user !== NULL) { $f3->set('info', 'You are already logged in'); $f3->set('content', 'blank.html'); return; } $f3->set('content', 'login.html'); if($f3->get('VERB') !== "POST") { return; } $this->user = new \Todo\Model\User($f3->get('DB')); if($this->user->byName($f3->get('POST.name')) && $this->user->verifyPass($f3->get('POST.password')) && $this->user->active) { $f3->set('success', 'Login Successful!'); $f3->set('content', 'noListSelected.html'); } else { $this->user = NULL; $f3->set('error', 'Username or password is wrong or account is not active.'); } } public function logout($f3, $args) { $this->user = NULL; $f3->set('success', 'Logout Successful!'); $f3->set('content', 'login.html'); } public function register($f3, $args) { if($this->user !== NULL) { $f3->set('error', 'You already have an account!'); $f3->set('content', 'blank.html'); return; } $f3->set('content', 'register.html'); if($f3->get('VERB') !== 'POST') { return; } if(($f3->get('POST.password') === '') || ($f3->get('POST.name') === '') || ($f3->get('POST.email') === '')) { $f3->set('error', 'All form inputs must be filled out'); return; } if($f3->get('POST.password') !== $f3->get('POST.repeatPassword')) { $f3->set('error', 'Passwords do not match'); return; } $u = new \Todo\Model\User($f3->get('DB')); if($u->register($f3->get('POST.name'), $f3->get('POST.email'), $f3->get('POST.password'))) { $f3->set('username', $u->name); $f3->set('activationurl', 'http://'.$f3->get('HOST').$f3->get('BASE').'/activate/'.$u->id.'/'.$u->code); mail($u->email, 'Activation code for ' . $f3->get('appname'), \Template::instance()->render('mails/activationcode', 'text/plain'), 'From:'.$f3->get('mail_from')); $f3->set('success', 'New account created. Check your mails for the activation link.'); $f3->set('content', 'blank.html'); } else { $f3->set('error', 'Name or E-Mail already in use.'); } } public function delete($f3, $args) { if($this->needLogin($f3)) { return; } $f3->set('content', 'deleteAccount.html'); if(($f3->get('VERB') == 'POST') && ($f3->get('POST.confirm') == 'OK')) { $this->user->deleteUser(); $this->user = NULL; $f3->set('success', 'Account deleted!'); $f3->set('content', 'blank.html'); } } public function activate($f3, $args) { $f3->set('content', 'blank.html'); $u = new \Todo\Model\User($f3->get('DB')); if(!$u->byID($args['user'])) { $f3->set('error', 'Unknown user.'); return; } if($u->active) { $f3->set('info', 'Account already activated'); return; } if($u->code !== $args['code']) { $f3->set('error', 'Wrong activation code!'); return; } $u->active = true; $u->makeCode(); # set a new random code to prevent double usage $u->save(); $f3->set('success', 'Account activated!'); } public function initResetpw($f3, $args) { $f3->set('content', 'pwresetRequest.html'); if($f3->get('VERB') !== 'POST') { return; } $u = new \Todo\Model\User($f3->get('DB')); if(!$u->byEmail($f3->get('POST.email'))) { $f3->set('error', 'No account with this address registered.'); return; } $u->makeCode(); $u->save(); $f3->set('username', $u->name); $f3->set('reseturl', 'http://'.$f3->get('HOST').$f3->get('BASE').'/pwreset/'.$u->id.'/'.$u->code); mail($u->email, 'Password reset for ' . $f3->get('appname'), \Template::instance()->render('mails/pwreset', 'text/plain'), 'From:'.$f3->get('mail_from')); $f3->set('success', 'Password reset link was sent to your E-Mail address.'); $f3->set('content', 'blank.html'); } public function resetpw($f3, $args) { $u = new \Todo\Model\User($f3->get('DB')); if((!$u->byID($args['user'])) || ($u->code !== $args['code'])) { $f3->set('error', 'Invalid password reset link.'); $f3->set('content', 'blank.html'); return; } $f3->set('content', 'pwreset.html'); if($f3->get('VERB') !== 'POST') { return; } if($f3->get('POST.password') !== $f3->get('POST.repeatPassword')) { $f3->set('error', 'Passwords do not match'); return; } $u->pwhash = \Bcrypt::instance()->hash($f3->get('POST.password')); $u->makeCode(); $u->save(); $f3->set('success', 'Password changed'); $f3->set('content', 'blank.html'); } public function settings($f3, $args) { if($this->needLogin($f3)) { return; } $f3->set('content', 'settings.html'); $f3->set('email', $this->user->email); if($f3->get('VERB') !== 'POST') { return; } $ok = array(); $error = array(); if(($this->user->email !== $f3->get('POST.email')) && ($f3->get('POST.email') !== '')) { $this->user->email = $f3->get('POST.email'); $f3->set('email', $this->user->email); $ok[] = 'E-Mail address changed.'; } if($f3->get('POST.password') !== '') { if($f3->get('POST.password') === $f3->get('POST.repeatPassword')) { $this->user->pwhash = \Bcrypt::instance()->hash($f3->get('POST.password')); $ok[] = 'Password changed.'; } else { $error[] = 'Passwords do not match.'; } } if(!empty($ok)) { $this->user->save(); } $text = array_reduce(array_merge($ok, $error), function($a, $b) { return $a . ' ' . $b; }); if((!empty($ok)) && (!empty($error))) { $f3->set('info', $text); } else if(!empty($ok)) { $f3->set('success', $text); } else if(!empty($error)) { $f3->set('error', $text); } } }