Mixed fixes and refactoring

SSI.php

@@ -185,8 +185,9 @@
 // Do we allow guests in here?
 if (empty($ssi_guest_access) && empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && basename($_SERVER['PHP_SELF']) != 'SSI.php')
 {
-	require_once(SUBSDIR . '/Auth.subs.php');
-	KickGuest();
+	require_once(CONTROLLERDIR . '/Auth.controller.php');
+	$controller = new Auth_Controller();
+	$controller->action_kickguest();
 	obExit(null, true);
 }
 

install/upgrade.php

@@ -165,6 +165,7 @@
 	require_once(SUBSDIR . '/Cache.subs.php');
 	require_once(SOURCEDIR . '/Security.php');
 	require_once(SUBSDIR . '/Package.subs.php');
+	require_once(SUBSDIR . '/Util.class.php');
 
 	loadUserSettings();
 	loadPermissions();

sources/Dispatcher.class.php

@@ -77,15 +77,17 @@ public function __construct()
 			// "maintenance mode" page
 			else
 			{
-				$this->_file_name = SUBSDIR . '/Auth.subs.php';
-				$this->_function_name = 'InMaintenance';
+				$this->_file_name = CONTROLLERDIR . '/Auth.controller.php';
+				$this->_controller_name = 'Auth_Controller';
+				$this->_function_name = 'action_maintenance_mode';
 			}
 		}
 		// If guest access is disallowed, a guest is kicked out... politely. :P
 		elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_GET['action']) || !in_array($_GET['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'help', 'mailq', 'verificationcode', 'openidreturn'))))
 		{
-			$this->_file_name = SUBSDIR . '/Auth.subs.php';
-			$this->_function_name = 'KickGuest';
+			$this->_file_name = CONTROLLERDIR . '/Auth.controller.php';
+			$this->_controller_name = 'Auth_Controller';
+			$this->_function_name = 'action_kickguest';
 		}
 		elseif (empty($_GET['action']))
 		{

sources/Security.php

@@ -34,7 +34,7 @@ function validateSession($type = 'admin')
 {
 	global $modSettings, $user_info, $sc, $user_settings;
 
-	// We don't care if the option is off, because Guests should NEVER get past here.
+	// Guests are not welcome here.
 	is_not_guest();
 
 	// Validate what type of session check this is.
@@ -49,7 +49,7 @@ function validateSession($type = 'admin')
 	if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')]))
 		return;
 
-	// Or are they already logged in?, Moderator or admin sesssion is need for this area
+	// If their admin or moderator session hasn't expired yet, let it pass.
 	if ((!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time()) || (!empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()))
 		return;
 
@@ -69,6 +69,7 @@ function validateSession($type = 'admin')
 			return;
 		}
 	}
+
 	// Posting the password... check it.
 	if (isset($_POST[$type. '_pass']))
 	{

sources/admin/ManageMembergroups.php

@@ -433,7 +433,7 @@ public function action_add()
 			{
 				// Only do this if they have special access requirements.
 				if (!empty($changed_boards[$board_action]))
-					assignGroupToBoards($changed_boards, $id_group, $board_action);
+					assignGroupToBoards($id_group, $changed_boards, $board_action);
 			}
 
 			// If this is joinable then set it to show group membership in people's profiles.

sources/admin/ManageMembers.php

@@ -1141,7 +1141,6 @@ public function action_approve()
 		{
 			$log_action = $_POST['todo'] == 'remind' ? 'remind_member' : 'approve_member';
 
-			require_once(SOURCEDIR . '/Logging.php');
 			foreach ($member_info as $member)
 				logAction($log_action, array('member' => $member['id']), 'admin');
 		}

sources/controllers/Auth.controller.php

@@ -32,7 +32,7 @@ class Auth_Controller
 	 *  @uses the protocol_login sub-template in the Wireless template,
 	 *   if you are using a wireless device
 	 */
-	function action_login()
+	public function action_login()
 	{
 		global $txt, $context, $scripturl, $user_info;
 
