From 881bae11ab6cd1be94cbb13e831932e59d8c1eba Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 12 May 2015 16:44:29 +0200 Subject: [PATCH 01/20] removed requirement for unique name/username --- application/libraries/Aauth.php | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 3a22e5c..3fbe027 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -581,17 +581,11 @@ class Aauth { $valid = TRUE; - // if email is already exist if ($this->user_exsist_by_email($email)) { $this->error($this->CI->lang->line('aauth_error_email_exists')); $valid = FALSE; } - if ($this->user_exsist_by_name($name)) { - $this->error($this->CI->lang->line('aauth_error_username_exists')); - $valid = FALSE; - } - - if ( ! valid_email($email)){ + if (!valid_email($email)){ $this->error($this->CI->lang->line('aauth_error_email_invalid')); $valid = FALSE; } @@ -603,13 +597,9 @@ class Aauth { $this->error($this->CI->lang->line('aauth_error_username_invalid')); $valid = FALSE; } - if (empty($name)){ - $this->error($this->CI->lang->line('aauth_error_username_required')); - $valid = FALSE; - } - if (!$valid) { - return FALSE; } + return FALSE; + } $data = array( 'email' => $email, From b945abbdaedc3487257ddce73107526715c2ab55 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 12 May 2015 16:57:00 +0200 Subject: [PATCH 02/20] cleaned the config file --- application/config/aauth.php | 101 +++++++++++++++++------------------ 1 file changed, 49 insertions(+), 52 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index ed769e5..7844d17 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -9,67 +9,64 @@ // Config variables -$config['aauth'] = array( - 'login_page' => '/login', - // if user don't have permisssion to see the page he will be - // redirected the page spesificed below - 'no_permission' => '/', - //name of admin group - 'admin_group' => 'admin', - //name of default group, the new user is added in it - 'default_group' => 'default', - // public group , people who not logged in - 'public_group' => 'public', - // The table which contains users - 'users' => 'aauth_users', - // the group table - 'groups' => 'aauth_groups', - // - 'user_to_group' => 'aauth_user_to_group', - // permitions - 'perms' => 'aauth_perms', - // perms to group - 'perm_to_group' => 'aauth_perm_to_group', - // perms to group - 'perm_to_user' => 'aauth_perm_to_user', - // pm table - 'pms' => 'aauth_pms', - // system variables - 'system_variables' => 'aauth_system_variables', - // user variables - 'user_variables' => 'aauth_user_variables', +$config['aauth']['login_page'] = '/login'; +// if user don't have permisssion to see the page he will be +// redirected the page spesificed below +$config['aauth']['no_permission'] = '/'; +//name of admin group +$config['aauth']['admin_group'] = 'admin'; +//name of default group, the new user is added in it +$config['aauth']['default_group'] = 'default'; +// public group , people who not logged in +$config['aauth']['public_group'] = 'public'; +// The table which contains users +$config['aauth']['users'] = 'aauth_users'; +// the group table +$config['aauth']['groups'] = 'aauth_groups'; +// +$config['aauth']['user_to_group'] = 'aauth_user_to_group'; +// permitions +$config['aauth']['perms'] = 'aauth_perms'; +// perms to group +$config['aauth']['perm_to_group'] = 'aauth_perm_to_group'; +// perms to group +$config['aauth']['perm_to_user'] = 'aauth_perm_to_user'; +// pm table +$config['aauth']['pms'] = 'aauth_pms'; +// system variables +$config['aauth']['system_variables'] = 'aauth_system_variables'; +// user variables +$config['aauth']['user_variables'] = 'aauth_user_variables'; - // remember time - 'remember' => ' +3 days', +// remember time +$config['aauth']['remember'] = ' +3 days'; - // pasword maximum char long (min is 4) - 'max' => 13, +// pasword maximum char long (min is 4) +$config['aauth']['max'] = 13; - // non alphanumeric characters that are allowed in a name - 'valid_chars' => array(' ', '\''), +// non alphanumeric characters that are allowed in a name +$config['aauth']['valid_chars'] = array(' ', '\''); - // ddos protection, - //if it is true, the user will be banned temporary when he exceed the login 'try' - 'ddos_protection' => true, +// ddos protection, +//if it is true, the user will be banned temporary when he exceed the login 'try' +$config['aauth']['ddos_protection'] = true; - 'recaptcha_active' => false, - 'recaptcha_login_attempts' => 4, - 'recaptcha_siteKey' => '', - 'recaptcha_secret' => '', +$config['aauth']['recaptcha_active'] = false; +$config['aauth']['recaptcha_login_attempts'] = 4; +$config['aauth']['recaptcha_siteKey'] = ''; +$config['aauth']['recaptcha_secret'] = ''; - // login attempts time interval - // default 20 times in one hour - 'max_login_attempt' => 10, +// login attempts time interval +// default 20 times in one hour +$config['aauth']['max_login_attempt'] = 10; - // to register email verifitaion need? true / false - 'verification' => false, +// to register email verifitaion need? true / false +$config['aauth']['verification'] = false; - // system email. - 'email' => 'admin@admin.com', - 'name' => 'Emre Akay' +// system email. +$config['aauth']['email'] = 'admin@admin.com'; +$config['aauth']['name'] = 'Emre Akay'; -); - /* End of file aauth.php */ /* Location: ./application/config/aauth.php */ From 5028eb7074785db9c7bf31e892bdeb7ff72c9307 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 12 May 2015 17:27:19 +0200 Subject: [PATCH 03/20] added db profile --- application/config/aauth.php | 2 + application/libraries/Aauth.php | 408 ++++++++++++++++---------------- 2 files changed, 209 insertions(+), 201 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 7844d17..d353756 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -20,6 +20,8 @@ $config['aauth']['default_group'] = 'default'; // public group , people who not logged in $config['aauth']['public_group'] = 'public'; // The table which contains users +$config['aauth']['db_profile'] = 'default'; + $config['aauth']['users'] = 'aauth_users'; // the group table $config['aauth']['groups'] = 'aauth_groups'; diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 3fbe027..3f70301 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -9,6 +9,7 @@ * @author Emre Akay * @contributor Jacob Tomlinson * @contributor Tim Swagger (Renowne, LLC) + * @contributor Raphael Jackstadt * * @copyright 2014 Emre Akay * @@ -21,7 +22,6 @@ * https://github.com/emreakay/CodeIgniter-Aauth * * @todo separate (on some level) the unvalidated users from the "banned" users - * @todo remove requirement for unique name/username (or default it to use email address, perhaps via config file). OR remove altogether as login uses email address * @todo add configuration to not use cookies if sessions are enabled. */ class Aauth { @@ -72,6 +72,12 @@ class Aauth { */ public $flash_infos = array(); + /** + * The CodeIgniter object variable + * @access public + * @var object + */ + public $aauth_db; ######################## # Base Functions @@ -91,7 +97,6 @@ class Aauth { } $this->CI->load->library('session'); $this->CI->load->library('email'); - $this->CI->load->database(); $this->CI->load->helper('url'); $this->CI->load->helper('string'); $this->CI->load->helper('email'); @@ -99,10 +104,11 @@ class Aauth { $this->CI->load->helper('recaptchalib'); $this->CI->lang->load('aauth'); - - // config/aauth.php + // config/aauth.php $this->CI->config->load('aauth'); $this->config_vars = $this->CI->config->item('aauth'); + + $this->aauth_db = $this->CI->load->database($this->config_vars['db_profile'], TRUE); // load error and info messages from flashdata (but don't store back in flashdata) $this->errors = $this->CI->session->flashdata('errors'); @@ -152,8 +158,8 @@ class Aauth { $query = null; - $query = $this->CI->db->where('email', $email); - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->where('email', $email); + $query = $this->aauth_db->get($this->config_vars['users']); $row = $query->row(); // only email found and login attempts exceeded @@ -165,8 +171,8 @@ class Aauth { //recaptcha login_attempts check $query = null; - $query = $this->CI->db->where('email', $email); - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->where('email', $email); + $query = $this->aauth_db->get($this->config_vars['users']); $row = $query->row(); if($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $row->login_attempts >= $this->config_vars['recaptcha_login_attempts']){ $reCAPTCHA_cookie = array( @@ -180,10 +186,10 @@ class Aauth { // if user is not verified $query = null; - $query = $this->CI->db->where('email', $email); - $query = $this->CI->db->where('banned', 1); - $query = $this->CI->db->where('verification_code !=', ''); - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->where('email', $email); + $query = $this->aauth_db->where('banned', 1); + $query = $this->aauth_db->where('verification_code !=', ''); + $query = $this->aauth_db->get($this->config_vars['users']); if ($query->num_rows() > 0) { $this->error($this->CI->lang->line('aauth_error_account_not_verified')); @@ -191,8 +197,8 @@ class Aauth { } // to find user id, create sessions and cookies - $query = $this->CI->db->where('email', $email); - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->where('email', $email); + $query = $this->aauth_db->get($this->config_vars['users']); if($query->num_rows() == 0){ $this->error($this->CI->lang->line('aauth_error_login_failed')); @@ -202,13 +208,13 @@ class Aauth { $user_id = $query->row()->id; $query = null; - $query = $this->CI->db->where('email', $email); + $query = $this->aauth_db->where('email', $email); // Database stores pasword hashed password - $query = $this->CI->db->where('pass', $this->hash_password($pass, $user_id)); - $query = $this->CI->db->where('banned', 0); + $query = $this->aauth_db->where('pass', $this->hash_password($pass, $user_id)); + $query = $this->aauth_db->where('banned', 0); - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->get($this->config_vars['users']); $row = $query->row(); if($this->CI->input->cookie('reCAPTCHA', TRUE) == 'true'){ @@ -295,9 +301,9 @@ class Aauth { $cookie = explode('-', $this->CI->input->cookie('user', TRUE)); if(!is_numeric( $cookie[0] ) OR strlen($cookie[1]) < 13 ){return FALSE;} else{ - $query = $this->CI->db->where('id', $cookie[0]); - $query = $this->CI->db->where('remember_exp', $cookie[1]); - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->where('id', $cookie[0]); + $query = $this->aauth_db->where('remember_exp', $cookie[1]); + $query = $this->aauth_db->get($this->config_vars['users']); $row = $query->row(); @@ -380,9 +386,9 @@ class Aauth { */ public function login_fast($user_id){ - $query = $this->CI->db->where('id', $user_id); - $query = $this->CI->db->where('banned', 0); - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->where('id', $user_id); + $query = $this->aauth_db->where('banned', 0); + $query = $this->aauth_db->get($this->config_vars['users']); $row = $query->row(); @@ -412,8 +418,8 @@ class Aauth { public function reset_login_attempts($user_id) { $data['login_attempts'] = null; - $this->CI->db->where('id', $user_id); - return $this->CI->db->update($this->config_vars['users'], $data); + $this->aauth_db->where('id', $user_id); + return $this->aauth_db->update($this->config_vars['users'], $data); } /** @@ -423,8 +429,8 @@ class Aauth { */ public function remind_password($email){ - $query = $this->CI->db->where( 'email', $email ); - $query = $this->CI->db->get( $this->config_vars['users'] ); + $query = $this->aauth_db->where( 'email', $email ); + $query = $this->aauth_db->get( $this->config_vars['users'] ); if ($query->num_rows() > 0){ $row = $query->row(); @@ -433,8 +439,8 @@ class Aauth { $data['verification_code'] = $ver_code; - $this->CI->db->where('email', $email); - $this->CI->db->update($this->config_vars['users'], $data); + $this->aauth_db->where('email', $email); + $this->aauth_db->update($this->config_vars['users'], $data); $this->CI->email->from( $this->config_vars['email'], $this->config_vars['name']); $this->CI->email->to($row->email); @@ -453,9 +459,9 @@ class Aauth { */ public function reset_password($user_id, $ver_code){ - $query = $this->CI->db->where('id', $user_id); - $query = $this->CI->db->where('verification_code', $ver_code); - $query = $this->CI->db->get( $this->config_vars['users'] ); + $query = $this->aauth_db->where('id', $user_id); + $query = $this->aauth_db->where('verification_code', $ver_code); + $query = $this->aauth_db->get( $this->config_vars['users'] ); $pass = random_string('alnum',8); @@ -469,8 +475,8 @@ class Aauth { $row = $query->row(); $email = $row->email; - $this->CI->db->where('id', $user_id); - $this->CI->db->update($this->config_vars['users'] , $data); + $this->aauth_db->where('id', $user_id); + $this->aauth_db->update($this->config_vars['users'] , $data); $this->CI->email->from( $this->config_vars['email'], $this->config_vars['name']); $this->CI->email->to($email); @@ -499,8 +505,8 @@ class Aauth { $data['last_login'] = date("Y-m-d H:i:s"); $data['ip_address'] = $this->CI->input->ip_address(); - $this->CI->db->where('id', $user_id); - return $this->CI->db->update($this->config_vars['users'], $data); + $this->aauth_db->where('id', $user_id); + return $this->aauth_db->update($this->config_vars['users'], $data); } @@ -515,8 +521,8 @@ class Aauth { $user_id = $this->get_user_id($email); - $query = $this->CI->db->where('id', $user_id); - $query = $this->CI->db->get( $this->config_vars['users'] ); + $query = $this->aauth_db->where('id', $user_id); + $query = $this->aauth_db->get( $this->config_vars['users'] ); $row = $query->row(); @@ -525,16 +531,16 @@ class Aauth { if ( strtotime($row->last_login_attempt) == strtotime(date("Y-m-d H:0:0"))) { $data['login_attempts'] = $row->login_attempts + 1; - $query = $this->CI->db->where('id', $user_id); - $this->CI->db->update($this->config_vars['users'], $data); + $query = $this->aauth_db->where('id', $user_id); + $this->aauth_db->update($this->config_vars['users'], $data); } else { $data['last_login_attempt'] = date("Y-m-d H:0:0"); $data['login_attempts'] = 1; - $this->CI->db->where('id', $user_id); - $this->CI->db->update($this->config_vars['users'], $data); + $this->aauth_db->where('id', $user_id); + $this->aauth_db->update($this->config_vars['users'], $data); } @@ -559,8 +565,8 @@ class Aauth { $data['remember_time'] = $expire; $data['remember_exp'] = $expression; - $query = $this->CI->db->where('id',$user_id); - return $this->CI->db->update($this->config_vars['users'], $data); + $query = $this->aauth_db->where('id',$user_id); + return $this->aauth_db->update($this->config_vars['users'], $data); } @@ -607,9 +613,9 @@ class Aauth { 'name' => $name, ); - if ( $this->CI->db->insert($this->config_vars['users'], $data )){ + if ( $this->aauth_db->insert($this->config_vars['users'], $data )){ - $user_id = $this->CI->db->insert_id(); + $user_id = $this->aauth_db->insert_id(); // set default group $this->add_member($user_id, $this->config_vars['default_group']); @@ -619,8 +625,8 @@ class Aauth { $data = null; $data['banned'] = 1; - $this->CI->db->where('id', $user_id); - $this->CI->db->update($this->config_vars['users'], $data); + $this->aauth_db->where('id', $user_id); + $this->aauth_db->update($this->config_vars['users'], $data); // sends verifition ( !! e-mail settings must be set) $this->send_verification($user_id); @@ -629,8 +635,8 @@ class Aauth { // Update to correct salted password $data = null; $data['pass'] = $this->hash_password($pass, $user_id); - $this->CI->db->where('id', $user_id); - $this->CI->db->update($this->config_vars['users'], $data); + $this->aauth_db->where('id', $user_id); + $this->aauth_db->update($this->config_vars['users'], $data); return $user_id; @@ -665,8 +671,8 @@ class Aauth { $data['name'] = $name; } - $this->CI->db->where('id', $user_id); - return $this->CI->db->update($this->config_vars['users'], $data); + $this->aauth_db->where('id', $user_id); + return $this->aauth_db->update($this->config_vars['users'], $data); } //tested @@ -685,7 +691,7 @@ class Aauth { if ($group_par != FALSE) { $group_par = $this->get_group_id($group_par); - $this->CI->db->select('*') + $this->aauth_db->select('*') ->from($this->config_vars['users']) ->join($this->config_vars['user_to_group'], $this->config_vars['users'] . ".id = " . $this->config_vars['user_to_group'] . ".user_id") ->where($this->config_vars['user_to_group'] . ".group_id", $group_par); @@ -693,25 +699,25 @@ class Aauth { // if group_par is not given, lists all users } else { - $this->CI->db->select('*') + $this->aauth_db->select('*') ->from($this->config_vars['users']); } // banneds if (!$include_banneds) { - $this->CI->db->where('banned != ', 1); + $this->aauth_db->where('banned != ', 1); } // limit if ($limit) { if ($offset == FALSE) - $this->CI->db->limit($limit); + $this->aauth_db->limit($limit); else - $this->CI->db->limit($limit, $offset); + $this->aauth_db->limit($limit, $offset); } - $query = $this->CI->db->get(); + $query = $this->aauth_db->get(); return $query->result(); } @@ -728,8 +734,8 @@ class Aauth { if ($user_id == FALSE) $user_id = $this->CI->session->userdata('id'); - $query = $this->CI->db->where('id', $user_id); - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->where('id', $user_id); + $query = $this->aauth_db->get($this->config_vars['users']); if ($query->num_rows() <= 0){ $this->error($this->CI->lang->line('aauth_error_no_user')); @@ -747,9 +753,9 @@ class Aauth { */ public function verify_user($user_id, $ver_code){ - $query = $this->CI->db->where('id', $user_id); - $query = $this->CI->db->where('verification_code', $ver_code); - $query = $this->CI->db->get( $this->config_vars['users'] ); + $query = $this->aauth_db->where('id', $user_id); + $query = $this->aauth_db->where('verification_code', $ver_code); + $query = $this->aauth_db->get( $this->config_vars['users'] ); // if ver code is TRUE if( $query->num_rows() > 0 ){ @@ -759,8 +765,8 @@ class Aauth { 'banned' => 0 ); - $this->CI->db->where('id', $user_id); - $this->CI->db->update($this->config_vars['users'] , $data); + $this->aauth_db->where('id', $user_id); + $this->aauth_db->update($this->config_vars['users'] , $data); return TRUE; } return FALSE; @@ -774,8 +780,8 @@ class Aauth { */ public function send_verification($user_id){ - $query = $this->CI->db->where( 'id', $user_id ); - $query = $this->CI->db->get( $this->config_vars['users'] ); + $query = $this->aauth_db->where( 'id', $user_id ); + $query = $this->aauth_db->get( $this->config_vars['users'] ); if ($query->num_rows() > 