Bläddra i källkod

Fix Double entries on sign-in, plex invites, etc... anythign that dealt with user.php part of #665

causefx 8 år sedan
förälder
incheckning
1ab0e94e58
1 ändrade filer med 51 tillägg och 53 borttagningar
  1. 51 53
      user.php

+ 51 - 53
user.php

@@ -7,17 +7,17 @@
 	 *	entry is assigned a new random token,  which is used in
 	 * salting subsequent password checks.
 	 */
-	
+
 	// Include functions if not already included
 	require_once('functions.php');
-	 
+
     // Autoload frameworks
 	require_once(__DIR__ . '/vendor/autoload.php');
-	
+
     // Lazyload settings
 	$databaseConfig = configLazy(__DIR__ . '/config/config.php');
 
-    if(file_exists('custom.css')) : define('CUSTOMCSS', 'true'); else : define('CUSTOMCSS', 'false'); endif; 
+    if(file_exists('custom.css')) : define('CUSTOMCSS', 'true'); else : define('CUSTOMCSS', 'false'); endif;
     $notifyExplode = explode("-", NOTIFYEFFECT);
     define('FAIL_LOG', 'loginLog.json');
     @date_default_timezone_set(TIMEZONE);
@@ -28,8 +28,6 @@
     }
 
 	define('GUEST_HASH', "guest-".guestHash(0, 5));
-	$group = new User();
-	$group = $group->role;
 