@@ -76,66 +76,16 @@ function action_login()
 	 * - upgrades password encryption on login, if necessary.
 	 * - after successful login, redirects you to $_SESSION['login_url'].
 	 * - accessed from ?action=login2, by forms.
-	 * On error, uses the same templates Login() uses.
+	 * On error, uses the same templates action_login() uses.
 	 */
-	function action_login2()
+	public function action_login2()
 	{
 		global $txt, $scripturl, $user_info, $user_settings;
-
-		$db = database();
 		global $cookiename, $maintenance, $modSettings, $context, $sc;
 
-		// Load cookie authentication stuff.
+		// Load cookie authentication and all stuff.
 		require_once(SUBSDIR . '/Auth.subs.php');
 
-		if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest'])
-		{
-			if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;(i:\d{1,6}|s:[1-8]:"\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~', $_COOKIE[$cookiename]) === 1)
-				list (, , $timeout) = @unserialize($_COOKIE[$cookiename]);
-			elseif (isset($_SESSION['login_' . $cookiename]))
-				list (, , $timeout) = @unserialize($_SESSION['login_' . $cookiename]);
-			else
-				trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
-
-			$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
-			updateMemberData($user_info['id'], array('password_salt' => $user_settings['password_salt']));
-
-			setLoginCookie($timeout - time(), $user_info['id'], sha1($user_settings['passwd'] . $user_settings['password_salt']));
-
-			redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
-		}
-		// Double check the cookie...
-		elseif (isset($_GET['sa']) && $_GET['sa'] == 'check')
-		{
-			// Strike!  You're outta there!
-			if ($_GET['member'] != $user_info['id'])
-				fatal_lang_error('login_cookie_error', false);
-
-			$user_info['can_mod'] = allowedTo('access_mod_center') || (!$user_info['is_guest'] && ($user_info['mod_cache']['gq'] != '0=1' || $user_info['mod_cache']['bq'] != '0=1' || ($modSettings['postmod_active'] && !empty($user_info['mod_cache']['ap']))));
-			if ($user_info['can_mod'] && isset($user_settings['openid_uri']) && empty($user_settings['openid_uri']))
-			{
-				$_SESSION['moderate_time'] = time();
-				unset($_SESSION['just_registered']);
-			}
-
-			// Some whitelisting for login_url...
-			if (empty($_SESSION['login_url']))
-				redirectexit();
-			elseif (!empty($_SESSION['login_url']) && (strpos('http://', $_SESSION['login_url']) === false && strpos('https://', $_SESSION['login_url']) === false))
-			{
-				unset ($_SESSION['login_url']);
-				redirectexit();
-			}
-			else
-			{
-				// Best not to clutter the session data too much...
-				$temp = $_SESSION['login_url'];
-				unset($_SESSION['login_url']);
-
-				redirectexit($temp);
-			}
-		}
-
 		// Beyond this point you are assumed to be a guest trying to login.
 		if (!$user_info['is_guest'])
 			redirectexit();
@@ -390,7 +340,7 @@ function action_login2()
 		if (!checkActivation())
 			return;
 
-		DoLogin();
+		doLogin();
 	}
 
 	/**
@@ -402,12 +352,10 @@ function action_login2()
  	* @param bool $internal if true, it doesn't check the session
  	* @param $redirect
  	*/
-	function action_logout($internal = false, $redirect = true)
+	public function action_logout($internal = false, $redirect = true)
 	{
 		global $user_info, $user_settings, $context, $modSettings;
 
