may/1KA_F2F
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1KA_F2F/frontend/api/class.ApiLogin.php
MAY 79fc5b7b02 Prilagoditev za F2F, ostalo: 
Dopolnjena opomba k nastavitvi kodne tabele za SQL.

De-1KAizacija:
    Ukinjenih nekaj info@1ka.si emailov, odstranjenih nekaj testnih petrovih nastavitev.

    Tudi lastna instalacija ima pravico do obvestil o grdem početju (phishing ipd).
    GDPR na 1KA pošljemo samo, če NI lastna instalacija.

Dopolnitve za fieldwork delo:
    - 1ka data izvoz
    - grupa glede na kodo in ne le kuki
        Tako lahko anketar nadaljuje z anketiranjem istega respondenta z vnosom
        iste kode. Prej se je grupa nastavljala le glede na kuki, kar je bilo neuporabno
        za fieldwork.
    - skok na isto, ne naslednjo stran na koncu
        PREJ: izpolnil si 1, 2, 3 in zaprl na 3. strani. 3. stran se ni shranila,
              ker nisi dal NEXT. NAslednjič ko si odprl isti link, ki nadaljeval
              na *naslednji* strani (4.)

              Tako si imel podatke za 1.; 2.; 4.,... stran.
        ZDAJ: izpolniš 1, 2, 3, zapreš. 3. stran se seveda ni shranila, ker si zaprl.
              Ko ponovno odpreš anketo, te vrže na ISTO ZADNJO stran - torej tretjo.

    - možen lokalni dump podatkov iz crontaba (zaščiteno s kodo)
    - settings.php ima dodano nastavitev kode za dump podatkov. Tega ni smiselno
      dati v nastavitve, ker se mora poklicati iz cron joba na SERVERJU, tako da
      mora itak štaufat admin, ki pripravljal laptop.

    Skripte za terensko združevanje so ločen modul in jih bi porinil v ločenem
    patchu.

    POZOR, preveriti je treba še BodyController (ali je bil ugly hack za narobe
    nastavljeno anketo, ali je bilo kaj drugega). Avtomatsko je namreč disablalo
    popravljanje ankete anketarjem!
2022-11-11 14:41:51 +01:00

2100 lines
80 KiB
PHP
Raw Blame History

<?php
/**
*
* Class ki vsebuje funkcije APIJA (prijava, registracija v 1ko)
*
*/
class ApiLogin
{
var $ime;
var $priimek;
var $email;
var $pass;
var $method;
var $prijava = '';
var $data;
var $EncPass;
var $page_urls = []; // Url-ji za podstrani - to se bo verjetno nastavljalo v settings.php
function __construct()
{
global $site_url;
global $admin_type;
global $site_frontend;
global $site_path;
global $site_domain;
global $cookie_domain;
// Overridi za virtualne domene na TUS strezniku
if(isVirtual()){
if (getenv('apache_site_path') != '') $site_url = getenv('apache_site_url');
if (getenv('apache_site_path') != '') $site_path = getenv('apache_site_path');
if (getenv('apache_site_domain') != '') $site_domain = getenv('apache_site_domain');
if (getenv('apache_keep_domain') != '') $cookie_domain = getenv('apache_keep_domain');
}
// DRUPAL
if ($site_frontend == 'drupal') {
$url = $site_url.'d/';
if (!empty($_POST['jezik'])) {
$url = $site_url.'d/'.$_POST['jezik'].'/';
}
if (!empty($_GET['prijava']) && $_GET['prijava'] == 1) {
$this->prijava = '_login';
}
// Url-ji za podstrani
$urls_array = [
// Preusmerimo če reCaptcha ni vključena in je robot izpolnil registracijo
'page_robot_redirect' => $url,
'page_main' => $url,
// Osnovna stran
'page_main_login' => $url.'prijava/',
// Vrnemo na osnovne spletno stran za prijavo
'page_login' => $url.'?a=login',
// Stran namenjena logiranju
'page_login_login' => $url.'prijava/?a=login',
// Stran namenjena logiranju
'page_login_noEmail' => $url.'?a=login_noEmail',
// Stran na katero preusmerimo ce pri loginu vnese napacen oz. neobstojec email
'page_login_noEmail_login' => $url.'prijava/index.php?a=login_noEmail',
//Preusmei na stran, kje je obrazec za prijavo
//Google 2FA
'page_login_2fa' => $url.'?a=login_2fa',
// Če je uporabnik bannan
'page_user_ban' => $url.'?a=user_ban',
'page_user_ban_login' => $url.'prijava/index.php?a=user_ban',
// Registracija
'page_register' => $url.'registracija/?',
// 1. korak registracije - stran s formo za registracijo
'page_register_confirm' => $url.'registracija/confirm/?',
// 2. korak registracije - stran kamor je preusmerjen uporabnik po vnosu podatkov za registracijo (kjer pregleda vnešene podatke če so vsi ok)
'page_register_emailSend' => $url.'registracija/send/?',
// 3 .korak registracije - stran kamor je preusmerjen ko potrdi podatke - izpiše se mu obvestilo, da bo prejel potrditveni mail
'page_register_activate' => $site_url.'admin/survey/',
// 4. korak registracije - stran kamor ga preusmeri, ko klikne na url za potrditev registracije v mailu (opcijsko - lahko se ga preusmeri tudi na osnovno stran)
'page_add_second_email' => $url.'?a=add_second_email',
'page_reset_password' => $url.'obnovitev-gesla/?a=reset_password',
// Sprememba gesla
'page_reset_password_activate' => $url.'?a=reset_password_activate'
// Potrditev spremembe gesla
];
} else {
// Simple
$urls_array = [
'page_main' => $site_url.'index.php',
// Osnovna stran
'page_login' => $site_url.'index.php?a=login',
// Stran namenjena logiranju
'page_login_noEmail' => $site_url.'index.php?a=login_noEmail',
//Google 2FA
'page_login_2fa' => $site_url.'index.php?a=login_2fa',
// Stran na katero preusmerimo ce pri loginu vnese napacen oz. neobstojec email
'page_user_ban' => $site_url.'index.php?a=user_ban',
'page_register' => $site_url.'index.php?a=register',
// 1. korak registracije - stran s formo za registracijo
'page_register_confirm' => $site_url.'index.php?a=register_confirm',
// 2. korak registracije - stran kamor je preusmerjen uporabnik po vnosu podatkov za registracijo (kjer pregleda vnešene podatke če so vsi ok)
'page_register_emailSend' => $site_url.'index.php?a=register_email',
// 3 .korak registracije - stran kamor je preusmerjen ko potrdi podatke - izpiše se mu obvestilo, da bo prejel potrditveni mail
'page_register_activate' => $site_url.'index.php',
// 4. korak registracije - stran kamor ga preusmeri, ko klikne na url za potrditev registracije v mailu (opcijsko - lahko se ga preusmeri tudi na osnovno stran)
'page_add_second_email' => $site_url.'index.php?a=add_second_email',
'page_unregister' => $site_url.'index.php?a=unregister',
// Stran namenjena "odregistraciji uporabnika
'page_unregister_confirm' => $site_url.'index.php?a=unregister_confirm',
// Potrditev odregistracije
'page_reset_password' => $site_url.'index.php?a=reset_password',
// Sprememba gesla
'page_reset_password_activate' => $site_url.'index.php?a=reset_password_activate'
// Potrditev spremembe gesla
];
}
// Nastavimo url-je
$this->setUrls($urls_array);
// Preverimo ce smo logirani (in ustrezno nastavimo piskotke)
$admin_type = $this->checkLogin();
}
// Nastavimo vse podstrani potrebne za delovanje (registracija, login, odregistracija, pozabljeno geslo...) -
public function setUrls($urls_array)
{
$this->page_urls = $urls_array;
}
// Izvedemo akcijo
public function checkLogin()
{
global $admin_type; // tip admina: 0:admin, 1:manager, 2:clan, 3:user
global $global_user_id;
global $mysql_database_name;
global $pass_salt;
global $is_meta;
global $cookie_domain;
$is_meta = 0;
$global_user_id = 0;
$admin_type = 3;
$cookie_pass = $_COOKIE['secret'];
// UID je v resnici base64 od emaila, ker sicer odpove meta!!!
