->assign('success', $data['auth_message']); |
313
|
|
|
} |
314
|
|
|
|
315
|
|
|
if ($this->dx_auth->_auth_error != NULL) { |
316
|
|
|
$this->template->assign('errors', $this->dx_auth->_auth_error); |
317
|
|
|
$this->template->assign('info_message', $this->dx_auth->_auth_error); |
318
|
|
|
} |
319
|
|
|
|
320
|
|
View Code Duplication |
if ($this->input->server('HTTP_X_REQUESTED_WITH') != 'XMLHttpRequest') { |
321
|
|
|
$this->template->show('forgot_password'); |
322
|
|
|
} else { |
323
|
|
|
$this->template->display('forgot_password'); |
324
|
|
|
} |
325
|
|
|
} |
326
|
|
|
|
327
|
|
|
/** |
328
|
|
|
* @return void |
329
|
|
|
*/ |
330
|
|
|
public function reset_password() { |
331
|
|
|
|
332
|
|
|
if ($this->dx_auth->is_logged_in()) { |
333
|
|
|
redirect(site_url('/')); |
334
|
|
|
} |
335
|
|
|
|
336
|
|
|
// Get username and key |
337
|
|
|
$email = $this->uri->segment(3); |
338
|
|
|
$key = $this->uri->segment(4); |
339
|
|
|
|
340
|
|
|
// Reset password |
341
|
|
|
if ($this->dx_auth->reset_password($email, $key)) { |
342
|
|
|
$data['auth_message'] = lang('You have successfully zeroed my password. ', 'auth'); |
|
|
|
|
343
|
|
|
|
344
|
|
|
$this->template->assign('auth_message', $data['auth_message']); |
345
|
|
View Code Duplication |
if ($this->input->server('HTTP_X_REQUESTED_WITH') != 'XMLHttpRequest') { |
346
|
|
|
$this->template->show('reset_password'); |
347
|
|
|
} else { |
348
|
|
|
$this->template->display('reset_password'); |
349
|
|
|
} |
350
|
|
|
} else { |
351
|
|
|
$data['auth_message'] = lang('Reset failed. Possible reasons: wrong email, wrong restore url, used restore url', 'auth'); |
|
|
|
|
352
|
|
|
|
353
|
|
|
$this->template->assign('auth_message', $data['auth_message']); |
354
|
|
View Code Duplication |
if ($this->input->server('HTTP_X_REQUESTED_WITH') != 'XMLHttpRequest') { |
355
|
|
|
$this->template->show('reset_password'); |
356
|
|
|
} else { |
357
|
|
|
$this->template->display('reset_password'); |
358
|
|
|
} |
359
|
|
|
} |
360
|
|
|
} |
361
|
|
|
|
362
|
|
|
public function change_password() { |
363
|
|
|
$this->load->library('Form_validation'); |
364
|
|
|
|
365
|
|
|
// Check if user logged in or not |
366
|
|
|
if ($this->dx_auth->is_logged_in()) { |
367
|
|
|
$val = $this->form_validation; |
368
|
|
|
|
369
|
|
|
// Set form validation |
370
|
|
|
$val->set_rules('old_password', lang('Old Password', 'auth'), 'trim|required|xss_clean|min_length[' . $this->min_password . ']|max_length[' . $this->max_password . ']'); |
371
|
|
|
$val->set_rules('new_password', lang('The new password', 'auth'), 'trim|required|xss_clean|min_length[' . $this->min_password . ']|max_length[' . $this->max_password . ']|matches[confirm_new_password]'); |
372
|
|
|
$val->set_rules('confirm_new_password', lang('Repeat new password', 'auth'), 'trim|required|xss_clean'); |
373
|
|
|
|
374
|
|
|
// Validate rules and change password |
375
|
|
|
if ($val->run() AND $res = $this->dx_auth->change_password($val->set_value('old_password'), $val->set_value('new_password'))) { |
376
|
|
|
$data['auth_message'] = lang('Your password was successfully changed.', 'auth'); |
|
|
|
|
377
|
|
|
$this->template->assign('content', $data['auth_message']); |
378
|
|
|
$this->template->show(); |
379
|
|
|
} else { |
380
|
|
|
if ($this->input->post() && !$res) { |
381
|
|
|
$this->template->assign('info_message', lang('Field Old password is not correct', 'auth')); |
382
|
|
|
} |
383
|
|
|
$this->core->set_meta_tags(lang('Change password', 'auth')); |
384
|
|
|
$this->template->show('change_password'); |
385
|
|
|
} |
386
|
|
|
} else { |
387
|
|
|
// Redirect to login page |
388
|
|
|
$this->dx_auth->deny_access('login'); |
389
|
|
|
} |
390
|
|
|
} |
391
|
|
|
|
392
|
|
|
public function cancel_account() { |
393
|
|
|
$this->load->library('Form_validation'); |
394
|
|
|
|
395
|
|
|
// Check if user logged in or not |
396
|
|
|
if ($this->dx_auth->is_logged_in()) { |
397
|
|
|
$val = $this->form_validation; |
398
|
|
|
|
399
|
|
|
// Set form validation rules |
400
|
|
|
$val->set_rules('password', lang('Password', 'auth'), 'trim|required|xss_clean'); |
401
|
|
|
|
402
|
|
|
// Validate rules and change password |
403
|
|
|
if ($val->run() AND $this->dx_auth->cancel_account($val->set_value('password'))) { |
404
|
|
|
// Redirect to homepage |
405
|
|
|
redirect('', 'location'); |
406
|
|
|
} |
407
|
|
|
} else { |
408
|
|
|
// Redirect to login page |
409
|
|
|
$this->dx_auth->deny_access('login'); |
410
|
|
|
} |
411
|
|
|
} |
412
|
|
|
|
413
|
|
|
/* |
414
|
|
|
* Deny access |
415
|
|
|
*/ |
416
|
|
|
|
417
|
|
|
public function deny() { |
418
|
|
|
\CMSFactory\assetManager::create() |
419
|
|
|
->setData('content', lang('You are not allowed to view the page.', 'auth')) |
420
|
|
|
->render('deny', FALSE); |
421
|
|
|
|
422
|
|
|
} |
423
|
|
|
|
424
|
|
|
public function banned() { |
425
|
|
|
echo lang('Your account has been blocked.', 'auth'); |
426
|
|
|
|
427
|
|
|
if ($this->ban_reason != NULL) { |
428
|
|
|
echo '<br/>' . $this->ban_reason; |
429
|
|
|
} |
430
|
|
|
} |
431
|
|
|
|
432
|
|
|
} |
433
|
|
|
|
434
|
|
|
/* End of file auth.php */ |