 	class User
 	{
@@ -126,10 +124,10 @@
 		var $group = "";
 		// global database handle
 		var $database = false;
-        
+
         //EMAIL SHIT
         function startEmail($email, $username, $subject, $body){
-            
+
             $mail = new PHPMailer;
             $mail->isSMTP();
             $mail->Host = SMTPHOST;
@@ -151,9 +149,9 @@
             } else {
                 $this->info('E-Mail sent!');
             }
-            
+
         }
-       
+
 		// class object constructor
 		function __construct($registration_callback=false)
 		{
@@ -243,7 +241,7 @@
 				$this->info("<strong>log in error:</strong> password did not pass validation");
 				return false; }
 			// step 2: if validation passed, log the user in
-			return $this->login_user($username, $sha1, $rememberMe == "true", $password); 
+			return $this->login_user($username, $sha1, $rememberMe == "true", $password);
 		}
 		/**
 		 * Called when the requested POST operation is "logout"
@@ -303,12 +301,12 @@
 				$domain = getServerPath();
 				$body = orgEmail(
 					$header = $language->translate('EMAIL_NEWUSER_HEADER'),
-					$title = $language->translate('EMAIL_NEWUSER_TITLE'), 
-					$user = $username, 
+					$title = $language->translate('EMAIL_NEWUSER_TITLE'),
+					$user = $username,
 					$mainMessage =$language->translate('EMAIL_NEWUSER_MESSAGE'),
 					$button = $language->translate('EMAIL_NEWUSER_BUTTON'),
-					$buttonURL = $domain, 
-					$subTitle = $language->translate('EMAIL_NEWUSER_SUBTITLE'), 
+					$buttonURL = $domain,
+					$subTitle = $language->translate('EMAIL_NEWUSER_SUBTITLE'),
 					$subMessage = $language->translate('EMAIL_NEWUSER_SUBMESSAGE')
 					);
                 $this->startEmail($email, $username, $subject, $body);
@@ -348,7 +346,7 @@
 			if($email !="" && preg_match(User::emailregexp, $email)==0) {
 				$this->info("<strong>invite error:</strong> email address did not pass validation");
 				writeLog("error", "$email didn't pass validation");
-				return false; 
+				return false;
 			}
 			// step 2: if validation passed, send the user's information for invite
 			return $this->invite_user($username, $email, $server);
@@ -386,12 +384,12 @@
 			$domain = getServerPath();
 			$body = orgEmail(
 					$header = $language->translate('EMAIL_RESET_HEADER'),
-					$title = $language->translate('EMAIL_RESET_TITLE'), 
-					$user = $username, 
+					$title = $language->translate('EMAIL_RESET_TITLE'),
+					$user = $username,
 					$mainMessage =$language->translate('EMAIL_RESET_MESSAGE')."<br/>".$newpassword,
 					$button = $language->translate('EMAIL_RESET_BUTTON'),
-					$buttonURL = $domain, 
-					$subTitle = $language->translate('EMAIL_RESET_SUBTITLE'), 
+					$buttonURL = $domain,
+					$subTitle = $language->translate('EMAIL_RESET_SUBTITLE'),
 					$subMessage = $language->translate('EMAIL_RESET_SUBMESSAGE')
 					);
             $this->startEmail($email, $username, $subject, $body);
@@ -452,11 +450,11 @@
 		{
 			// actually logged in?
 			if($this->is_user_active($username)===false) { return false; }
-            
+
 			// logged in, but do the tokens match?
 			$token = $this->get_user_token($username);
             if(MULTIPLELOGIN == "false"){
-            
+
                 if(isset($_COOKIE["Organizr"])){
                     if($_COOKIE["Organizr"] == $token){
                         return true;
@@ -475,24 +473,24 @@
                     }
                 }else{
                     if($token != $_SESSION["token"]) {
-                        
+
                         $this->error("token mismatch for $username");
-                        return false; 
-                    
+                        return false;
+
                     }
                     // active, using the correct token -> authenticated
                      setcookie("cookiePassword", COOKIEPASSWORD, time() + (86400 * 7), "/", DOMAIN);
                      return true;
-                    
+
                 }
-                
+
             }else{
-                
+
                 setcookie("cookiePassword", COOKIEPASSWORD, time() + (86400 * 7), "/", DOMAIN);
                 return true;
-                
-            }    
-            
+
+            }
+
 		}
 		/**
 		 * Unicode friendly(ish) version of strtolower
@@ -537,7 +535,7 @@
 			$username = strtolower($username);
 			$dbpassword = $this->token_hash_password($username, $sha1, "");
 			if($dbpassword==$sha1) die("password hashing is not implemented.");
-            $newRole = "admin"; 
+            $newRole = "admin";
             $queryAdmin = "SELECT username FROM users";
             foreach($this->database->query($queryAdmin) as $data) {
                 $newRole = "user";
@@ -550,7 +548,7 @@
 					$this->error = "this user name is already being used by someone else.";
                     $this->error("this user name is already being used by someone else.");
 					return false; }
-			} else {	
+			} else {
 				$query = "SELECT username FROM users";
 				$usernames = array();
 				foreach($this->database->query($query) as $data) { $usernames[] = $this->homogenise_username($data["username"]); }
@@ -567,7 +565,7 @@
 					$this->info("user account for $username not created.");
 					$this->error = "this email address is already in use by someone else.";
 					$this->error("this email address is already in use by someone else.");
-					return false; 
+					return false;
 				}
 			} else {
 				$email = $this->random_ascii_string(32).'@placeholder.eml';
@@ -599,16 +597,16 @@
 		 */
 		function login_user($username, $sha1, $remember, $password, $surface = true) {
 			$username = strtolower($username);
-			
+
             $buildLog = function($username, $authType) {
                 if(file_exists(FAIL_LOG)) {
