PageRenderTime 51ms CodeModel.GetById 29ms RepoModel.GetById 0ms app.codeStats 0ms

/modules/Cockpit/Controller/Auth.php

https://github.com/agentejo/cockpit
PHP | 166 lines | 107 code | 51 blank | 8 comment | 25 complexity | f867ae47d3682f4a4593a749d0402e34 MD5 | raw file
Possible License(s): MIT, BSD-3-Clause, Apache-2.0, LGPL-2.1 
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * This file is part of the Cockpit project.
    4. 

  4.  *
    5. 

  5.  * (c) Artur Heinze - πŸ…°πŸ…ΆπŸ…΄πŸ…½πŸ†ƒπŸ…΄πŸ…ΉπŸ…Ύ, http://agentejo.com
    6. 

  6.  *
    7. 

  7.  * For the full copyright and license information, please view the LICENSE
    8. 

  8.  * file that was distributed with this source code.
    9. 

  9.  */
    10. 

  10. 

  11. namespace Cockpit\Controller;
    12. 

  12. 

  13. class Auth extends \LimeExtra\Controller {
    14. 

  14. 

  15. 

  16.     public function check() {
    17. 

  17. 

  18.         if ($data = $this->param('auth')) {
    19. 

  19. 

  20.             if (isset($data['user']) && $this->app->helper('utils')->isEmail($data['user'])) {
    21. 

  21.                 $data['email'] = $data['user'];
    22. 

  22.                 $data['user']  = '';
    23. 

  23.             }
    24. 

  24. 

  25.             if (!$this->app->helper('csfr')->isValid('login', $this->param('csfr'), true)) {
    26. 

  26.                 $this->app->trigger('cockpit.authentication.failed', [$data, 'Csfr validation failed']);
    27. 

  27.                 return ['success' => false, 'error' => 'Csfr validation failed'];
    28. 

  28.             }
    29. 

  29. 

  30.             $user = $this->module('cockpit')->authenticate($data);
    31. 

  31. 

  32.             if ($user && !$this->module('cockpit')->hasaccess('cockpit', 'backend', @$user['group'])) {
    33. 

  33.                 $user = null;
    34. 

  34.             }
    35. 

  35. 

  36.             if ($user) {
    37. 

  37.                 $this->app->trigger('cockpit.authentication.success', [&$user]);
    38. 

  38.                 $this->module('cockpit')->setUser($user);
    39. 

  39.             } else {
    40. 

  40.                 $this->app->trigger('cockpit.authentication.failed', [$data, 'User not found']);
    41. 

  41.             }
    42. 

  42. 

  43.             if ($this->app->request->is('ajax')) {
    44. 

  44.                 return $user ? ['success' => true, 'user' => $user, 'avatar'=> md5($user['email'])] : ['success' => false, 'error' => 'User not found'];
    45. 

  45.             } else {
    46. 

  46.                 $this->reroute('/');
    47. 

  47.             }
    48. 

  48. 

  49.         }
    50. 

  50. 

  51.         return false;
    52. 

  52.     }
    53. 

  53. 

  54. 

  55.     public function login() {
    56. 

  56. 

  57.         $redirectTo = '/';
    58. 

  58. 

  59.         if ($this->param('to') && \substr($this->param('to'), 0, 1) == '/') {
    60. 

  60.             $redirectTo = $this->param('to');
    61. 

  61.         }
    62. 

  62. 

  63.         return $this->render('cockpit:views/layouts/login.php', compact('redirectTo'));
    64. 

  64.     }
    65. 

  65. 

  66.     public function logout() {
    67. 

  67. 

  68.         $this->module('cockpit')->logout();
    69. 

  69. 

  70.         if ($this->app->request->is('ajax')) {
    71. 

  71.             return ['logout' => true];
    72. 

  72.         } else {
    73. 

  73.             $this->reroute('/auth/login?logout=1');
    74. 

  74.         }
    75. 

  75.     }
    76. 

  76. 

  77.     public function forgotpassword() {
    78. 

  78. 