// najprej testiram meto, potem sele userje.
if (isset ($_COOKIE['uid']) && !empty($_COOKIE['g2fa'])) {
$user_email = base64_decode($_COOKIE['uid']);
$db_meta_exists = mysqli_select_db($GLOBALS['connect_db'], "meta");
if ($db_meta_exists) {
$result = sisplet_query("SELECT geslo, aid, 0 as type FROM administratorji WHERE email='$user_email'");
}
// NI META
if (!$result || mysqli_num_rows($result) == 0) {
mysqli_select_db($GLOBALS['connect_db'], $mysql_database_name);
$meta = 0;
$result = sisplet_query("SELECT pass, id, type FROM users WHERE email='$user_email'");
if (!$result || mysqli_num_rows($result) == 0) {
// najprej poradiraij cookije!
setcookie('uid', "", time() - 3600, $cookie_domain);
setcookie('secret', "", time() - 3600, $cookie_domain);
if (substr_count($cookie_domain, ".") > 1) {
$nd = substr($cookie_domain,strpos($cookie_domain, ".") + 1);
setcookie('uid', "", time() - 3600, $nd);
setcookie('secret', "", time() - 3600, $nd);
}
return -1;
} else {
$r = mysqli_fetch_row($result);
if ($cookie_pass != $r[0]) {
// najprej poradiraij cookije!
setcookie('uid', "", time() - 3600, $cookie_domain);
setcookie('secret', "", time() - 3600, $cookie_domain);
if (substr_count($cookie_domain, ".") > 1) {
$nd = substr($cookie_domain,
strpos($cookie_domain, ".") + 1);
setcookie('uid', "", time() - 3600, $nd);
setcookie('secret', "", time() - 3600, $nd);
}
return -1;
} else {
$admin_type = $r[2];
$global_user_id = $r[1];
return $r[2];
}
}
} // JE META
else {
$r = mysqli_fetch_row($result);
if ($cookie_pass == base64_encode((hash('SHA256', base64_decode($r[0]).$pass_salt)))) {
$is_meta = 1;
$admin_type = "0";
mysqli_select_db($GLOBALS['connect_db'],
$mysql_database_name);
$result = sisplet_query("SELECT pass, id, type FROM users WHERE email='$user_email'");
if (mysqli_num_rows($result) > 0) {
$r = mysqli_fetch_row($result);
$global_user_id = $r[1];
}
return 0;
} else {
mysqli_select_db($GLOBALS['connect_db'],
$mysql_database_name);
// Obstaja tudi primer ko je IN meta IN navaden- in se je pac prijavil kot navaden user
$result = sisplet_query("SELECT pass, id, type FROM users WHERE email='$user_email'");
if (!$result || mysqli_num_rows($result) == 0) {
return -1;
} else {
$r = mysqli_fetch_row($result);
if ($cookie_pass != $r[0]) {
// najprej poradiraij cookije!
setcookie('uid', "", time() - 3600, $cookie_domain);
setcookie('secret', "", time() - 3600, $cookie_domain);
if (substr_count($cookie_domain, ".") > 1) {
$nd = substr($cookie_domain,
strpos($cookie_domain, ".") + 1);
setcookie('uid', "", time() - 3600, $nd);
setcookie('secret', "", time() - 3600, $nd);
}
return -1;
} else {
$admin_type = $r[2];
$global_user_id = $r[1];
return $r[2];
}
}
}
}
} // Ni prijavljen
else {
$admin_type = -1;
return -1;
}
}
// Preveri ce je user ze logiran v 1ko in nastavi globalne spremenljivke in cookie (kopirano iz function.php)
public function executeAction($params, $data, $method='')
{
global $site_url;
global $global_user_id;
global $lang;
global $cookie_domain;
// Nastavimo prejete podatke
if (isset($data['ime'])) {
$this->ime = $data['ime'];
}
if (isset($data['priimek'])) {
$this->priimek = $data['priimek'];
}
if (isset($data['email'])) {
$this->email = trim($data['email']);
}
if (isset($data['pass'])) {
$this->pass = $data['pass'];
}
if (isset($data['method'])){
$this->method = $data['method'];
}
if (isset($data)){
$this->data = $data;
}
if (!isset($params['action'])) {
$response = 'Napaka! Manjkajo parametri!';
} else {
switch ($params['action']) {
// Login userja
case 'login':
$response = $this->userLogin();
break;
// Login userja
case 'login_2fa':
$response = $this->userLogin2fa();
break;
// Login userja z google racunom
case 'login_google':
if(!empty($_POST['remember']) && $_POST['remember'] == 1) {
setcookie('remember-me', '1', time() + 31536000, '/', $cookie_domain);
}
$response = $this->userLoginGoogle();
break;
// Login userja s FB racunom
case 'login_facebook':
if(!empty($_POST['remember']) && $_POST['remember'] == 1) {
setcookie('remember-me', '1', time() + 31536000, '/', $cookie_domain);
}
$response = $this->userLoginFacebook();
break;
// Login userja z AAI racunom
case 'login_AAI':
if(!empty($_POST['remember']) && $_POST['remember'] == 1) {
setcookie('remember-me', '1', time() + 31536000, '/', $cookie_domain);
}
$response = $this->userLoginAAI();
break;
// Logout userja
case 'logout':
$response = $this->userLogout();
break;
// Registracija userja - prvi vnos podatkov s preverjanjem
case 'register':
$response = $this->userRegister();
break;
// Registracija userja - potrditev podatkov in posiljanje potrditvenega maila
case 'register_confirm':
$response = $this->userRegisterConfirm();
break;
// Registracija userja - potrditev registracije (aktivacija) po prejetju potrditvenega maila
case 'register_activate':
$response = $this->userRegisterActivate();
break;
// Dodajanje alternativnega emaila
case 'activate_second_email':
$response = $this->userActivateAlternativEmail();
break;
// Odregistracija userja - preverjanje ce se res zeli odjaviti
// case 'unregister':
// $response = $this->userUnregister();
// break;
// Odregistracija userja - potrditev in dejanska odjava
case 'unregister_confirm':
$response = $this->userUnregisterConfirm();
break;
// Reset passworda userja
case 'reset_password':
$response = $this->userResetPassword();
break;
// Potrditev reseta passworda userja
case 'reset_password_activate':
$response = $this->userResetPasswordActivate();
break;
}
}
echo $response;
}
// Prijavi userja v 1ko - (kopirano iz ProfileClass.php)
private function userLogin()
{
global $mysql_database_name;
global $site_url;
global $lang;
global $pass_salt;
global $cookie_domain;
global $originating_domain;
global $keep_domain;
$piskotek = [];
$error = [];
// Ce imamo vklopljeno blokiranje dostopa do admina glede na ip
$admin_allow_only_ip = AppSettings::getInstance()->getSetting('app_limits-admin_allow_only_ip');
if($admin_allow_only_ip !== false && !empty($admin_allow_only_ip)){
$ip = $_SERVER['REMOTE_ADDR'];
// Preverimo ip - ce se ne ujema ne pustimo logina
if(!in_array($ip, $admin_allow_only_ip)){
if($this->method == 'AJAX'){
return $this->ajaxResponse('error', 'Napaka pri prijavi.');
}else {
header('location: '.$this->page_urls['page_login'.$this->prijava]);
die();
}
}
}
$mini = $this->email.$this->pass;
for ($Stevec = 0; $Stevec < strlen($mini); $Stevec++) {
$mini = str_replace("'", "", $mini);
}
$result = sisplet_query("SELECT value FROM misc WHERE what='CookieLife'");
$row = mysqli_fetch_row($result);
$LifeTime = $row[0];
// Cookie "remember-me" nastavimo pri FB, Google in AAi prijavi in tukaj preverjamo, če je nastavljena ta opcija
if ((isset($_POST['remember']) && $_POST['remember'] == "1") || (isset($_COOKIE['remember-me']) && $_COOKIE['remember-me'] == 1)) {
$LifeTime = 3600 * 24 * 365;
} else {
$LifeTime = $LifeTime;
}
// Preverimo ce obstaja uporabnik s tem emailom
$user_id = User::findByEmail($this->email);
if (!empty($user_id)) {
$sql = sisplet_query("SELECT type, pass, status, id, name, surname, email FROM users WHERE id='".$user_id."'");
$r = mysqli_fetch_assoc($sql);
// BAN
if ($r['status'] == 0) {
if($this->method == 'AJAX'){
return $this->ajaxResponse('error', $lang['cms_error_user_ban']);
}else {
header('Location: '.$this->page_urls['page_user_ban'.$this->prijava].'&error=user_ban&email='.$this->email);
die();
}
}
$user_lang = 1;
if (!empty($_POST['jezik']) && $_POST['jezik'] == 'en') {
$user_lang = 2;
}
// Preverimo ce je password ok
if (base64_encode((hash('SHA256', $this->pass.$pass_salt))) == $r['pass'] || $this->EncPass == $r['pass']) {
// Zabelezimo datum prijave
sisplet_query("UPDATE users SET last_login=NOW(), lang='".$user_lang."' WHERE id='".$r['id']."'");
