assign('users', Users::$users->select(null, 'all')) ->display(); } /** * Get user profile */ public static function getProfile($id) { View::factory('box/users/views/frontend/profile') ->assign('user', Users::$users->select("[id=".(int) $id."]", null)) ->display(); } /** * Get New User Registration */ public static function getRegistration() { if (Option::get('users_frontend_registration') == 'true') { // Is User Loged in ? if ( ! Session::get('user_id')) { $errors = array(); $user_email = Request::post('email'); $user_login = Request::post('login'); $user_password = Request::post('password'); // Register form submit if (Request::post('register')) { // Check csrf if (Security::check(Request::post('csrf'))) { $user_email = trim($user_email); $user_login = trim($user_login); $user_password = trim($user_password); if (Option::get('captcha_installed') == 'true' && ! CryptCaptcha::check(Request::post('answer'))) $errors['users_captcha_wrong'] = __('Captcha code is wrong', 'captcha'); if ($user_login == '') $errors['users_empty_login'] = __('Required field', 'users'); if ($user_password == '') $errors['users_empty_password'] = __('Required field', 'users'); if ($user_email == '') $errors['users_empty_email'] = __('Required field', 'users'); if ($user_email != '' && ! Valid::email($user_email)) $errors['users_invalid_email'] = __('User email is invalid', 'users'); if (Users::$users->select("[login='".$user_login."']")) $errors['users_this_user_alredy_exists'] = __('This user alredy exist', 'users'); if (Users::$users->select("[email='".$user_email."']")) $errors['users_this_email_alredy_exists'] = __('This email alredy exist', 'users'); if (count($errors) == 0) { Users::$users->insert(array('login' => Security::safeName($user_login), 'password' => Security::encryptPassword(Request::post('password')), 'email' => Request::post('email'), 'hash' => Text::random('alnum', 12), 'date_registered' => time(), 'role' => 'user')); // Log in $user = Users::$users->select("[id='".Users::$users->lastId()."']", null); Session::set('user_id', (int) $user['id']); Session::set('user_login', (string) $user['login']); Session::set('user_role', (string) $user['role']); // Message $message = View::factory('box/users/views/frontend/registration_email') ->assign('site_name', Option::get('sitename')) ->assign('user_login', $user['login']) ->render(); // Send @mail($user['email'], Option::get('sitename'), $message); // Redirect to user profile Request::redirect(Option::get('siteurl').'users/'.Users::$users->lastId()); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } // Display view View::factory('box/users/views/frontend/registration') ->assign('errors', $errors) ->assign('user_email', $user_email) ->assign('user_login', $user_login) ->assign('user_password', $user_password) ->display(); } else { Request::redirect(Site::url().'users/'.Session::get('user_id')); } } else { echo __('User registration is closed.', 'users'); } } /** * Get user panel */ public static function getPanel() { View::factory('box/users/views/frontend/userspanel')->display(); } /** * Is User Loged */ public static function isLoged() { if ((Session::get('user_id')) and (((int) Session::get('user_id') == Uri::segment(1)) or (in_array(Session::get('user_role'), array('admin'))))) { return true; } else { return false; } } /** * Logout */ public static function logout() { Session::destroy(); Request::redirect($_SERVER["HTTP_REFERER"]); } /** * Edit user profile */ public static function getProfileEdit($id) { // Is Current User Loged in ? if (Users::isLoged()) { $user = Users::$users->select("[id='".(int) $id."']", null); // Edit Profile Submit if (Request::post('edit_profile')) { // Check csrf if (Security::check(Request::post('csrf'))) { if (Security::safeName(Request::post('login')) != '') { if (Users::$users->update(Request::post('user_id'), array('login' => Security::safeName(Request::post('login')), 'firstname' => Request::post('firstname'), 'lastname' => Request::post('lastname'), 'email' => Request::post('email'), 'skype' => Request::post('skype'), 'about_me' => Request::post('about_me'), 'twitter' => Request::post('twitter')))) { // Change password if (trim(Request::post('new_password')) != '') { Users::$users->update(Request::post('user_id'), array('password' => Security::encryptPassword(trim(Request::post('new_password'))))); } Notification::set('success', __('Your changes have been saved.', 'users')); Request::redirect(Site::url().'users/'.