0){ $row = $query->row(); @@ -784,8 +790,8 @@ class Aauth { $data['verification_code'] = $ver_code; - $this->CI->db->where('id', $user_id); - $this->CI->db->update($this->config_vars['users'], $data); + $this->aauth_db->where('id', $user_id); + $this->aauth_db->update($this->config_vars['users'], $data); $this->CI->email->from( $this->config_vars['email'], $this->config_vars['name']); $this->CI->email->to($row->email); @@ -804,20 +810,20 @@ class Aauth { */ public function delete_user($user_id) { - $this->CI->db->where('id', $user_id); - $this->CI->db->delete($this->config_vars['users']); + $this->aauth_db->where('id', $user_id); + $this->aauth_db->delete($this->config_vars['users']); // delete from perm_to_user - $this->CI->db->where('user_id', $user_id); - $this->CI->db->delete($this->config_vars['perm_to_user']); + $this->aauth_db->where('user_id', $user_id); + $this->aauth_db->delete($this->config_vars['perm_to_user']); // delete from user_to_group - $this->CI->db->where('user_id', $user_id); - $this->CI->db->delete($this->config_vars['user_to_group']); + $this->aauth_db->where('user_id', $user_id); + $this->aauth_db->delete($this->config_vars['user_to_group']); // delete user vars - $this->CI->db->where('user_id', $user_id); - $this->CI->db->delete($this->config_vars['user_variables']); + $this->aauth_db->where('user_id', $user_id); + $this->aauth_db->delete($this->config_vars['user_variables']); } //tested @@ -834,9 +840,9 @@ class Aauth { 'verification_code' => '' ); - $this->CI->db->where('id', $user_id); + $this->aauth_db->where('id', $user_id); - return $this->CI->db->update($this->config_vars['users'], $data); + return $this->aauth_db->update($this->config_vars['users'], $data); } //tested @@ -853,9 +859,9 @@ class Aauth { 'banned' => 0 ); - $this->CI->db->where('id', $user_id); + $this->aauth_db->where('id', $user_id); - return $this->CI->db->update($this->config_vars['users'], $data); + return $this->aauth_db->update($this->config_vars['users'], $data); } //tested @@ -867,10 +873,10 @@ class Aauth { */ public function is_banned($user_id) { - $query = $this->CI->db->where('id', $user_id); - $query = $this->CI->db->where('banned', 1); + $query = $this->aauth_db->where('id', $user_id); + $query = $this->aauth_db->where('banned', 1); - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->get($this->config_vars['users']); if ($query->num_rows() > 0) return TRUE; @@ -886,9 +892,9 @@ class Aauth { * @return bool */ public function user_exsist_by_id( $user_id ) { - $query = $this->CI->db->where('id', $user_id); + $query = $this->aauth_db->where('id', $user_id); - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->get($this->config_vars['users']); if ($query->num_rows() > 0) return TRUE; @@ -904,9 +910,9 @@ class Aauth { * @return bool */ public function user_exsist_by_name( $name ) { - $query = $this->CI->db->where('name', $name); + $query = $this->aauth_db->where('name', $name); - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->get($this->config_vars['users']); if ($query->num_rows() > 0) return TRUE; @@ -922,9 +928,9 @@ class Aauth { * @return bool */ public function user_exsist_by_email( $user_email ) { - $query = $this->CI->db->where('email', $user_email); + $query = $this->aauth_db->where('email', $user_email); - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->get($this->config_vars['users']); if ($query->num_rows() > 0) return TRUE; @@ -941,12 +947,12 @@ class Aauth { public function get_user_id($email=FALSE) { if( ! $email){ - $query = $this->CI->db->where('id', $this->CI->session->userdata('id')); + $query = $this->aauth_db->where('id', $this->CI->session->userdata('id')); } else { - $query = $this->CI->db->where('email', $email); + $query = $this->aauth_db->where('email', $email); } - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->get($this->config_vars['users']); if ($query->num_rows() <= 0){ $this->error($this->CI->lang->line('aauth_error_no_user')); @@ -965,12 +971,12 @@ class Aauth { if ($user_id==FALSE) { $user_id = $this->CI->session->userdata('id'); } - $this->CI->db->select('*'); - $this->CI->db->from($this->config_vars['user_to_group']); - $this->CI->db->join($this->config_vars['groups'], "id = group_id"); - $this->CI->db->where('user_id', $user_id); + $this->aauth_db->select('*'); + $this->aauth_db->from($this->config_vars['user_to_group']); + $this->aauth_db->join($this->config_vars['groups'], "id = group_id"); + $this->aauth_db->where('user_id', $user_id); - return $query = $this->CI->db->get()->result(); + return $query = $this->aauth_db->get()->result(); } //tested @@ -989,8 +995,8 @@ class Aauth { $data['last_activity'] = date("Y-m-d H:i:s"); - $query = $this->CI->db->where('id',$user_id); - return $this->CI->db->update($this->config_vars['users'], $data); + $query = $this->aauth_db->where('id',$user_id); + return $this->aauth_db->update($this->config_vars['users'], $data); } //tested @@ -1021,15 +1027,15 @@ class Aauth { */ public function create_group($group_name) { - $query = $this->CI->db->get_where($this->config_vars['groups'], array('name' => $group_name)); + $query = $this->aauth_db->get_where($this->config_vars['groups'], array('name' => $group_name)); if ($query->num_rows() < 1) { $data = array( 'name' => $group_name ); - $this->CI->db->insert($this->config_vars['groups'], $data); - return $this->CI->db->insert_id(); + $this->aauth_db->insert($this->config_vars['groups'], $data); + return $this->aauth_db->insert_id(); } $this->info($this->CI->lang->line('aauth_info_group_exists')); @@ -1050,8 +1056,8 @@ class Aauth { $data['name'] = $group_name; - $this->CI->db->where('id', $group_id); - return $this->CI->db->update($this->config_vars['groups'], $data); + $this->aauth_db->where('id', $group_id); + return $this->aauth_db->update($this->config_vars['groups'], $data); } //tested @@ -1065,19 +1071,19 @@ class Aauth { $group_id = $this->get_group_id($group_par); - $this->CI->db->where('id',$group_id); - $query = $this->CI->db->get($this->config_vars['groups']); + $this->aauth_db->where('id',$group_id); + $query = $this->aauth_db->get($this->config_vars['groups']); if ($query->num_rows() == 0){ return FALSE; } // bug