// določi še, od kje se je prijavil
$hostname = "";
$headers = apache_request_headers();
if (array_key_exists('X-Forwarded-For', $headers)) {
$hostname = $headers['X-Forwarded-For'];
} else {
$hostname = $_SERVER["REMOTE_ADDR"];
}
sisplet_query("INSERT INTO user_login_tracker (uid, IP, kdaj) VALUES ('".$r['id']."', '".$hostname."', NOW())");
// Ustvarimo login cookie
if($this->method == 'AJAX') {
$piskotek['uid'] = [
'ime' => 'uid',
'vrednost' => base64_encode($r['email']),
'opcije' => [
'expires' => time() + $LifeTime,
'path' => '/',
'domain' => $cookie_domain,
//'secure' => true
]
];
} else {
setcookie("uid", base64_encode($r['email']), time() + $LifeTime, '/', $cookie_domain);
}
//Preverimo če gre za Google 2FA
$user_2fa_enabled = User::option($r['id'], 'google-2fa-validation');
if(!empty($user_2fa_enabled) && $user_2fa_enabled != 'NOT'){
setcookie("g2fa", base64_encode($user_2fa_enabled), time() + $LifeTime, '/', $cookie_domain);
if($this->method == 'AJAX'){
//TODO: preveri kako je s piškoti
return $this->ajaxResponse('error', $lang['cms_error_user_ban']);
} else{
header('location: '.$this->page_urls['page_login_2fa']);
die();
}
}
// Ustvarimo piškotek še z imenom in geslom
if($this->method == 'AJAX'){
$piskotek['unam'] = [
'ime' => 'unam',
'vrednost' => base64_encode($r['name'].' '.$r['surname']),
'opcije' => [
'expires' => time() + $LifeTime,
'path' => '/',
'domain' => $cookie_domain,
//'secure' => true
]
];
$piskotek['secret'] = [
'ime' => 'secret',
'vrednost' => $r['pass'],
'opcije' => [
'expires' => time() + $LifeTime,
'path' => '/',
'domain' => $cookie_domain,
//'secure' => true
]
];
} else {
setcookie("unam", base64_encode($r['name'].' '.$r['surname']),time() + $LifeTime, '/', $cookie_domain);
setcookie("secret", $r['pass'], time() + $LifeTime, '/', $cookie_domain);
}
if ($r['status'] == "2" || $r['status'] == "6") {
if($this->method == 'AJAX'){
$piskotek['P'] = [
'ime' => 'P',
'vrednost' => time(),
'opcije' => [
'expires' => time() + $LifeTime,
'path' => '/',
'domain' => $cookie_domain,
'secure' => true
]
];
$error['password'] = $lang['cms_error_password'];
return $this->ajaxResponse('error', [
'piskotek' => $this->cookieEncode($piskotek),
'error' => $error
]);
}else{
setcookie("P", time(), time() + $LifeTime, '/', $cookie_domain);
header('location: '.$this->page_urls['page_login'.$this->prijava].'&email='.$this->email.'&error=password');
die();
}
}
}
else {
// Password prompt
if($this->method == 'AJAX'){
return $this->ajaxResponse('error', $lang['cms_error_password']);
}else{
header('location: '.$this->page_urls['page_login'.$this->prijava].'&email='.$this->email.'&error=password');
die();
}
}
}
else {
// Preverimo, če je sploh vpisal email
if (validEmail($this->email)) {
if($this->method == 'AJAX'){
return $this->ajaxResponse('error', $lang['cms_error_email_or_password_doesnt_exist']);
}else{
// Emaila ni v bazi
header('location: '.$this->page_urls['page_login_noEmail'.$this->prijava].'&email='.$this->email);
}
} else {
if($this->method == 'AJAX'){
return $this->ajaxResponse('error', $lang['cms_error_email']);
}else{
// Ni vpisana prava oblika maila
header('location: '.$this->page_urls['page_login_noEmail'.$this->prijava].'&email='.$this->email);
}
}
die();
}
//Vkolikor smo ga prijavili in želi kupip paket, vrnemo nazaj na Drupal
if(isset($_COOKIE['nakup'])){
if($user_lang == 1){
header('location: '.$site_url.'d/izvedi-nakup/'.$_COOKIE['paket'].'/podatki');
} else{
header('location: '.$site_url.'d/en/purchase/'.$_COOKIE['paket'].'/package');
}
die();
}
// Vse je ok - prijavljenega preusmerimo na moje ankete
if($this->method == 'AJAX'){
return $this->ajaxResponse('success', [
'url' => $site_url.'admin/survey/index.php?lang='.$user_lang,
'piskotek' => $this->cookieEncode($piskotek)
]);
}
header('location: '.$site_url.'admin/survey/index.php?lang='.$user_lang);
die();
}
// Prijava z Google 2 FA
private function userLogin2fa()
{
global $site_url, $cookie_domain;
$email = null;
if(!empty($_COOKIE['uid'])){
$email = base64_decode($_COOKIE['uid']);
}
$user_id = User::findByEmail($email);
$user= sisplet_query("SELECT type, pass, status, name, surname, email FROM users WHERE id='".$user_id."'", "obj");
$secret = User::option($user_id, 'google-2fa-secret');
if(!empty($secret) && $_POST['google_2fa_number']){
$google2fa = new \Sonata\GoogleAuthenticator\GoogleAuthenticator();
$user_lang = 1;
if (!empty($_POST['jezik']) && $_POST['jezik'] == 'en') {
$user_lang = 2;
}
// 2FA je bila uspešna
if ($google2fa->checkCode($secret, $_POST['google_2fa_number'])) {
$result = sisplet_query("SELECT value FROM misc WHERE what='CookieLife'", "obj");
$LifeTime = $result->value;
// Ustvarimo piškotek še z imenom in geslom
setcookie("unam", base64_encode($user->name.' '.$user->surname),time() + $LifeTime, '/', $cookie_domain);
setcookie("secret", $user->pass, time() + $LifeTime, '/', $cookie_domain);
// Zabelezimo datum prijave
sisplet_query("UPDATE users SET last_login=NOW() WHERE id='".$user_id."'");
// določi še, od kje se je prijavil
$hostname = "";
$headers = apache_request_headers();
if (array_key_exists('X-Forwarded-For', $headers)) {
$hostname = $headers['X-Forwarded-For'];
} else {
$hostname = $_SERVER["REMOTE_ADDR"];
}
sisplet_query("INSERT INTO user_login_tracker (uid, IP, kdaj) VALUES ('".$user_id."', '".$hostname."', NOW())");
// Vse je ok - prijavljenega preusmerimo na moje ankete
header('location: '.$site_url.'admin/survey/index.php?lang='.$user_lang);
die();
}
// Vse neuspešne poskuse ali napačen email
header('location: '. $this->page_urls['page_login_2fa'].'&error=2fa');
die();
}
// Vse je ok - prijavljenega preusmerimo na moje ankete
header('location: '.$site_url);
die();
}
// Prijavi userja v 1ko z Google racunom (kopirano iz ProfileClass.php) - PRETESTIRATI
private function userLoginGoogle()
{
require_once('../../function/JWT.php');
global $site_url;
global $lang;
global $proxy;
$oauth2_code = $_GET['code'];
$discovery = json_decode(file_get_contents('https://accounts.google.com/.well-known/openid-configuration'));
if ($proxy != "") {
$ctx = stream_context_create([
'http' => [
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query([
'client_id' => AppSettings::getInstance()->getSetting('google-login_client_id'),
'client_secret' => AppSettings::getInstance()->getSetting('google-login_client_secret'),
'code' => $oauth2_code,
'grant_type' => 'authorization_code',
'redirect_uri' => $site_url.'frontend/api/google-oauth2.php',
'openid.realm' => $site_url,
]),
'proxy' => 'tcp://'.$proxy,
],
]);
} else {
$ctx = stream_context_create([
'http' => [
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query([
'client_id' => AppSettings::getInstance()->getSetting('google-login_client_id'),
'client_secret' => AppSettings::getInstance()->getSetting('google-login_client_secret'),
'code' => $oauth2_code,
'grant_type' => 'authorization_code',
'redirect_uri' => $site_url.'frontend/api/google-oauth2.php',
'openid.realm' => $site_url,
]),
],
]);
}
$resp = file_get_contents($discovery->token_endpoint, false, $ctx);
if (!$resp) {
// $http_response_header here got magically populated by file_get_contents(), surprise
echo '<h1>'.$lang['oid_auth_rejected'].'</h1>';
echo '<p>'.$lang['google_auth_rejected'].'</p>';
echo '<ul><li>'.$lang['oid_maybe_you_rejected'].'<a href="'.$site_url.'index.php">'.$lang['try_again'].'</a></li><li>'.$lang['oid_maybe_local1'].'<a href="'.$site_url.'index.php">'.$lang['oid_maybe_local2'].'</a></li></ul>';
}
$resp = json_decode($resp);
$access_token = $resp->access_token;
$id_token = $resp->id_token;
// Skip JWT verification: we got it directly from Google via https, nothing could go wrong.