-		$db = database();
-
 		// Make sure they aren't being auto-logged out.
 		if (!$internal)
 			checkSession('get');
@@ -458,6 +406,122 @@ function action_logout($internal = false, $redirect = true)
 			}
 		}
 	}
+
+	/**
+	 * Throws guests out to the login screen when guest access is off.
+	 * It sets $_SESSION['login_url'] to $_SERVER['REQUEST_URL'].
+	 * It uses the 'kick_guest' sub template found in Login.template.php.
+	 */
+	public function action_kickguest()
+	{
+		global $txt, $context;
+
+		loadLanguage('Login');
+		loadTemplate('Login');
+
+		// Never redirect to an attachment
+		if (strpos($_SERVER['REQUEST_URL'], 'dlattach') === false)
+			$_SESSION['login_url'] = $_SERVER['REQUEST_URL'];
+
+		$context['sub_template'] = 'kick_guest';
+		$context['page_title'] = $txt['login'];
+	}
+
+	/**
+ 	* Display a message about the forum being in maintenance mode.
+ 	* Displays a login screen with sub template 'maintenance'.
+ 	* It sends a 503 header, so search engines don't index while we're in maintenance mode.
+ 	*/
+	public function action_maintenance_mode()
+	{
+		global $txt, $mtitle, $mmessage, $context;
+
+		loadLanguage('Login');
+		loadTemplate('Login');
+
+		// Send a 503 header, so search engines don't bother indexing while we're in maintenance mode.
+		header('HTTP/1.1 503 Service Temporarily Unavailable');
+
+		// Basic template stuff..
+		$context['sub_template'] = 'maintenance';
+		$context['title'] = &$mtitle;
+		$context['description'] = &$mmessage;
+		$context['page_title'] = $txt['maintain_mode'];
+	}
+
+	/**
+	 * Checks the cookie and update salt.
+	 * If successful, it redirects to action=auth;sa=check.
+	 * Accessed by ?action=auth;sa=salt.
+	 */
+	public function action_salt()
+	{
+		global $user_info, $user_settings, $context;
+
+		// we deal only with logged in folks in here!
+		if (!$user_info['is_guest'])
+		{
+			if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\{i:0;(i:\d{1,6}|s:[1-8]:"\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~', $_COOKIE[$cookiename]) === 1)
+				list (, , $timeout) = @unserialize($_COOKIE[$cookiename]);
+			elseif (isset($_SESSION['login_' . $cookiename]))
+				list (, , $timeout) = @unserialize($_SESSION['login_' . $cookiename]);
+			else
+				trigger_error('Auth: Cannot be logged in without a session or cookie', E_USER_ERROR);
+
+			$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
+			updateMemberData($user_info['id'], array('password_salt' => $user_settings['password_salt']));
+
+			setLoginCookie($timeout - time(), $user_info['id'], sha1($user_settings['passwd'] . $user_settings['password_salt']));
+
+			redirectexit('action=auth;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
+		}
+
+		// Lets be sure.
+		redirectexit();
+	}
+
+	/**
+	 * Double check the cookie.
+	 */
+	public function action_check()
+	{
+		global $user_info;
+
+		// Only our members, please.
+		if (!$user_info['is_guest'])
+		{
+			// Strike!  You're outta there!
+			if ($_GET['member'] != $user_info['id'])
+				fatal_lang_error('login_cookie_error', false);
+
+			$user_info['can_mod'] = allowedTo('access_mod_center') || (!$user_info['is_guest'] && ($user_info['mod_cache']['gq'] != '0=1' || $user_info['mod_cache']['bq'] != '0=1' || ($modSettings['postmod_active'] && !empty($user_info['mod_cache']['ap']))));
+			if ($user_info['can_mod'] && isset($user_settings['openid_uri']) && empty($user_settings['openid_uri']))
+			{
+				$_SESSION['moderate_time'] = time();
+				unset($_SESSION['just_registered']);
+			}
+
+			// Some whitelisting for login_url...
+			if (empty($_SESSION['login_url']))
+				redirectexit();
+			elseif (!empty($_SESSION['login_url']) && (strpos('http://', $_SESSION['login_url']) === false && strpos('https://', $_SESSION['login_url']) === false))
+			{
+				unset ($_SESSION['login_url']);
+				redirectexit();
+			}
+			else
+			{
+				// Best not to clutter the session data too much...
+				$temp = $_SESSION['login_url'];
+				unset($_SESSION['login_url']);
+
+				redirectexit($temp);
+			}
+		}
+
+		// It'll never get here... until it does :P
+		redirectexit();
+	}
 }
 