  79.         return $this->render('cockpit:views/layouts/forgotpassword.php');
    80. 

  80.     }
    81. 

  81. 

  82.     public function requestreset() {
    83. 

  83. 

  84.         if ($user = $this->param('user')) {
    85. 

  85. 

  86.             $query = ['active' => true];
    87. 

  87. 

  88.             if ($this->app->helper('utils')->isEmail($user)) {
    89. 

  89.                 $query['email'] = $user;
    90. 

  90.             } else {
    91. 

  91.                 $query['user'] = $user;
    92. 

  92.             }
    93. 

  93. 

  94.             $user = $this->app->storage->findOne('cockpit/accounts', $query);
    95. 

  95. 

  96.             if (!$user) {
    97. 

  97.                 return $this->stop(['error' => $this('i18n')->get('User does not exist')], 404);
    98. 

  98.             }
    99. 

  99. 

  100.             $token  = uniqid('rp-'.bin2hex(random_bytes(16)));
    101. 

  101.             $target = $this->app->param('', $this->app->getSiteUrl(true).'/auth/newpassword');
    102. 

  102.             $data   = ['_id' => $user['_id'], '_reset_token' => $token];
    103. 

  103. 

  104.             $this->app->storage->save('cockpit/accounts', $data);
    105. 

  105.             $message = $this->app->view('cockpit:emails/recover.php', compact('user','token','target'));
    106. 

  106. 

  107.             try {
    108. 

  108.                 $response = $this->app->mailer->mail(
    109. 

  109.                     $user['email'],
    110. 

  110.                     $this->param('subject', $this->app->getSiteUrl().' - '.$this('i18n')->get('Password Recovery')),
    111. 

  111.                     $message
    112. 

  112.                 );
    113. 

  113.             } catch (\Exception $e) {
    114. 

  114.                 $response = $e->getMessage();
    115. 

  115.             }
    116. 

  116. 

  117.             if ($response !== true) {
    118. 

  118.                 return $this->stop(['error' => $this('i18n')->get($response)], 404);
    119. 

  119.             }
    120. 

  120. 

  121.             return ['message' => $this('i18n')->get('Recovery email sent')];
    122. 

  122.         }
    123. 

  123. 

  124.         return $this->stop(['error' => $this('i18n')->get('User required')], 412);
    125. 

  125.     }
    126. 

  126. 

  127.     public function newpassword() {
    128. 

  128. 

  129.         if ($token = $this->param('token')) {
    130. 

  130. 

  131.             $user = $this->app->storage->findOne('cockpit/accounts', ['_reset_token' => $token]);
    132. 

  132. 

  133.             if (!$user) {
    134. 

  134.                 return false;
    135. 

  135.             }
    136. 

  136. 

  137.             $user['md5email'] = md5($user['email']);
    138. 

  138. 

  139.             return $this->render('cockpit:views/layouts/newpassword.php', compact('user', 'token'));
    140. 

  140.         }
    141. 

  141. 

  142.         return false;
    143. 

  143. 

  144.     }
    145. 

  145. 

  146.     public function resetpassword() {
    147. 

  147. 

  148.         if ($token = $this->param('token')) {
    149. 

  149. 

  150.             $user = $this->app->storage->findOne('cockpit/accounts', ['_reset_token' => $token]);
    151. 

  151.             $password = trim($this->param('password'));
    152. 

  152. 

  153.             if (!$user || !$password) {
    154. 

  154.                 return false;
    155. 

  155.             }
    156. 

  156. 

  157.             $data = ['_id' => $user['_id'], 'password' =>$this->app->hash($password), '_reset_token' => null];
    158. 

  158. 

  159.             $this->app->storage->save('cockpit/accounts', $data);
    160. 

  160. 

  161.             return ['success' => true, 'message' => $this('i18n')->get('Password updated')];
    162. 

  162.         }
    163. 

  163. 

  164.         return $this->stop(['error' => $this('i18n')->get('Token required')], 412);
    165. 

  165.     }
    166. 

  166. }
    167. 

  167.