$id_payload = JWT::decode($resp->id_token, null, false);
if (!$id_payload->sub) {
echo '<h1>'.$lang['oid_auth_rejected'].'</h1>';
echo '<p>'.$lang['google_auth_rejected'].'</p>';
echo '<ul><li>'.$lang['oid_maybe_you_rejected'].'<a href="'.$site_url.'index.php">'.$lang['try_again'].'</a></li><li>'.$lang['oid_maybe_local1'].'<a href="'.$site_url.'index.php">'.$lang['oid_maybe_local2'].'</a></li></ul>';
}
$user_id = 'google+'.$id_payload->sub;
$user_email = $id_payload->email;
if ($user_email != '' && $user_id != '') {
$this->email = $user_email;
$user_id_1ka = User::findByEmail($user_email);
// Je noter, ga samo prijavim...
if (!empty($user_id_1ka)) {
$res = sisplet_query("SELECT pass FROM users WHERE id='".$user_id_1ka."'");
$r = mysqli_fetch_row($res);
$this->EncPass = $r[0];
$this->userLogin();
} // Ni se registriran, ga je potrebno dodati na prijavno formo
else {
// geslo med 00000 in zzzzz
$this->pass = base_convert(mt_rand(0x19A100, 0x39AA3FF), 10, 36);
$this->EncPass = base64_encode((hash('SHA256', $this->pass.$pass_salt)));
$this->email = $user_email;
$fn = explode("@", $user_email);
sisplet_query("INSERT INTO users (name, surname, email, pass, lang, when_reg) VALUES ('".$fn[0]."', '', '".$user_email."', '".$this->EncPass."', '".(isset ($_GET['regFromEnglish']) && $_GET['regFromEnglish'] == "1" ? '2' : '1')."', NOW())");
$uid = mysqli_insert_id($GLOBALS['connect_db']);
sisplet_query("INSERT INTO oid_users (uid) VALUES ('$uid')");
// Piškotek za cca. 10 let, da mu naslednjić ponudimo prijavno
global $cookie_domain;
setcookie('external-login', '1', time()+280000000, '/', $cookie_domain);
// prijavi
$this->userLogin();
}
}
}
// Prijavi userja v 1ko z FB racunom (kopirano iz ProfileClass.php) - PRETESTIRATI
private function userLoginFacebook()
{
global $cookie_path;
if ($r = file_get_contents("https://graph.facebook.com/v2.9/oauth/access_token?client_id=".AppSettings::getInstance()->getSetting('facebook-appid')."&redirect_uri=https://www.1ka.si/frontend/api/fb_login.php&client_secret=".AppSettings::getInstance()->getSetting('facebook-appsecret')."&code=".$_GET['code'])) {
$at = json_decode($r);
$user = json_decode(file_get_contents('https://graph.facebook.com/me?fields=email,first_name,last_name&access_token='.$at->{'access_token'}));
if (!isset ($user->email) && isset ($user->name)) {
$user->email = str_replace(" ", ".",
$user->first_name.".".$user->last_name)."@facebook.com";
}
$old_email = str_replace(" ", ".", $user->first_name.".".$user->last_name)."@facebook.com";
$old_email = str_replace([" ", "č", "ć", "Č", "Ć", "ž", "Ž", "š", "Š", "đ", "Đ"], [".", "c", "c", "C", "C", "z", "Z", "s", "S", "d", "D"], $old_email);
// preveri email, ce ga imas v bazi:
if (isset ($user->email) && $user->email != '') {
$obstaja_user_id = User::findByEmail(str_replace("'",'', $user->email));
$result = sisplet_query("select u.name, u.surname, f.id, u.id, u.pass FROM users u, fb_users f WHERE u.id=f.uid AND u.id='".$obstaja_user_id."'");
if (mysqli_num_rows($result) == 0) {
$obstaja_user_id_old_email = User::findByEmail(str_replace("'",'', $old_email));
$result2 = sisplet_query("select u.id FROM users u LEFT JOIN fb_users f on (u.id=f.uid) where u.id='".$obstaja_user_id_old_email."'");
if (mysqli_num_rows($result2) > 0) {
$r2 = mysqli_fetch_row($result2);
$real_id = User::findByEmail($user->email);
if (!empty($real_id)) {
// moramo popravljati IDje in jebat ježa
// iz "pravega" skopiram geslo na "fb", "fb" popravim v pravega in pravega dizejblam. In iz pravega vse srv_dpstop popravim na "fb"
sisplet_query("UPDATE users a, users b SET a.pass=b.pass WHERE a.email='".str_replace("'",
'',
$old_email)."' AND b.email='".str_replace("'",
'', $user->email)."'");
sisplet_query("UPDATE users SET email=CONCAT('D3LMD-' , email) WHERE email='".str_replace("'",
'', $user->email)."'");
if ($real_id[0] > 0 && $r2[0] > 0) {
sisplet_query("UPDATE srv_dostop SET uid=".$r2[0]." WHERE uid=".$real_id[0]);
}
}
sisplet_query("UPDATE users SET email='".str_replace("'",
'', $user->email)."' WHERE id='".$r2[0]."'");
}
}
$result = sisplet_query("select u.name, u.surname, IF(ISNULL(f.id),'0',f.id), u.id, u.pass FROM users u LEFT JOIN fb_users f on (u.id=f.uid) where u.id='".$obstaja_user_id."'");
// je noter, preveri ce je v FB (podatki, podatki!)
if (mysqli_num_rows($result) > 0) {
$r = mysqli_fetch_row($result);
if ($r[2] != '0') {
// samo prijavi
$this->EncPass = $r[4];
$this->email = str_replace(" ", ".", $user->email);
$this->userLogin();
} else {
// dodaj FB podatke in prijavi
if (isset ($user->first_name)) {
$fn = $user->first_name;
} else {
$fn = $r[0];
}
if (isset ($user->last_name)) {
$ln = $user->last_name;
} else {
$ln = $r[1];
}
if (isset ($user->gender)) {
$gn = $user->gender;
} else {
$gn = '';
}
if (isset ($user->profile_link)) {
$pl = $user->profile_link;
} else {
$pl = '';
}
if (isset ($user->timezone)) {
$tz = $user->timezone;
} else {
$tz = '';
}
sisplet_query("INSERT INTO fb_users (uid, first_name, last_name, gender, timezone, profile_link) VALUES ('".$r[3]."', '".$fn."', '".$ln."', '".$gn."', '".$tz."', '".$pl."')");
// Prijaviga :)
$this->EncPass = $r[4];
$this->email = $user->email;
$this->userLogin();
}
} else {
// registriraj, dodaj FB podatke in prijavi
// dodaj FB podatke in prijavi
if (isset ($user->first_name)) {
$fn = $user->first_name;
} else {
$fn = str_replace(" ", ".", $r[0]);
}
if (isset ($user->last_name)) {
$ln = $user->last_name;
} else {
$ln = $r[1];
}
if (isset ($user->gender)) {
$gn = $user->gender;
} else {
$gn = '';
}
if (isset ($user->profile_link)) {
$pl = $user->profile_link;
} else {
$pl = '';
}
if (isset ($user->timezone)) {
$tz = $user->timezone;
} else {
$tz = '';
}
// geslo med 00000 in zzzzz
$this->pass = base_convert(mt_rand(0x19A100, 0x39AA3FF), 10, 36);
$this->EncPass = base64_encode((hash('SHA256', $this->pass.$pass_salt)));
$this->email = str_replace([" ", "č", "ć", "Č", "Ć", "ž", "Ž", "š", "Š", "đ", "Đ"], [".", "c", "c", "C", "C", "z", "Z", "s", "S", "d", "D"], $user->email);
sisplet_query("INSERT INTO users (name, surname, email, pass, when_reg) VALUES ('".$fn."', '".$ln."', '".iconv('utf-8', 'iso-8859-2//TRANSLIT', $this->email)."', '".$this->EncPass."', NOW())");
$uid = mysqli_insert_id($GLOBALS['connect_db']);
sisplet_query("INSERT INTO fb_users (uid, first_name, last_name, gender, timezone, profile_link) VALUES ('".$uid."', '".$fn."', '".$ln."', '".$gn."', '".$tz."', '".$pl."')");
// Piškotek za cca. 10 let, da mu naslednjić ponudimo prijavno
global $cookie_domain;
setcookie('external-login', '1', time()+280000000, '/', $cookie_domain);
// prijavi
$this->userLogin();
}
}
}
}
// Prijavi userja v 1ko preko AAI racuna (kopirano iz ProfileClass.php - eduroamAnotherServerLogin()) - PRETESTIRATI
function userLoginAAI()
{
global $pass_salt;
global $cookie_domain;
global $site_url;
// Popravimo string iz geta, ker ima nekje + namesto space
$repaired_string = str_replace(' ', '+', $_GET['s']);
// malo manj varno, ampak bo OK.
$klobasa = base64_decode($repaired_string);
// Dobimo array parametrov iz get-a
$data = explode("|", $klobasa);
// Pridobimo maile - mozno da jih je vec, potem vzamemo prvega
$mails = explode(";", $data[0]);
sort($mails);
$mail = $mails[0];
// Pridobimo aai (shibboleth) "uuid"
$aai_id = $data[1];
$ime = $data[2];
$priimek = $data[3];
$njegova = $data[4];
$moja = $data[5];
// Preverimo ce ima veljaven token (najprej pobrisemo stare)
sisplet_query("DELETE FROM aai_prenosi WHERE timestamp < (UNIX_TIMESTAMP() - 600);");
$res = sisplet_query("SELECT * FROM aai_prenosi WHERE moja='".$moja."' AND njegova='".$njegova."'");
if (mysqli_num_rows($res) > 0) {
$pass = base64_encode((hash('SHA256', "e5zhbWRTEGW&u375ejsznrtztjhdtz%WZ&".$pass_salt)));
// Preverimo ce obstaja user v bazi
$user_id_1ka = User::findByEmail_AAI($mail, $aai_id);
if (empty($user_id_1ka)) {
// Nastavimo pass
$pass = base64_encode(hash('SHA256', "e5zhbWRTEGW&u375ejsznrtztjhdtz%WZ&".$pass_salt));
// dodaj ga v bazo
sisplet_query("INSERT INTO users (email, aai_id, name, surname, type, pass, eduroam, when_reg) VALUES ('$mail', '$aai_id', '$ime', '$priimek', '3', '".$pass."', '1', NOW())");
// Pridobimo id dodanega userja
$user_id = mysqli_insert_id($GLOBALS['connect_db']);
}
else {
// potegni geslo in mu daj kuki
$result = sisplet_query("SELECT pass, email FROM users WHERE id='".$user_id_1ka."'");
$r = mysqli_fetch_row($result);
$pass = $r[0];
$mail = $r[1];
$user_id = $user_id_1ka;
}
$result = sisplet_query("SELECT value FROM misc WHERE what='CookieLife'");
$row = mysqli_fetch_row($result);
$LifeTime = $row[0];
// Zlogiramo login
sisplet_query("UPDATE users SET last_login=NOW() WHERE id='".$user_id."'");
// določi še, od kje se je prijavil
$hostname = "";
$headers = apache_request_headers();
if (array_key_exists('X-Forwarded-For', $headers)) {
$hostname = $headers['X-Forwarded-For'];
} else {
$hostname = $_SERVER["REMOTE_ADDR"];
}
sisplet_query("INSERT INTO user_login_tracker (uid, IP, kdaj) VALUES ('".$user_id."', '".$hostname."', NOW())");
setcookie("uid", base64_encode($mail), time() + $LifeTime, '/', $cookie_domain);
setcookie("secret", $pass, time() + $LifeTime, '/', $cookie_domain);
setcookie("unam", base64_encode($ime.' '.$priimek),time() + $LifeTime, '/', $cookie_domain);
// moram vedeti, da je AAI!