                     $getFailLog = str_replace("\r\ndate", "date", file_get_contents(FAIL_LOG));
                     $gotFailLog = json_decode($getFailLog, true);
                 }
-                
+
                 $failLogEntryFirst = array('logType' => 'login_log', 'auth' => array(array('date' => date("Y-m-d H:i:s"), 'username' => $username, 'ip' => $_SERVER['REMOTE_ADDR'], 'auth_type' => $authType)));
                 $failLogEntry = array('date' => date("Y-m-d H:i:s"), 'username' => $username, 'ip' => $_SERVER['REMOTE_ADDR'], 'auth_type' => $authType);
-                if(isset($gotFailLog)) { 
+                if(isset($gotFailLog)) {
                     array_push($gotFailLog["auth"], $failLogEntry);
                     $writeFailLog = str_replace("date", "\r\ndate", json_encode($gotFailLog));
                 } else {
@@ -616,7 +614,7 @@
                 }
                 return $writeFailLog;
             };
-			
+
 			// External Authentication
 			$authSuccess = false;
 			$function = 'plugin_auth_'.AUTHBACKEND;
@@ -640,14 +638,14 @@
 							} else {
 								// Legacy - Less Secure
 								$dbpassword = $this->token_hash_password($username, $sha1, $this->get_user_token($username));
-								if($dbpassword==$data["password"]) { 
+								if($dbpassword==$data["password"]) {
 									$authSuccess = true;
 								}
 							}
 						}
 					}
 			}
-			
+
 			if ($authSuccess) {
 				// Make sure user exists in database
 				$query = "SELECT username FROM users WHERE username = '".$username."' COLLATE NOCASE";
@@ -656,7 +654,7 @@
 					$userExists = true;
 					break;
 				}
-				
+
 				if ($userExists) {
 					// authentication passed - 1) mark active and update token
 					$this->mark_user_active($username);
@@ -665,14 +663,14 @@
 					if($remember == "true") {
 						setcookie("Organizr", $this->get_user_token($username), time() + (86400 * 7), "/", DOMAIN);
 						setcookie("OrganizrU", $username, time() + (86400 * 7), "/", DOMAIN);
-						
+
 					}
 					$this->info("Welcome $username");
 					file_put_contents(FAIL_LOG, $buildLog($username, "good_auth"));
 					chmod(FAIL_LOG, 0660);
 					setcookie("cookiePassword", COOKIEPASSWORD, time() + (86400 * 7), "/", DOMAIN);
      				writeLog("success", "$username has logged in");
-					return true; 
+					return true;
 				} else if (AUTHBACKENDCREATE !== 'false' && $surface) {
 					// Create User
 					$falseByRef = false;
@@ -684,7 +682,7 @@
 					chmod(FAIL_LOG, 0660);
 					if(User::unsafe_reporting) { $this->error = "Successful Backend Auth, $username not in DB, Create Set to False."; $this->error("Successful Backend Auth, $username not in DB, Create Set to False."); }
 					else { $this->error = "Not permitted to login as this user, please contact an administrator."; $this->error("Not permitted to login as this user, please contact an administrator"); }
-					return false; 
+					return false;
 				}
 			} else if (!$authSuccess) {
 				// authentication failed
@@ -694,7 +692,7 @@
 				chmod(FAIL_LOG, 0660);
 				if(User::unsafe_reporting) { $this->error = "incorrect password for $username."; $this->error("incorrect password for $username."); }
 				else { $this->error = "the specified username/password combination is incorrect."; $this->error("the specified username/password combination is incorrect."); }
-				return false; 
+				return false;
 			} else {
 				// authentication could not take place
 				//$this->info("there was no user $username in the database");
@@ -735,7 +733,7 @@
     		writeLog("success", "PLEX INVITE: $id has been deleted");
 			return true;
 		}
-		
+
 		/**
 		 * Invite using a user's information
 		 */
@@ -763,12 +761,12 @@
 				$subject = DOMAIN . " $uServer ".$language->translate('INVITE_CODE');
 				$body = orgEmail(
 					$header = explosion($language->translate('EMAIL_INVITE_HEADER'), 0)." ".$uServer." ".explosion($language->translate('EMAIL_INVITE_HEADER'), 1),
-					$title = $language->translate('EMAIL_INVITE_TITLE'), 
-					$user = $username, 
+					$title = $language->translate('EMAIL_INVITE_TITLE'),
+					$user = $username,
 					$mainMessage = explosion($language->translate('EMAIL_INVITE_MESSAGE'), 0)." ".$uServer." ".explosion($language->translate('EMAIL_INVITE_MESSAGE'), 1)." ".$inviteCode,
 					$button = explosion($language->translate('EMAIL_INVITE_BUTTON'), 0)." ".$uServer." ".explosion($language->translate('EMAIL_INVITE_BUTTON'), 1),
-					$buttonURL = $link, 
-					$subTitle = $language->translate('EMAIL_INVITE_SUBTITLE'), 
+					$buttonURL = $link,
+					$subTitle = $language->translate('EMAIL_INVITE_SUBTITLE'),
 					$subMessage = explosion($language->translate('EMAIL_INVITE_SUBMESSAGE'), 0)." <a href='".$domain."?inviteCode'>".$domain."</a> ".explosion($language->translate('EMAIL_INVITE_SUBMESSAGE'), 1)
 					);
                 $this->startEmail($email, $username, $subject, $body);
@@ -816,7 +814,7 @@
 		 */
 		function token_hash_password($username, $sha1, $token)
 		{
-			
+
 			return hash("sha256",($this->database->query('SELECT username FROM users WHERE username = \''.$username.'\' COLLATE NOCASE')->fetch()['username']).$sha1.$token);
 		}
 		/**
@@ -845,7 +843,7 @@
 				foreach($this->database->query($query) as $data) { return $data["role"]; }}
 			return "guest";
 		}
-        
+
        /* function get_user_group($username)
 		{
 			if($username && $username !="" && $username !=User::GUEST_USER) {
@@ -876,7 +874,7 @@
 			$update = "UPDATE users SET password = '$newpassword' WHERE username = '$username' COLLATE NOCASE";
 			$this->database->exec($update);
 			if($noMsg == "false"){
-                $this->info("token and password updated for <strong>$username</strong>");   
+                $this->info("token and password updated for <strong>$username</strong>");
             }
 			return $token;
 		}