fixed // now users are deleted from user_to_group table - $this->CI->db->where('group_id', $group_id); - $this->CI->db->delete($this->config_vars['user_to_group']); + $this->aauth_db->where('group_id', $group_id); + $this->aauth_db->delete($this->config_vars['user_to_group']); - $this->CI->db->where('id', $group_id); - return $this->CI->db->delete($this->config_vars['groups']); + $this->aauth_db->where('id', $group_id); + return $this->aauth_db->delete($this->config_vars['groups']); } //tested @@ -1098,9 +1104,9 @@ class Aauth { return FALSE; } - $query = $this->CI->db->where('user_id',$user_id); - $query = $this->CI->db->where('group_id',$group_id); - $query = $this->CI->db->get($this->config_vars['user_to_group']); + $query = $this->aauth_db->where('user_id',$user_id); + $query = $this->aauth_db->where('group_id',$group_id); + $query = $this->aauth_db->get($this->config_vars['user_to_group']); if ($query->num_rows() < 1) { $data = array( @@ -1108,7 +1114,7 @@ class Aauth { 'group_id' => $group_id ); - return $this->CI->db->insert($this->config_vars['user_to_group'], $data); + return $this->aauth_db->insert($this->config_vars['user_to_group'], $data); } $this->info($this->CI->lang->line('aauth_info_already_member')); return TRUE; @@ -1125,9 +1131,9 @@ class Aauth { public function remove_member($user_id, $group_par) { $group_par = $this->get_group_id($group_par); - $this->CI->db->where('user_id', $user_id); - $this->CI->db->where('group_id', $group_par); - return $this->CI->db->delete($this->config_vars['user_to_group']); + $this->aauth_db->where('user_id', $user_id); + $this->aauth_db->where('group_id', $group_par); + return $this->aauth_db->delete($this->config_vars['user_to_group']); } //tested @@ -1147,9 +1153,9 @@ class Aauth { $group_id = $this->get_group_id($group_par); - $query = $this->CI->db->where('user_id', $user_id); - $query = $this->CI->db->where('group_id', $group_id); - $query = $this->CI->db->get($this->config_vars['user_to_group']); + $query = $this->aauth_db->where('user_id', $user_id); + $query = $this->aauth_db->where('group_id', $group_id); + $query = $this->aauth_db->get($this->config_vars['user_to_group']); $row = $query->row(); @@ -1180,7 +1186,7 @@ class Aauth { */ public function list_groups() { - $query = $this->CI->db->get($this->config_vars['groups']); + $query = $this->aauth_db->get($this->config_vars['groups']); return $query->result(); } @@ -1194,8 +1200,8 @@ class Aauth { */ public function get_group_name($group_id) { - $query = $this->CI->db->where('id', $group_id); - $query = $this->CI->db->get($this->config_vars['groups']); + $query = $this->aauth_db->where('id', $group_id); + $query = $this->aauth_db->get($this->config_vars['groups']); if ($query->num_rows() == 0) return FALSE; @@ -1215,8 +1221,8 @@ class Aauth { if( is_numeric($group_par) ) { return $group_par; } - $query = $this->CI->db->where('name', $group_par); - $query = $this->CI->db->get($this->config_vars['groups']); + $query = $this->aauth_db->where('name', $group_par); + $query = $this->aauth_db->get($this->config_vars['groups']); if ($query->num_rows() == 0) return FALSE; @@ -1239,7 +1245,7 @@ class Aauth { */ public function create_perm($perm_name, $definition='') { - $query = $this->CI->db->get_where($this->config_vars['perms'], array('name' => $perm_name)); + $query = $this->aauth_db->get_where($this->config_vars['perms'], array('name' => $perm_name)); if ($query->num_rows() < 1) { @@ -1247,8 +1253,8 @@ class Aauth { 'name' => $perm_name, 'definition'=> $definition ); - $this->CI->db->insert($this->config_vars['perms'], $data); - return $this->CI->db->insert_id(); + $this->aauth_db->insert($this->config_vars['perms'], $data); + return $this->aauth_db->insert_id(); } $this->info($this->CI->lang->line('aauth_info_perm_exists')); return FALSE; @@ -1273,8 +1279,8 @@ class Aauth { if ($definition != FALSE) $data['definition'] = $definition; - $this->CI->db->where('id', $perm_id); - return $this->CI->db->update($this->config_vars['perms'], $data); + $this->aauth_db->where('id', $perm_id); + return $this->aauth_db->update($this->config_vars['perms'], $data); } //not ok @@ -1289,16 +1295,16 @@ class Aauth { $perm_id = $this->get_perm_id($perm_par); // deletes from perm_to_gropup table - $this->CI->db->where('perm_id', $perm_id); - $this->CI->db->delete($this->config_vars['perm_to_group']); + $this->aauth_db->where('perm_id', $perm_id); + $this->aauth_db->delete($this->config_vars['perm_to_group']); // deletes from perm_to_user table - $this->CI->db->where('perm_id', $perm_id); - $this->CI->db->delete($this->config_vars['perm_to_group']); + $this->aauth_db->where('perm_id', $perm_id); + $this->aauth_db->delete($this->config_vars['perm_to_group']); // deletes from permission table - $this->CI->db->where('id', $perm_id); - return $this->CI->db->delete($this->config_vars['perms']); + $this->aauth_db->where('id', $perm_id); + return $this->aauth_db->delete($this->config_vars['perms']); } /** @@ -1317,9 +1323,9 @@ class Aauth { $user_id = $this->CI->session->userdata('id'); } - $query = $this->CI->db->where('perm_id', $perm_id); - $query = $this->CI->db->where('user_id', $user_id); - $query = $this->CI->db->get( $this->config_vars['perm_to_user'] ); + $query = $this->aauth_db->where('perm_id', $perm_id); + $query = $this->aauth_db->where('user_id', $user_id); + $query = $this->aauth_db->get( $this->config_vars['perm_to_user'] ); if( $query->num_rows() > 0){ return TRUE; @@ -1347,9 +1353,9 @@ class Aauth { $group_par = $this->get_group_id($group_par); - $query = $this->CI->db->where('perm_id', $perm_id); - $query = $this->CI->db->where('group_id', $group_par); - $query = $this->CI->db->get( $this->config_vars['perm_to_group'] ); + $query = $this->aauth_db->where('perm_id', $perm_id); + $query = $this->aauth_db->where('group_id', $group_par); + $query = $this->aauth_db->get( $this->config_vars['perm_to_group'] ); if( $query->num_rows() > 0){ return TRUE; @@ -1391,9 +1397,9 @@ class Aauth { $perm_id = $this->get_perm_id($perm_par); - $query = $this->CI->db->where('user_id',$user_id); - $query = $this->CI->db->where('perm_id',$perm_id); - $query = $this->CI->db->get($this->config_vars['perm_to_user']); + $query = $this->aauth_db->where('user_id',$user_id); + $query = $this->aauth_db->where('perm_id',$perm_id); + $query = $this->aauth_db->get($this->config_vars['perm_to_user']); // if not inserted before if ($query->num_rows() < 1) { @@ -1403,7 +1409,7 @@ class Aauth { 'perm_id' => $perm_id ); - return $this->CI->db->insert($this->config_vars['perm_to_user'], $data); + return $this->aauth_db->insert($this->config_vars['perm_to_user'], $data); } return TRUE; } @@ -1420,10 +1426,10 @@ class Aauth { $perm_id = $this->get_perm_id($perm_par); - $this->CI->db->where('user_id', $user_id); - $this->CI->db->where('perm_id', $perm_id); + $this->aauth_db->where('user_id', $user_id); + $this->aauth_db->where('perm_id', $perm_id); - return $this->CI->db->delete($this->config_vars['perm_to_user']); + return $this->aauth_db->delete($this->config_vars['perm_to_user']); } //tested @@ -1439,9 +1445,9 @@ class Aauth { $perm_id = $this->get_perm_id($perm_par); $group_id = $this->get_group_id($group_par); - $query = $this->CI->db->where('group_id',$group_id); - $query = $this->CI->db->where('perm_id',$perm_id); - $query = $this->CI->db->get($this->config_vars['perm_to_group']); + $query = $this->aauth_db->where('group_id',$group_id); + $query = $this->aauth_db->where('perm_id',$perm_id); + $query = $this->aauth_db->get($this->config_vars['perm_to_group']); if ($query->num_rows() < 1) { @@ -1450,7 +1456,7 @@ class Aauth { 'perm_id' => $perm_id ); - return $this->CI->db->insert($this->config_vars['perm_to_group'], $data); + return $this->aauth_db->insert($this->config_vars['perm_to_group'], $data); } return TRUE; @@ -1469,10 +1475,10 @@ class Aauth { $perm_id = $this->get_perm_id($perm_par); $group_id = $this->get_group_id($group_par); - $this->CI->db->where('group_id', $group_id); - $this->CI->db->where('perm_id', $perm_id); + $this->aauth_db->where('group_id', $group_id); + $this->aauth_db->where('perm_id', $perm_id); - return $this->CI->db->delete($this->config_vars['perm_to_group']); + return $this->aauth_db->delete($this->config_vars['perm_to_group']); } //tested @@ -1483,7 +1489,7 @@ class Aauth { */ public function list_perms() { - $query = $this->CI->db->get($this->config_vars['perms']); + $query = $this->aauth_db->get($this->config_vars['perms']); return $query->result(); } @@ -1498,8 +1504,8 @@ class Aauth { if( is_numeric($perm_par) ) { return $perm_par; } - $query = $this->CI->db->where('name', $perm_par); - $query = $this->CI->db->get($this->config_vars['perms']); + $query = $this->aauth_db->where('name', $perm_par); + $query = $this->aauth_db->get($this->config_vars['perms']); if ($query->num_rows() == 0) return NULL; @@ -1529,10 +1535,10 @@ class Aauth { return FALSE; } - $query = $this->CI->db->where('id', $receiver_id); - $query = $this->CI->db->where('banned', 0); + $query = $this->aauth_db->where('id', $receiver_id); + $query = $this->aauth_db->where('banned', 0); - $query = $this->CI->db->get( $this->config_vars['users'] ); + $query = $this->aauth_db->get( $this->config_vars['users'] ); // if user not exist or banned if ( $query->num_rows() < 1 ){ @@ -1540,10 +1546,10 @@ class Aauth { return FALSE; } - $query = $this->CI->db->where('id', $sender_id); - $query = $this->CI->db->where('banned', 0); + $query = $this->aauth_db->where('id', $sender_id); + $query = $this->aauth_db->where('banned', 0); - $query = $this->CI->db->get( $this->config_vars['users'] ); + $query = $this->aauth_db->get( $this->config_vars['users'] ); // if user not exist or banned if ( $query->num_rows() < 1 ){ @@ -1560,7 +1566,7 @@ class Aauth { 'date' => date('Y-m-d H:i:s') ); - return $query = $this->CI->db->insert( $this->config_vars['pms'], $data ); + return $query = $this->aauth_db->insert( $this->config_vars['pms'], $data ); } //tested @@ -1578,15 +1584,15 @@ class Aauth { $query=''; if ( $receiver_id != FALSE){ - $query = $this->CI->db->where('receiver_id', $receiver_id); + $query = $this->aauth_db->where('receiver_id', $receiver_id); } if( $sender_id != FALSE ){ - $query = $this->CI->db->where('sender_id', $sender_id); + $query = $this->aauth_db->where('sender_id', $sender_id); } - $query = $this->CI->db->order_by('id','DESC'); - $query = $this->CI->db->get( $this->config_vars['pms'], $limit, $offset); + $query = $this->aauth_db->order_by('id','DESC'); + $query = $this->aauth_db->get( $this->config_vars['pms'], $limit, $offset); return $query->result(); } @@ -1600,8 +1606,8 @@ class Aauth { */ public function get_pm($pm_id, $set_as_read = TRUE){ - $query = $this->CI->db->where('id', $pm_id); - $query = $this->CI->db->get( $this->config_vars['pms'] ); + $query = $this->aauth_db->where('id', $pm_id); + $query = $this->aauth_db->get( $this->config_vars['pms'] ); if ($query->num_rows() < 1) { $this->error( $this->CI->lang->line('aauth_error_no_pm') ); @@ -1621,7 +1627,7 @@ class Aauth { */ public function delete_pm($pm_id){ - return $this->CI->db->delete( $this->config_vars['pms'], array('id' => $pm_id) ); + return $this->aauth_db->delete( $this->config_vars['pms'], array('id' => $pm_id) ); } //tested @@ -1637,9 +1643,9 @@ class Aauth { $receiver_id = $this->CI->session->userdata('id'); } - $query = $this->CI->db->where('receiver_id', $receiver_id); - $query = $this->CI->db->where('read', 0); - $query = $this->CI->db->get( $this->config_vars['pms'] ); + $query = $this->aauth_db->where('receiver_id', $receiver_id); + $query = $this->aauth_db->where('read', 0); + $query = $this->aauth_db->get( $this->config_vars['pms'] ); return $query->num_rows(); } @@ -1656,7 +1662,7 @@ class Aauth { 'read' => 1, ); - $this->CI->db->update( $this->config_vars['pms'], $data, "id = $pm_id"); + $this->aauth_db->update( $this->config_vars['pms'], $data, "id = $pm_id"); } ######################## @@ -1886,7 +1892,7 @@ class Aauth { 'user_id' => $user_id ); - return $this->CI->db->insert( $this->config_vars['user_variables'] , $data); + return $this->aauth_db->insert( $this->config_vars['user_variables'] , $data); } // if var already set, overwrite else { @@ -1897,10 +1903,10 @@ class Aauth { 'user_id' => $user_id ); - $this->CI->db->where( 'key', $key ); - $this->CI->db->where( 'user_id', $user_id); + $this->aauth_db->where( 