setcookie("aai", '1', time() + $LifeTime, '/', $cookie_domain);
// Piškotek za cca. 10 let, da mu naslednjić ponudimo prijavno
setcookie('external-login', '1', time()+280000000, '/', $cookie_domain);
// Vse je ok - prijavljenega preusmerimo na moje ankete
header('location: '.$site_url.'admin/survey/index.php?l=1');
die();
}
else {
header('location: '.$site_url);
die();
}
}
// Odjavi userja iz 1ke (kopirano iz ProfileClass.php)
private function userLogout(){
global $site_url;
global $cookie_domain;
global $global_user_id;
if($this->method == 'AJAX') {
$domene[] = $cookie_domain;
if(substr_count($cookie_domain, '.') > 1){
$domene[] = substr($cookie_domain, strpos($cookie_domain, '.') + 1);
}
foreach($domene as $key => $domena) {
$piskotek['uid_'.$key] = [
'ime' => 'uid',
'vrednost' => '',
'opcije' => [
'expires' => time() - 3600,
'path' => '/',
'domain' => $domena
]
];
$piskotek['unam_'.$key] = [
'ime' => 'unam',
'vrednost' => '',
'opcije' => [
'expires' => time() - 3600,
'path' => '/',
'domain' => $domena
]
];
$piskotek['secret_'.$key] = [
'ime' => 'secret',
'vrednost' => '',
'opcije' => [
'expires' => time() - 3600,
'path' => '/',
'domain' => $domena
]
];
}
return $this->ajaxResponse('success', [
'url' => $site_url,
'piskotek' => $this->cookieEncode($piskotek)
]);
}
setcookie('uid', '', time() - 3600, '/', $cookie_domain);
setcookie('unam', '', time() - 3600, '/', $cookie_domain);
setcookie('secret', '', time() - 3600, '/', $cookie_domain);
setcookie('ME', '', time() - 3600, '/', $cookie_domain);
setcookie('P', '', time() - 3600, '/', $cookie_domain);
setcookie("AN", '', time() - 3600, '/', $cookie_domain);
setcookie("AS", '', time() - 3600, '/', $cookie_domain);
setcookie("AT", '', time() - 3600, '/', $cookie_domain);
setcookie("DP", $p, time() - 3600 * 24 * 365, "/", $cookie_domain);
setcookie("DC", $p, time() - 3600 * 24 * 365, "/", $cookie_domain);
setcookie("DI", $p, time() - 3600 * 24 * 365, "/", $cookie_domain);
setcookie("SO", $p, time() - 3600 * 24 * 365, "/", $cookie_domain);
setcookie("SPO", $p, time() - 3600 * 24 * 365, "/", $cookie_domain);
setcookie("SL", $p, time() - 3600 * 24 * 365, "/", $cookie_domain);
// pobrisi se naddomeno! (www.1ka.si naj pobrise se 1ka.si)
if (substr_count($cookie_domain, ".") > 1) {
$nd = substr($cookie_domain, strpos($cookie_domain, ".") + 1);
setcookie('uid', '', time() - 3600, '/', $nd);
setcookie('unam', '', time() - 3600, '/', $nd);
setcookie('secret', '', time() - 3600, '/', $nd);
setcookie('ME', '', time() - 3600, '/', $nd);
setcookie('P', '', time() - 3600, '/', $nd);
setcookie("AN", '', time() - 3600, '/', $nd);
setcookie("AS", '', time() - 3600, '/', $nd);
setcookie("AT", '', time() - 3600, '/', $nd);
setcookie("DP", $p, time() - 3600 * 24 * 365, "/", $nd);
setcookie("DC", $p, time() - 3600 * 24 * 365, "/", $nd);
setcookie("DI", $p, time() - 3600 * 24 * 365, "/", $nd);
setcookie("SO", $p, time() - 3600 * 24 * 365, "/", $nd);
setcookie("SPO", $p, time() - 3600 * 24 * 365, "/", $nd);
setcookie("SL", $p, time() - 3600 * 24 * 365, "/", $nd);
}
// Ce gre za arnes aai odjavo odjavimo posebej
if (isAAI()){
setcookie("aai", '', time() - 3600, '/', $cookie_domain);
header('location: '.$site_url.'/logout_AAI.php?return='.$site_url);
die();
}
header('Location:'.$site_url);
}
// Registrira userja v 1ko - vnos podatkov
private function userRegister()
{
$error = [];
$email = (isset($this->data['email'])) ? $this->data['email'] : '';
$ime = (isset($this->data['ime'])) ? $this->data['ime'] : '';
$geslo = (isset($this->data['geslo'])) ? $this->data['geslo'] : '';
$geslo2 = (isset($this->data['geslo2'])) ? $this->data['geslo2'] : '';
$agree = (isset($this->data['agree'])) ? $this->data['agree'] : '0';
$gdprAgree = (isset($this->data['gdpr-agree'])) ? $this->data['gdpr-agree'] : '0';
$ajaxKlic = (isset($this->data['ajax'])) ? $this->data['ajax'] : '0'; // Če izvajamo registracjo preko drupala, ker se pošlje post request preko ajaxa
$varnostno_polje = (isset($this->data['varnostno-polje'])) ? $this->data['varnostno-polje'] : false;
if (!empty($varnostno_polje)) {
if($this->method == 'AJAX'){
return $this->ajaxResponse('error', [
'url' => $this->page_urls['page_robot_redirect'],
'message' => 'Robot'
]);
} else {
header('Location: ' . $this->page_urls['page_robot_redirect']);
die();
}
}
// Preverimo ReCaptcha
if (AppSettings::getInstance()->getSetting('google-secret_captcha') !== false) {
$recaptchaResponse = $this->data['g-recaptcha-response'];
$requestReCaptcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . AppSettings::getInstance()->getSetting('google-secret_captcha') . '&response=' . $recaptchaResponse);
if (!strstr($requestReCaptcha, 'true')) {
$error['invalid_recaptcha'] = '1';
}
}
// Preverimo ce imamo vse podatke
if ($email == '') {
$error['missing_email'] = '1';
}
if ($ime == '') {
$error['missing_ime'] = '1';
}
if ($agree == '0') {
$error['missing_agree'] = '1';
}
// Preverimo ce je email ok
if (!validEmail($email)) {
$error['invalid_email'] = '1';
}
// Preverimo ce sta gesla enaka
if ($geslo != $geslo2) {
$error['pass_mismatch'] = '1';
}
// Preverimo ce je geslo dovolj kompleksno
if (!complexPassword($geslo)) {
$error['pass_complex'] = '1';
}
// Preverimo ce ze obstaja ime in vrnemo predlog za novo
$sql = sisplet_query("SELECT * from users WHERE name='".$ime."'");
if (mysqli_num_rows($sql) > 0) {
$error['existing_ime'] = '1';
$najdu = 0;
$add = 0;
if($ime != ''){
do {
$add++;
$sqln = sisplet_query("SELECT * from users WHERE name='".str_replace("'",
"", $ime).$add."'");
if (mysqli_num_rows($sqln) == 0) {
$najdu = 1;
}
} while ($najdu = 0);
// Novo ime ki ga predlagamo
$ime = $ime.$add;
$error['new_username'] = $ime;
}
}
// Preverimo ce ze obstaja email
if (!unikatenEmail($email)) {
$error['existing_email'] = '1';
}
// Nekaj ni ok - posljemo na isto stran z errorji v GET-u
if (!empty($error)) {
if($ajaxKlic){
return $this->ajaxResponse('error', $this->preveriNapake($error));
}