 /**
@@ -510,16 +574,17 @@ function checkActivation()
 }
 
 /**
- * Perform the logging in. (set cookie, call hooks, etc)
+ * This function performs the logging in.
+ * It sets the cookie, it call hooks, updates runtime settings for the user.
  */
-function DoLogin()
+function doLogin()
 {
-	global $txt, $scripturl, $user_info, $user_settings;
+	global $user_info, $user_settings;
+	global $cookiename, $maintenance, $modSettings, $context;
 
 	$db = database();
-	global $cookiename, $maintenance, $modSettings, $context;
 
-	// Load cookie authentication stuff.
+	// Load authentication stuffs.
 	require_once(SUBSDIR . '/Auth.subs.php');
 
 	// Call login integration functions.
@@ -572,7 +637,7 @@ function DoLogin()
 
 	// Just log you back out if it's in maintenance mode and you AREN'T an admin.
 	if (empty($maintenance) || allowedTo('admin_forum'))
-		redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
+		redirectexit('action=auth;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
 	else
 		redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']);
 }

sources/controllers/Groups.controller.php

@@ -190,7 +190,7 @@ function action_grouplist()
 	}
 
 	/**
-	 * Display members of a group, and allow adding of members to a group. Silly function name though ;)
+	 * Display members of a group, and allow adding of members to a group.
 	 * It can be called from ManageMembergroups if it needs templating within the admin environment.
 	 * It shows a list of members that are part of a given membergroup.
 	 * It is called by ?action=moderate;area=viewgroups;sa=members;group=x
@@ -199,7 +199,6 @@ function action_grouplist()
 	 * It allows sorting on several columns.
 	 * It redirects to itself.
 	 * @uses ManageMembergroups template, group_members sub template.
-	 * @todo: use createList
 	 */
 	function action_groupmembers()
 	{
@@ -237,6 +236,8 @@ function action_groupmembers()
 		);
 		$context['can_send_email'] = allowedTo('send_email_to_members');
 
+		// @todo: use createList
+
 		// Load all the group moderators, for fun.
 		$request = $db->query('', '
 			SELECT mem.id_member, mem.real_name

sources/controllers/Profile.controller.php

@@ -604,7 +604,6 @@ function action_modifyprofile()
 			if (!empty($context['log_changes']) && !empty($modSettings['modlog_enabled']))
 			{
 				$log_changes = array();
-				require_once(SOURCEDIR . '/Logging.php');
 				foreach ($context['log_changes'] as $k => $v)
 					$log_changes[] = array(
 						'action' => $k,

sources/controllers/ProfileSubscriptions.controller.php

@@ -312,7 +312,6 @@ function action_activateaccount()
 		updateMemberData($context['id_member'], array('is_activated' => $user_profile[$memID]['is_activated'] >= 10 ? 11 : 1, 'validation_code' => ''));
 
 		// Log what we did?
-		require_once(SOURCEDIR . '/Logging.php');
 		logAction('approve_member', array('member' => $memID), 'admin');
 
 		// If we are doing approval, update the stats for the member just in case.

sources/controllers/Register.controller.php

@@ -524,7 +524,7 @@ function action_register2($verifiedOpenID = false)
 
 			setLoginCookie(60 * $modSettings['cookieTime'], $memberID, sha1(sha1(strtolower($regOptions['username']) . $regOptions['password']) . $regOptions['register_vars']['password_salt']));
 
-			redirectexit('action=login2;sa=check;member=' . $memberID, $context['server']['needs_login_fix']);
+			redirectexit('action=auth;sa=check;member=' . $memberID, $context['server']['needs_login_fix']);
 		}
 	}