$user['id']); } } else { } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } View::factory('box/users/views/frontend/edit') ->assign('user', $user) ->display(); } else { Request::redirect(Site::url().'users/login'); } } /** * Get Password Reset */ public static function getPasswordReset() { // Is User Loged in ? if ( ! Session::get('user_id')) { $errors = array(); $site_url = Option::get('siteurl'); $site_name = Option::get('sitename'); // Reset Password from hash if (Request::get('hash')) { // Get user with specific hash $user = Users::$users->select("[hash='" . Request::get('hash') . "']", null); // If user exists if ((count($user) > 0) && ($user['hash'] == Request::get('hash'))) { // Generate new password $new_password = Text::random('alnum', 6); // Update user profile // Set new hash and new password Users::$users->updateWhere("[login='" . $user['login'] . "']", array('hash' => Text::random('alnum', 12), 'password' => Security::encryptPassword($new_password))); // Message $message = View::factory('box/users/views/frontend/new_password_email') ->assign('site_url', $site_url) ->assign('site_name', $site_name) ->assign('user_id', $user['id']) ->assign('user_login', $user['login']) ->assign('new_password', $new_password) ->render(); // Send @mail($user['email'], __('Your new password for :site_name', 'users', array(':site_name' => $site_name)), $message); // Set notification Notification::set('success', __('New password has been sent', 'users')); // Redirect to password-reset page Request::redirect(Site::url().'users/password-reset'); } } // Reset Password Form Submit if (Request::post('reset_password_submit')) { $user_login = trim(Request::post('login')); // Check csrf if (Security::check(Request::post('csrf'))) { if (Option::get('captcha_installed') == 'true' && ! CryptCaptcha::check(Request::post('answer'))) $errors['users_captcha_wrong'] = __('Captcha code is wrong', 'users'); if ($user_login == '') $errors['users_empty_field'] = __('Required field', 'users'); if ($user_login != '' && ! Users::$users->select("[login='".$user_login."']")) $errors['users_user_doesnt_exists'] = __('This user doesnt exist', 'users'); if (count($errors) == 0) { // Get user $user = Users::$users->select("[login='" . $user_login . "']", null); // Generate new hash $new_hash = Text::random('alnum', 12); // Update user hash Users::$users->updateWhere("[login='" . $user_login . "']", array('hash' => $new_hash)); // Message $message = View::factory('box/users/views/frontend/reset_password_email') ->assign('site_url', $site_url) ->assign('site_name', $site_name) ->assign('user_id', $user['id']) ->assign('user_login', $user['login']) ->assign('new_hash', $new_hash) ->render(); // Send @mail($user['email'], __('Your login details for :site_name', 'users', array(':site_name' => $site_name)), $message); // Set notification Notification::set('success', __('Your login details for :site_name has been sent', 'users', array(':site_name' => $site_name))); // Redirect to password-reset page Request::redirect(Site::url().'users/password-reset'); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } View::factory('box/users/views/frontend/password_reset') ->assign('errors', $errors) ->assign('user_login', trim(Request::post('login'))) ->display(); } } /** * Get User login */ public static function getLogin() { // Is User Loged in ? if ( ! Session::get('user_id')) { // Login Form Submit if (Request::post('login_submit')) { // Check csrf if (Security::check(Request::post('csrf'))) { $user = Users::$users->select("[login='" . trim(Request::post('username')) . "']", null); if (count($user) !== 0) { if ($user['login'] == Request::post('username')) { if (trim($user['password']) == Security::encryptPassword(Request::post('password'))) { if ($user['role'] == 'admin' || $user['role'] == 'editor') { Session::set('admin', true); } Session::set('user_id', (int) $user['id']); Session::set('user_login', (string) $user['login']); Session::set('user_role', (string) $user['role']); Request::redirect(Site::url().'users/'.Session::get('user_id')); } else { Notification::setNow('error', __('Wrong username or password', 'users')); } } } else { Notification::setNow('error', __('Wrong username or password', 'users')); } } else { die('Request was denied because it contained an invalid security token. Please refresh the page and try again.'); } } View::factory('box/users/views/frontend/login')->display(); } else { Request::redirect(Site::url().'users/'.Session::get('user_id')); } } /** * Set title */ public static function title() { switch (Users::route()) { case 'list': return __('Users', 'users'); break; case 'profile': return __('Users - Profile', 'users'); break; case 'edit': return __('Users - Edit Profile', 'users'); break; case 'login': return __('Users - Login', 'users'); break; case 'registration': return __('Users - Registration', 'users'); break; case 'password-reset': return __('Users - Password Recover', 'users'); break; } } /** * Set content */ public static function content() { switch (Users::route()) { case 'list': Users::getList(); break; case 'profile': Users::getProfile(Uri::segment(1)); break; case 'edit': Users::getProfileEdit(Uri::segment(1)); break; case 'login': Users::getLogin(); break; case 'registration': Users::getRegistration(); break; case 'password-reset': Users::getPasswordReset(); break; } } /** * Set template */ public static function template() { return 'index'; } /** * Get Gravatar */ public static function getGravatarURL($email, $size) { return 'http://www.gravatar.com/avatar.php?gravatar_id='.md5($email).'&rating=PG'.'&size='.$size; } }