-
Notifications
You must be signed in to change notification settings - Fork 289
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from dignajar/master
Update to v0.6 beta1
- Loading branch information
Showing
126 changed files
with
3,886 additions
and
4,212 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
<?php defined('BLUDIT') or die('Bludit CMS.'); | ||
|
||
// ============================================================================ | ||
// Check role | ||
// ============================================================================ | ||
|
||
if($Login->role()!=='admin') { | ||
Alert::set($Language->g('you-do-not-have-sufficient-permissions')); | ||
Redirect::page('admin', 'dashboard'); | ||
} | ||
|
||
// ============================================================================ | ||
// Functions | ||
// ============================================================================ | ||
|
||
// ============================================================================ | ||
// Main before POST | ||
// ============================================================================ | ||
|
||
// ============================================================================ | ||
// POST Method | ||
// ============================================================================ | ||
|
||
// ============================================================================ | ||
// Main after POST | ||
// ============================================================================ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
<?php defined('BLUDIT') or die('Bludit CMS.'); | ||
|
||
// ============================================================================ | ||
// Check role | ||
// ============================================================================ | ||
|
||
// ============================================================================ | ||
// Functions | ||
// ============================================================================ | ||
|
||
function checkPost($args) | ||
{ | ||
global $Security; | ||
global $Language; | ||
global $dbUsers; | ||
global $Site; | ||
|
||
if($Security->isBlocked()) { | ||
Alert::set($Language->g('IP address has been blocked').'<br>'.$Language->g('Try again in a few minutes')); | ||
return false; | ||
} | ||
|
||
// Remove illegal characters from email | ||
$email = Sanitize::email($args['email']); | ||
|
||
if(Valid::email($email)) | ||
{ | ||
// Get username associated to an email. | ||
$username = $dbUsers->getByEmail($email); | ||
if($username!=false) | ||
{ | ||
// Generate the token and the token expiration date. | ||
$token = $dbUsers->generateTokenEmail($username); | ||
|
||
// ---- EMAIL ---- | ||
$link = $Site->url().'admin/login-email?tokenEmail='.$token.'&username='.$username; | ||
$subject = $Language->g('BLUDIT Login access code'); | ||
$message = Text::replaceAssoc( | ||
array( | ||
'{{WEBSITE_NAME}}'=>$Site->title(), | ||
'{{LINK}}'=>'<a href="'.$link.'">'.$link.'</a>' | ||
), | ||
$Language->g('email-notification-login-access-code') | ||
); | ||
|
||
$sent = Email::send(array( | ||
'from'=>$Site->emailFrom(), | ||
'to'=>$email, | ||
'subject'=>$subject, | ||
'message'=>$message | ||
)); | ||
|
||
if($sent) { | ||
Alert::set($Language->g('check-your-inbox-for-your-login-access-code')); | ||
return true; | ||
} | ||
else { | ||
Alert::set($Language->g('There was a problem sending the email')); | ||
return false; | ||
} | ||
} | ||
} | ||
|
||
// Bruteforce protection, add IP to blacklist. | ||
$Security->addLoginFail(); | ||
Alert::set($Language->g('check-your-inbox-for-your-login-access-code')); | ||
|
||
return false; | ||
} | ||
|
||
function checkGet($args) | ||
{ | ||
global $Security; | ||
global $Language; | ||
global $Login; | ||
|
||
if($Security->isBlocked()) { | ||
Alert::set($Language->g('IP address has been blocked').'<br>'.$Language->g('Try again in a few minutes')); | ||
return false; | ||
} | ||
|
||
// Verify User sanitize the input | ||
if( $Login->verifyUserByToken($args['username'], $args['tokenEmail']) ) | ||
{ | ||
// Renew the tokenCRFS. This token will be the same inside the session for multiple forms. | ||
$Security->generateToken(); | ||
|
||
Redirect::page('admin', 'dashboard'); | ||
return true; | ||
} | ||
|
||
// Bruteforce protection, add IP to blacklist. | ||
$Security->addLoginFail(); | ||
return false; | ||
} | ||
|
||
// ============================================================================ | ||
// Main before POST | ||
// ============================================================================ | ||
|
||
// ============================================================================ | ||
// GET Method | ||
// ============================================================================ | ||
|
||
if( !empty($_GET['tokenEmail']) && !empty($_GET['username']) ) | ||
{ | ||
checkGet($_GET); | ||
} | ||
|
||
|
||
// ============================================================================ | ||
// POST Method | ||
// ============================================================================ | ||
|
||
if( $_SERVER['REQUEST_METHOD'] == 'POST' ) | ||
{ | ||
checkPost($_POST); | ||
} | ||
|
||
// ============================================================================ | ||
// Main after POST | ||
// ============================================================================ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.