// Ime in email posljemo nazaj v urlju
$params = 'email='.$email.'&ime='.$ime.'&gdpr='.$gdprAgree.'&';
// Errorje tudi posljemo preko GET-a
foreach ($error as $key => $val) {
$params .= $key.'='.$val.'&';
}
$params = substr($params, 0, -1);
header('Location: '.$this->page_urls['page_register'].'&'.$params);
die();
} // Vse je ok - preusmerimo na potrditveno stran
else {
if($ajaxKlic || $this->method == 'AJAX'){
return $this->ajaxResponse('success');
}
// Hidden form, ki ga z js potem postamo naprej (da prenesemo vnesene podatke na naslednjo stran)
echo '<form name="register" action="'.$this->page_urls['page_register_confirm'].'" method="post">';
echo ' <input type="hidden" name="email" value="'.$email.'" />';
echo ' <input type="hidden" name="ime" value="'.$ime.'" />';
echo ' <input type="hidden" name="gdpr-agree" value="'.$gdprAgree.'" />';
//echo ' <input type="hidden" name="geslo" value="'.base64_encode($geslo).'" />';
echo ' <input type="hidden" name="geslo" value="'.$geslo.'" />';
echo '</form>';
// Z js potem postamo na naslednjo stran
echo '<script type="text/javascript">';
echo ' document.register.submit();';
echo '</script>';
/*header('Location: '.$this->page_urls['page_register_confirm']);
@smalc.s;*/
}
}
private function preveriNapake($parametri)
{
// Nastavimo jezik
$language = 1;
if(isset($this->data['language'])){
$language = $this->data['language'];
}
elseif(isset($this->data['jezik'])){
$language = ($this->data['jezik'] == 'en' ? 2 : 1);
}
if(is_numeric($language)){
include('../../lang/'.$language.'.php');
}
$napaka = [];
// Napaka pri emailu in opozorilo
$error_email = FALSE;
if (!empty($parametri['missing_email']) && $parametri['missing_email'] == 1) {
$error_email = TRUE;
$napaka[] = $lang['cms_error_missing_email'];
} elseif (!empty($parametri['invalid_email']) && $parametri['invalid_email'] == 1) {
$error_email = TRUE;
$napaka[] = $lang['cms_error_email'];
} elseif (!empty($parametri['existing_email']) && $parametri['existing_email'] == 1) {
$error_email = TRUE;
$napaka[] = str_replace("RESTORE_PASSWORD",
"/frontend/api/api.php?action=reset_password&email=" . $parametri['email'],
$lang['cms_error_email_took']);
}
// Napaka pri imenu
$error_ime = FALSE;
if (!empty($parametri['missing_ime']) && $parametri['missing_ime'] == 1) {
$error_ime = TRUE;
$napaka[] = $lang['cms_error_user_field_empty'];
} elseif (!empty($parametri['existing_ime']) && $parametri['existing_ime'] == 1) {
$error_ime = TRUE;
$napaka[] = $lang['cms_error_user_took'];
$new_username = $parametri['new_username'];
}
// Recaptcha error
$error_recaptcha = FALSE;
if (!empty($parametri['invalid_recaptcha']) && $parametri['invalid_recaptcha'] == 1) {
$error_recaptcha = TRUE;
$napaka[] = $lang['cms_error_recaptcha'];
}
// Napaka pri napačno vpisanih geslih
$error_geslo = FALSE;
if (!empty($parametri['pass_mismatch']) && $parametri['pass_mismatch'] == 1) {
$error_geslo = TRUE;
$napaka[] = $lang['cms_error_password_incorrect'];
}
// Geslo ni dovolj kompleksno
if (!$error_geslo && !empty($parametri['pass_complex']) && $parametri['pass_complex'] == 1) {
$error_geslo = TRUE;
$napaka[] = $lang['password_err_complex'];
}
return [
'napaka' => $napaka,
'error_geslo' => $error_geslo,
'error_ime' => $error_ime,
'error_email' => $error_email,
'error_recaptcha' => $error_recaptcha,
'new_username' => $new_username ?? ''
];
}
// Registrira userja v 1ko - potrditev podatkov za registracijo (vnos userja v bazo v tabelo users_to_be) in posiljanje potrditvenega maila
private function userRegisterConfirm()
{
global $site_url;
global $site_path;
global $site_domain;
global $pass_salt;
global $lang;
$email = (isset($this->data['email']) ? $this->data['email'] : '');
$ime = (isset($this->data['ime']) ? $this->data['ime'] : '');
//$geslo = (isset($this->data['geslo']) ? base64_decode($this->data['geslo']) : '');
$geslo = (isset($this->data['geslo']) ? $this->data['geslo'] : '');
$gdprAgree = (isset($this->data['gdpr-agree']) ? $this->data['gdpr-agree'] : 0);
$ajax = (isset($this->data['ajax']) ? $this->data['ajax'] : 0); // če je Drupal ajax request
// Nastavimo jezik
$language = 1;
if(isset($this->data['language'])){
$language = $this->data['language'];
}
elseif(isset($this->data['jezik'])){
$language = ($this->data['jezik'] == 'en' ? 2 : 1);
}
if(is_numeric($language)){
include('../../lang/'.$language.'.php');
}
$kdaj = date('Y-m-d');
$g = base64_encode($geslo);
if (strlen($ime) < 1) {
$afna = strpos($email, "@");
$ime = substr($email, 0, $afna);
}
$priimek = '';
// Ce imamo vklopljeno potrjevanje urednika aplikacije ga potrdi admin
if (AppSettings::getInstance()->getSetting('confirm_registration') === true)
$status = 2;
else
$status = 1;
// Zakaj je bilo prej vedno status 2? Ker to pomeni, da ni aktiviran in se ne more prijaviti!
//$status = 2;
// Email potrjevanje - vedno aktivirano
// naredi link za aktivacijo
$code = base64_encode((hash('SHA256', time().$pass_salt.$email.$ime)));
// Dodatno preverimo ce imamo vse podatke da ne morejo spamati - dodatno varnostno
if ($email == '' || !validEmail($email) || $ime == '' || $g == '') {
die();
}
// Vstavimo novega userja v users_to_be kjer caka na aktivacijo
$result = sisplet_query("INSERT INTO users_to_be
(type, email, name, surname, pass, status, gdpr_agree, when_reg, came_from, timecode, code, lang)
VALUES
('3', '".$email."', '".$ime."', '".$priimek."', '".$g."', '".$status."', '".$gdprAgree."','".$kdaj."', '0', '".time()."', '".$code."', '".$language."')
");
$id = mysqli_insert_id($GLOBALS['connect_db']);
// Sestavimo mail z aktivacijsko kodo
$Content = $lang['confirm_user_mail'];
// Podpis
$signature = Common::getEmailSignature();
$Content .= $signature;
// Text ignorirajte sporocilo
$Content .= $lang['confirm_user_mail_ignore'];
// Ce gre slucajno za virutalko
$Subject = (isVirtual()) ? $lang['confirm_user_mail_subject_virtual'] : $lang['confirm_user_mail_subject'];
// Ce mora admin potrditi dobi email admin in ne uporabnik!