'key', $key ); + $this->aauth_db->where( 'user_id', $user_id); - return $this->CI->db->update( $this->config_vars['user_variables'], $data); + return $this->aauth_db->update( $this->config_vars['user_variables'], $data); } } @@ -1922,10 +1928,10 @@ class Aauth { return FALSE; } - $this->CI->db->where('key', $key); - $this->CI->db->where('user_id', $user_id); + $this->aauth_db->where('key', $key); + $this->aauth_db->where('user_id', $user_id); - return $this->CI->db->delete( $this->config_vars['user_variables'] ); + return $this->aauth_db->delete( $this->config_vars['user_variables'] ); } //tested @@ -1947,10 +1953,10 @@ class Aauth { return FALSE; } - $query = $this->CI->db->where('user_id', $user_id); - $query = $this->CI->db->where('key', $key); + $query = $this->aauth_db->where('user_id', $user_id); + $query = $this->aauth_db->where('key', $key); - $query = $this->CI->db->get( $this->config_vars['user_variables'] ); + $query = $this->aauth_db->get( $this->config_vars['user_variables'] ); // if variable not set if ($query->num_rows() < 1) { return FALSE;} @@ -1980,11 +1986,11 @@ class Aauth { if ( ! $this->get_user($user_id)){ return FALSE; } - $query = $this->CI->db->select('key'); + $query = $this->aauth_db->select('key'); - $query = $this->CI->db->where('user_id', $user_id); + $query = $this->aauth_db->where('user_id', $user_id); - $query = $this->CI->db->get( $this->config_vars['user_variables'] ); + $query = $this->aauth_db->get( $this->config_vars['user_variables'] ); // if variable not set if ($query->num_rows() < 1) { return FALSE;} @@ -2020,7 +2026,7 @@ class Aauth { 'value' => $value, ); - return $this->CI->db->insert( $this->config_vars['system_variables'] , $data); + return $this->aauth_db->insert( $this->config_vars['system_variables'] , $data); } // if var already set, overwrite @@ -2031,8 +2037,8 @@ class Aauth { 'value' => $value, ); - $this->CI->db->where( 'key', $key ); - return $this->CI->db->update( $this->config_vars['system_variables'], $data); + $this->aauth_db->where( 'key', $key ); + return $this->aauth_db->update( $this->config_vars['system_variables'], $data); } } @@ -2045,9 +2051,9 @@ class Aauth { */ public function unset_system_var( $key ) { - $this->CI->db->where('key', $key); + $this->aauth_db->where('key', $key); - return $this->CI->db->delete( $this->config_vars['system_variables'] ); + return $this->aauth_db->delete( $this->config_vars['system_variables'] ); } //tested @@ -2059,9 +2065,9 @@ class Aauth { */ public function get_system_var( $key ){ - $query = $this->CI->db->where('key', $key); + $query = $this->aauth_db->where('key', $key); - $query = $this->CI->db->get( $this->config_vars['system_variables'] ); + $query = $this->aauth_db->get( $this->config_vars['system_variables'] ); // if variable not set if ($query->num_rows() < 1) { return FALSE;} @@ -2080,8 +2086,8 @@ class Aauth { */ public function list_system_var_keys(){ - $query = $this->CI->db->select('key'); - $query = $this->CI->db->get( $this->config_vars['system_variables'] ); + $query = $this->aauth_db->select('key'); + $query = $this->aauth_db->get( $this->config_vars['system_variables'] ); // if variable not set if ($query->num_rows() < 1) { return FALSE;} else { From b9b855ea863a680d180a0deac4f1a178bad263b9 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 12 May 2015 17:36:02 +0200 Subject: [PATCH 04/20] fix for empty names on creation --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 3f70301..09afbdf 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -583,7 +583,7 @@ class Aauth { * @param string $name User's name * @return int|bool False if create fails or returns user id if successful */ - public function create_user($email, $pass, $name) { + public function create_user($email, $pass, $name='') { $valid = TRUE; From 6b68f4c21e0ce59fab3eee3bf28469604677c2cd Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 12 May 2015 17:44:45 +0200 Subject: [PATCH 05/20] removed unused functions --- application/libraries/Aauth.php | 36 --------------------------------- 1 file changed, 36 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 09afbdf..15dd7f5 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -884,42 +884,6 @@ class Aauth { return FALSE; } - /** - * user_exsist_by_id - * Check if user exist by user id - * @param $user_id - * - * @return bool - */ - public function user_exsist_by_id( $user_id ) { - $query = $this->aauth_db->where('id', $user_id); - - $query = $this->aauth_db->get($this->config_vars['users']); - - if ($query->num_rows() > 0) - return TRUE; - else - return FALSE; - } - - /** - * user_exsist_by_name - * Check if user exist by name - * @param $user_id - * - * @return bool - */ - public function user_exsist_by_name( $name ) { - $query = $this->aauth_db->where('name', $name); - - $query = $this->aauth_db->get($this->config_vars['users']); - - if ($query->num_rows() > 0) - return TRUE; - else - return FALSE; - } - /** * user_exsist_by_email * Check if user exsist by user email From 5df18c08971aa66f529202a7f73c1ff011823ea4 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 12 May 2015 17:50:07 +0200 Subject: [PATCH 06/20] fixed cookie creation for reCAPTCHA if it's not active --- application/libraries/Aauth.php | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 15dd7f5..cff1ad1 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -259,14 +259,16 @@ class Aauth { $this->CI->input->set_cookie($cookie); } - $reCAPTCHA_cookie = array( - 'name' => 'reCAPTCHA', - 'value' => 'false', - 'expire' => time()-3600, - 'path' => '/', - ); - $this->CI->input->set_cookie($reCAPTCHA_cookie); - + if($this->config_vars['recaptcha_active']){ + $reCAPTCHA_cookie = array( + 'name' => 'reCAPTCHA', + 'value' => 'false', + 'expire' => time()-3600, + 'path' => '/', + ); + $this->CI->input->set_cookie($reCAPTCHA_cookie); + } + // update last login $this->update_last_login($row->id); $this->update_activity(); From fc242264a4efd5bd32a528502182972fbd52b038 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 12 May 2015 17:55:58 +0200 Subject: [PATCH 07/20] changed the copyright info to this year --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index