if(AppSettings::getInstance()->getSetting('confirm_registration') === true){
// Popravimo besedilo emaila
$Content = $lang['confirm_user_mail_admin'];
}
$PageName = AppSettings::getInstance()->getSetting('app_settings-app_name');
$ZaMail = '<!DOCTYPE HTML PUBLIC"-//W3C//DTD HTML 4.0 Transitional//EN">'.'<html><head> <title>'.$Subject.'</title><meta content="text/html; charset=utf-8" http-equiv=Content-type></head><body>';
// Besedilo v lang dilu je potrebno popravit, ker nimamo vec cel kup parametrov
$Content = str_replace("SFMAIL", $email, $Content);
$Content = str_replace("SFNAME", $ime.' '.$priimek, $Content);
$Content = str_replace("SFPASS", "( ".strtolower($lang['srv_hidden_text'])." )", $Content);
$Content = str_replace("SFPAGENAME", $PageName, $Content);
$Content = str_replace("SFACTIVATEIN", '<a href="'.$site_url.'frontend/api/api.php?action=register_activate&amp;code='.$code.'&amp;id='.$id.'">', $Content);
$Content = str_replace("SFACTIVATEOUT", '</a>', $Content);
$Content = str_replace("SFEND", '</a>', $Content);
$Subject = str_replace("SFPAGENAME", $PageName, $Subject);
// Ce gre slucajno za virutalko
if(isVirtual())
$Subject = str_replace("SFVIRTUALNAME", $site_domain, $Subject);
$ZaMail .= $Content;
$ZaMail .= "</body></html>";
// Za testiranje brez posiljanja maila
if(isDebug()) {
return $this->ajaxResponse('success',['mail' => $ZaMail, 'code' => $code]);
echo $ZaMail;
die();
}
// Posljemo mail z linkom za aktivacijo racuna
try{
$MA = new MailAdapter(null, 'account');
// Ce mora admin potrditi, posljemo njemu mail
if(AppSettings::getInstance()->getSetting('confirm_registration') === true){
$confirm_registration_admin = AppSettings::getInstance()->getSetting('confirm_registration_admin');
if(is_array($confirm_registration_admin)){
// Mail posljemo vsem nastavljenim adminom
foreach($confirm_registration_admin as $admin_email){
$MA->addRecipients($admin_email);
$result = $MA->sendMail($ZaMail, $Subject);
}
}
else{
$MA->addRecipients($confirm_registration_admin);
$result = $MA->sendMail($ZaMail, $Subject);
}
}
else{
$MA->addRecipients($email);
$result = $MA->sendMail($ZaMail, $Subject);
}
}
catch (Exception $e){
}
if($ajax || $this->method == 'AJAX'){
return $this->ajaxResponse('success');
}
// Preko GET parametra pošljemo email za prikaz sporočilo, kam je bil poslan email za aktivacijo registracije
$email = urlencode(base64_encode($email));
// redirect po uspešni registraciji in poslanem emailu
header('location: '.$this->page_urls['page_register_emailSend'].'&e='.$email);
}
// Po poslanem mailu po registraciji, user klikne na url in ga aktiviramo (kopiramo iz tabele users_to_be v tabelo users)
private function userRegisterActivate()
{
global $lang;
global $site_url;
global $site_path;
global $site_domain;
global $pass_salt;
global $cookie_domain;
if (!isset ($_GET['code'])) {
echo $lang['reg_confirm_error'];
}
else {
$code = $_GET['code'];
$id = $_GET['id'];
$result = sisplet_query("SELECT type, email, name, surname, pass, status, gdpr_agree, when_reg, came_from, lang
FROM users_to_be
WHERE code='".$code."' AND id='".$id."'");
if (mysqli_num_rows($result) > 0) {
$r = mysqli_fetch_assoc($result);
$geslo2 = base64_decode($r['pass']);
$g = base64_encode((hash('SHA256', base64_decode($r['pass']).$pass_salt)));
sisplet_query("INSERT INTO users
(type, email, name, surname, pass, status, gdpr_agree, when_reg, came_from, lang)
VALUES
('".$r['type']."', '".$r['email']."', '".$r['name']."', '".$r['surname']."', '".$g."', '".$r['status']."', '".$r['gdpr_agree']."', '".$r['when_reg']."', '".$r['came_from']."', '".$r['lang']."')");
sisplet_query("DELETE FROM users_to_be WHERE id='$id'");
$email = $r['email'];
$pass = $r['pass'];
$ime = $r['name'];
$PageName = AppSettings::getInstance()->getSetting('app_settings-app_name');
include_once('../../lang/'.$r['lang'].'.php');
$Content = $lang['confirm_user_content'];
$Subject = $lang['confirm_user_subject'];
// Ce je ga moramo po registraciji odobriti dobi drugacno sporocilo
if (AppSettings::getInstance()->getSetting('confirm_registration') === true){
$UserContent = $lang['register_user_banned_content'];
}
else{
$UserContent = $lang['register_user_content'];
}
// Podpis
$signature = Common::getEmailSignature();
$UserContent .= $signature;
$UserContent .= $lang['register_user_content_edit'];
$change = '<a href="'.$site_url.'admin/survey/index.php?a=nastavitve&m=global_user_myProfile">';
$out = '<a href="'.$this->page_urls['page_unregister'].'?email='.$email.'">';
// Ce gre slucajno za virtualko
$Subject = (isVirtual()) ? $lang['register_user_subject_virtual'] : $lang['register_user_subject'];
$UserContent = str_replace("SFNAME", $ime, $UserContent);
$UserContent = str_replace("SFMAIL", $email, $UserContent);
$UserContent = str_replace("SFWITH", $email, $UserContent);
$UserContent = str_replace("SFPAGENAME", $PageName, $UserContent);
$UserContent = str_replace("SFCHANGE", $change, $UserContent);
$UserContent = str_replace("SFOUT", $out, $UserContent);
$UserContent = str_replace("SFEND", '</a>', $UserContent);
$Subject = str_replace("SFPAGENAME", $PageName, $Subject);
// Ce gre slucajno za virtualko
if(isVirtual())
$Subject = str_replace("SFVIRTUALNAME", $site_domain, $Subject);
if ($geslo2 == "") {
$UserContent = str_replace("SFPASS", "( ".$lang['without']." ) ", $UserContent);
} else {
$UserContent = str_replace("SFPASS", "( ".strtolower($lang['srv_hidden_text'])." )", $UserContent);
}
if ($ime == "") {
$UserContent = str_replace("SFNAME", $lang['mr_or_mrs'], $UserContent);
} else {
$UserContent = str_replace("SFNAME", $ime, $UserContent);
}
$UserContent = str_replace("SFWITH", $emailZaNaprej, $UserContent);
$ZaMail = '<!DOCTYPE HTML PUBLIC"-//W3C//DTD HTML 4.0 Transitional//EN">'.'<html><head><title>'.$Subject.'</title><meta content="text/html; charset=utf-8" http-equiv=Content-type></head><body>';
$ZaMail .= $UserContent;
if(isDebug()){
echo $ZaMail;
die();
}
if (strpos($email, "@") && strpos($email, "@") != 0) {
try{
$MA = new MailAdapter(null, 'account');
$MA->addRecipients($email);
$result = $MA->sendMail($ZaMail, $Subject);
}
catch (Exception $e){
}
}
// Ce imamo vklopljeno potrjevanje urednika aplikacije je to izvedel admin in ne prijavljamo
if (AppSettings::getInstance()->getSetting('confirm_registration') !== true){
// določi še, od kje se je prijavil
$hostname = "";
$headers = apache_request_headers();
if (array_key_exists('X-Forwarded-For', $headers)) {
$hostname = $headers['X-Forwarded-For'];
} else {
$hostname = $_SERVER["REMOTE_ADDR"];
}
// Dobimo id userja s tem emailom
$user_id = User::findByEmail($email);
// Zabelezimo datum prijave
sisplet_query("INSERT INTO user_login_tracker (uid, IP, kdaj) VALUES ('".$user_id."', '".$hostname."', NOW())");
sisplet_query("UPDATE users SET last_login=NOW() WHERE id='".$user_id."'");
setcookie('uid', base64_encode($email), time() + 360000000, '/', $cookie_domain);
setcookie("unam", base64_encode($r['name'].' '.$r['surname']),time() + 360000000, '/', $cookie_domain);
setcookie('secret', $g, time() + 360000000, '/', $cookie_domain);
// redirect po potrditvi maila.
header('location: '.$this->page_urls['page_register_activate']);
}
else{
echo $lang['user_confirm_p_admin_success'];
}
}
}
}
private function userActivateAlternativEmail()
{
global $lang;
if (!isset ($_GET['enc'])) {
echo $lang['alternative_email_confirm_error'];
} else {
parse_str(base64_decode($_GET['enc']), $param);
$poizvedba = "SELECT email, user_id FROM users_to_be WHERE code='".$param['code']."' AND id='".$param['id']."'";
global $global_user_id;
if(!empty($global_user_id))
$poizvedba .= " AND user_id='".$global_user_id."'";
$result = sisplet_query($poizvedba, "obj");
if (!empty($result) && validEmail($result->email)) {
$vpis = User::getInstance($result->user_id)->insertAlternativeEmail($result->email);
if($vpis) {
sisplet_query("DELETE FROM users_to_be WHERE id='".$param['id']."'");
$uporabnik = sisplet_query("SELECT email, pass FROM users WHERE id='".$result->user_id."'",
"obj");
setcookie('uid', base64_encode($uporabnik->email),
time() + 360000000, '/', $cookie_domain);
setcookie('secret', $uporabnik->pass, time() + 360000000,
'/', $cookie_domain);
}
header('location: '.$this->page_urls['page_register_activate']);
}else {
header('location: '.$this->page_urls['page_main']);
}
}
}
// Po kliku na odjava v mailu uporabnika odregistriramo - PRETESTIRATI
private function userUnregisterConfirm()
{
global $site_url;
global $site_path;
global $lang;
global $global_user_id;
global $cookie_domain;
$email = $global_user_id;
if (isset($_GET['email'])) {
$email = strtolower($_GET['email']);
if (is_numeric($email)) {
$result = sisplet_query("SELECT email FROM users WHERE id='$email'");
$r = mysqli_fetch_row($result);
$email = $r[0];
}
}
$ByeEmail = '<p>Spoštovani,</p><p>Uspešno ste se odjavili iz spletnega mesta www.1ka.si.</p><p>Veseli nas, da ste preizkusili orodje 1ka.</p><p>SFPAGENAME ekipa</p>';
$ByeEmailSubject = 'Uspešna odjava';
$result = sisplet_query("SELECT name FROM users WHERE email='$email'");
[$ime] = mysqli_fetch_row($result);
$PageName = AppSettings::getInstance()->getSetting('app_settings-app_name');
$ByeEmail = str_replace("SFPAGENAME", $PageName, $ByeEmail);
if (strlen($ime) > 2) {
$ByeEmail = str_replace("SFNAME", $ime, $ByeEmail);
}
else {
$ByeEmail = str_replace("SFNAME", $lang[mr_or_mrs], $ByeEmail);
}
$ByeEmailSubject = str_replace("SFPAGENAME", $PageName, $ByeEmailSubject);
if (strlen($ime) > 2) {
$ByeEmailSubject = str_replace("SFNAME", $ime, $ByeEmailSubject);
}
else {
$ByeEmailSubject = str_replace("SFNAME", $lang['mr_or_mrs'],
$ByeEmailSubject);
}
$result = sisplet_query("UPDATE users SET email=CONCAT('UNSU8MD-', UNIX_TIMESTAMP(), email) WHERE email='$email'");
setcookie('uid', '', time() - 3600, '/', $cookie_domain);
setcookie('secret', '', time() - 3600, '/', $cookie_domain);
if (substr_count($cookie_domain, ".") > 1) {
$nd = substr($cookie_domain, strpos($cookie_domain, ".") + 1);
setcookie('uid', '', time() - 3600, '/', $nd);
setcookie('secret', '', time() - 3600, '/', $nd);
}
if (strpos($email, "@") && strpos($email, "@") != 0) {
// Poslemo mail za uspesno odregistracijo
try{
$MA = new MailAdapter(null, 'account');
$MA->addRecipients($email);
$result = $MA->sendMail($ByeEmail, $ByeEmailSubject);
}
catch (Exception $e){
}
// Se obvestilo za admina
try{
$MA = new MailAdapter(null, 'account');
$MA->addRecipients($From);
$ByeEmail2 = $_lang['ByeNoteToAdmin'].$PageName." ".$email;
$result = $MA->sendMail($ByeEmail2, $lang['ByeNoteToAdminSubject']);
}
catch (Exception $e){
}
// Preusmerimo na stran potrditve
header('location: '.$this->page_urls['page_unregister_confirm']);
}
}
// Resetira geslo userja (kopirano iz ProfileClass.php) - PRETESTIRATI
private function userResetPassword()
{
global $lang;
global $site_url;
global $pass_salt;
global $site_path;
global $site_domain;
global $cookie_domain;
if (isset ($_GET['email']) || isset ($_POST['email']) || isset($this->email)) {
if (isset ($_GET['email'])) {
$email = strtolower($_GET['email']);
}
if (isset ($_POST['email'])) {
$email = strtolower($_POST['email']);
}
if (isset ($this->email)) {
$email = strtolower($this->email);
}
$email = CleanXSS($email);
// Ali gre za ajax klic
$ajaxKlic = false;
if(!empty($_POST['ajax']) || $this->method == 'AJAX'){
$ajaxKlic = true;
if($this->data['lang'] == 'en' || $this->data['jezik'] == 'en'){
include('../../lang/2.php');
}
else {
include('../../lang/1.php');
}
}
// Za simple frontend nastavimo jezik
elseif(isset($_GET['lang_id']) && is_numeric($_GET['lang_id'])){
include('../../lang/'.$_GET['lang_id'].'.php');
}
// Ce emaila ni v bazi
$user_id_1ka = User::findByEmail($email);
if (empty($user_id_1ka)) {
if($ajaxKlic || $this->method == 'AJAX'){
return $this->ajaxResponse('error', ['text' => $lang['cms_error_no_email']]);
}else {
header('location: '.$this->page_urls['page_login_noEmail'.$this->prijava].'&email='.$email);
}
die();
} else {
$result = sisplet_query("SELECT name, pass, surname FROM users WHERE id='".$user_id_1ka."'");
[$ime, $geslo, $priimek] = mysqli_fetch_row($result);
}
// Novo geslo sestavis iz dveh nakljucnih besed + stevilke
include($site_path.'lang/words_'.$lang['language_short'].'.php');
$geslo = strtolower($words[rand(0, 999)].rand(0, 9).$words[rand(0, 999)]);
// passhint je parameter v linku ki ga skombiniras skupaj z emailom in mu potem aktiviras novo geslo
$passhint = base64_encode((hash('SHA256', time().$pass_salt)));
$chk = sisplet_query("SELECT id FROm users WHERE email='$email' AND UNIX_TIMESTAMP(NOW())-LastLP>600");
if (mysqli_num_rows($chk) > 0) {
$result = sisplet_query("UPDATE users SET LastLP=UNIX_TIMESTAMP(NOW()), lost_password='".base64_encode((hash(SHA256, $geslo.$pass_salt)))."', lost_password_code='$passhint' WHERE email='$email'");
// Ce gre slucajno za virtualko
$Subject = (isVirtual()) ? $lang['lost_pass_subject_virtual'] : $lang['lost_pass_subject'];
$Content = $lang['lost_pass_mail'];
$PageName = AppSettings::getInstance()->getSetting('app_settings-app_name');
$ZaMail = '<!DOCTYPE HTML PUBLIC"-//W3C//DTD HTML 4.0 Transitional//EN">'.'<html><head> <title>'.$Subject.'</title><meta content="text/html; charset=utf-8" http-equiv=Content-type></head><body>';
$change = '<a href="'.$site_url.'admin/survey/index.php?a=nastavitve&m=global_user_myProfile">';
$out = '<a href="'.$this->page_urls['page_unregister'].'&email='.$email.'">';
$Content = str_replace("SFMAIL", $email, $Content);
$Content = str_replace("SFNAME", $ime.' '.$priimek, $Content);
$Content = str_replace("SFPASS", $geslo, $Content);
$Content = str_replace("SFPAGENAME", $PageName, $Content);
$Content = str_replace("SFACTIVATEIN",
'<a href="'.$this->page_urls['page_reset_password_activate'].'&code='.$passhint. ($ajaxKlic ? '#aktivacija-gesla' : null).'">',
$Content);
$Content = str_replace("SFACTIVATEOUT", '</a>', $Content);
$Content = str_replace("SFCHANGE", $change, $Content);
$Content = str_replace("SFOUT", $out, $Content);
$Content = str_replace("SFEND", '</a>', $Content);
$Subject = str_replace("SFPAGENAME", $PageName, $Subject);
// Ce gre slucajno za virtualko
if(isVirtual())
$Subject = str_replace("SFVIRTUALNAME", $site_domain, $Subject);
if ($LoginWith == 1) {
$Content = str_replace("SFWITH", $email, $Content);
}
else {
$Content = str_replace("SFWITH", $ime, $Content);
}
// Podpis
$signature = Common::getEmailSignature();
$Content .= $signature;
$ZaMail .= $Content;
$ZaMail .= "</body></html>";
if(isDebug()){
echo $ZaMail;
die();
}
try{
$MA = new MailAdapter(null, 'account');
$MA->addRecipients($email);
$result = $MA->sendMail($ZaMail, $Subject);
}
catch (Exception $e){
}
}
if($ajaxKlic || $this->method == 'AJAX'){
return $this->ajaxResponse('success', ['text' => $lang['lp_sent']]);
}else {
// Preusmerimo na stran potrditve
header('location: '.$this->page_urls['page_reset_password'].'&email='.$email);
}
} else {
header('location: '.$this->page_urls['page_login_noEmail'.$this->prijava].'&email='.$email);
}
}
// Aktivira resetirano geslo userja (kopirano iz ProfileClass.php) - PRETESTIRATI
private function userResetPasswordActivate()
{
global $lang;
global $site_url;
global $pass_salt;
global $cookie_domain;
$ajaxKlic = (!empty($_POST['ajax']) ? true : false);
if (isset($_POST['code']) && isset($_POST['email']) && isset($_POST['pass'])) {
$code = $_POST['code'];
$email = strtolower($_POST['email']);
$email = CleanXSS($_POST['email']);
$pass = $_POST['pass'];
$pass = CleanXSS($_POST['pass']);
$pass = base64_encode((hash('SHA256', $pass.$pass_salt)));
$result = sisplet_query("SELECT id, name, surname FROM users WHERE email='$email' AND lost_password='$pass' AND lost_password_code='$code'");
if (mysqli_num_rows($result) > 0) {
$r = mysqli_fetch_row($result);
$result = sisplet_query("UPDATE users SET pass='$pass', lost_password='', lost_password_code='' WHERE id='".$r[0]."'");
// kukiji
$result = sisplet_query("SELECT value FROM misc WHERE what='CookieLife'");
$row = mysqli_fetch_row($result);
$LifeTime = $row[0];
setcookie("uid", base64_encode($email), time() + $LifeTime, '/', $cookie_domain);
setcookie("secret", $pass, time() + $LifeTime, '/', $cookie_domain);
setcookie("unam", base64_encode($r[1].' '.$r[2]),time() + $LifeTime, '/', $cookie_domain);
if($ajaxKlic){
echo json_encode([
'type' => 'success',
'text' => $lang['you_can_change_pass_anytime'],
'action' => $site_url.'/admin/survey/'
]);
die();
}else {
// Preusmerimo na stran zahvale za spremembo gesla
header('location: ' . $this->page_urls['page_reset_password_activate'] . '&success=1');
}
} else {
if($ajaxKlic){
echo json_encode([
'type' => 'error',
'text' => $lang['cms_activation_link_expired_text']
]);
die();
}else {
// Preusmerimo nazaj na formo zaradi napake
header('location: ' . $this->page_urls['page_reset_password_activate'] . '&error=2');
}
}
} else {
// Preusmerimo nazaj na formo zaradi napake
header('location: '.$this->page_urls['page_reset_password_activate'].'&code='.$code.'&error=1');
}
}
private function ajaxResponse($type, $data = [])
{
echo json_encode([
'type' => $type,
'data' => $data
]);
die();
}
/*
* Kodiramo piškotek, ki ga posredujemo preko cUrl-ja
*/
private function cookieEncode(array $piskotek)
{
return base64_encode(serialize($piskotek));
}
}
Reference in New Issue View Git Blame Copy Permalink