cff1ad1..f147a69 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -11,7 +11,7 @@ * @contributor Tim Swagger (Renowne, LLC) * @contributor Raphael Jackstadt * - * @copyright 2014 Emre Akay + * @copyright 2014-2015 Emre Akay * * @version 2.0 * From 790dd44a10cd3137ed19d76fbecc8897b711f7b3 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 12 May 2015 19:08:46 +0200 Subject: [PATCH 08/20] Configurable Login over Name or Email added `login_with_name` config item renamed `aauth_error_login_failed` to `aauth_error_login_failed_email` in lang file added `aauth_error_login_failed_name` in lang file changed in login function `$email` to `$identifier` --- application/config/aauth.php | 2 + application/language/english/aauth_lang.php | 3 +- application/libraries/Aauth.php | 69 ++++++++++++++++----- 3 files changed, 57 insertions(+), 17 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index d353756..df8d7cd 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -65,6 +65,8 @@ $config['aauth']['max_login_attempt'] = 10; // to register email verifitaion need? true / false $config['aauth']['verification'] = false; +$config['aauth']['login_with_name'] = false; + // system email. $config['aauth']['email'] = 'admin@admin.com'; $config['aauth']['name'] = 'Emre Akay'; diff --git a/application/language/english/aauth_lang.php b/application/language/english/aauth_lang.php index b3b02ef..2af947b 100644 --- a/application/language/english/aauth_lang.php +++ b/application/language/english/aauth_lang.php @@ -28,7 +28,8 @@ $lang['aauth_error_username_required'] = 'Username required'; // Access errors $lang['aauth_error_no_access'] = 'Sorry, you do not have access to the resource you requested.'; -$lang['aauth_error_login_failed'] = 'E-mail Address and Password do not match.'; +$lang['aauth_error_login_failed_email'] = 'E-mail Address and Password do not match.'; +$lang['aauth_error_login_failed_name'] = 'Username and Password do not match.'; $lang['aauth_error_login_attempts_exceeded'] = 'You have exceeded your login attempts, your account has now been locked.'; $lang['aauth_error_recaptcha_not_correct'] = 'Sorry, the reCAPTCHA text entered was incorrect.'; diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index f147a69..098a23c 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -129,7 +129,7 @@ class Aauth { * @param bool $remember * @return bool Indicates successful login. */ - public function login($email, $pass, $remember = FALSE) { + public function login($identifier, $pass, $remember = FALSE) { // Remove cookies first $cookie = array( @@ -141,7 +141,21 @@ class Aauth { $this->CI->input->set_cookie($cookie); - + if( $this->config_vars['login_with_name'] == TRUE){ + if( !$identifier OR strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ) + { + $this->error($this->CI->lang->line('aauth_error_login_failed_name')); + return FALSE; + } + $db_identifier = 'name'; + }else{ + if( !valid_email($identifier) OR strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ) + { + $this->error($this->CI->lang->line('aauth_error_login_failed_email')); + return FALSE; + } + $db_identifier = 'email'; + } /* * * User Verification @@ -150,15 +164,9 @@ class Aauth { * It was causing issues with special characters in passwords * and returning FALSE even if the password matches. */ - if( !valid_email($email) OR strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ) - { - $this->error($this->CI->lang->line('aauth_error_login_failed')); - return FALSE; - } - $query = null; - $query = $this->aauth_db->where('email', $email); + $query = $this->aauth_db->where($db_identifier, $identifier); $query = $this->aauth_db->get($this->config_vars['users']); $row = $query->row(); @@ -171,7 +179,7 @@ class Aauth { //recaptcha login_attempts check $query = null; - $query = $this->aauth_db->where('email', $email); + $query = $this->aauth_db->where($db_identifier, $identifier); $query = $this->aauth_db->get($this->config_vars['users']); $row = $query->row(); if($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $row->login_attempts >= $this->config_vars['recaptcha_login_attempts']){ @@ -186,7 +194,7 @@ class Aauth { // if user is not verified $query = null; - $query = $this->aauth_db->where('email', $email); + $query = $this->aauth_db->where($db_identifier, $identifier); $query = $this->aauth_db->where('banned', 1); $query = $this->aauth_db->where('verification_code !=', ''); $query = $this->aauth_db->get($this->config_vars['users']); @@ -197,7 +205,7 @@ class Aauth { } // to find user id, create sessions and cookies - $query = $this->aauth_db->where('email', $email); + $query = $this->aauth_db->where($db_identifier, $identifier); $query = $this->aauth_db->get($this->config_vars['users']); if($query->num_rows() == 0){ @@ -208,7 +216,7 @@ class Aauth { $user_id = $query->row()->id; $query = null; - $query = $this->aauth_db->where('email', $email); + $query = $this->aauth_db->where($db_identifier, $identifier); // Database stores pasword hashed password $query = $this->aauth_db->where('pass', $this->hash_password($pass, $user_id)); @@ -589,9 +597,20 @@ class Aauth { $valid = TRUE; - if ($this->user_exsist_by_email($email)) { - $this->error($this->CI->lang->line('aauth_error_email_exists')); - $valid = FALSE; + if($this->config_vars['login_with_name'] == TRUE){ + if (empty($name)){ + $this->error($this->CI->lang->line('aauth_error_username_required')); + $valid = FALSE; + } + if ($this->user_exsist_by_name($name)) { + $this->error($this->CI->lang->line('aauth_error_username_exists')); + $valid = FALSE; + } + }else{ + if ($this->user_exsist_by_email($email)) { + $this->error($this->CI->lang->line('aauth_error_email_exists')); + $valid = FALSE; + } } if (!valid_email($email)){ $this->error($this->CI->lang->line('aauth_error_email_invalid')); @@ -886,6 +905,24 @@ class Aauth { return FALSE; } + /** + * user_exsist_by_name + * Check if user exist by name + * @param $user_id + * + * @return bool + */ + public function user_exsist_by_name( $name ) { + $query = $this->CI->db->where('name', $name); + + $query = $this->CI->db->get($this->config_vars['users']); + + if ($query->num_rows() > 0) + return TRUE; + else + return FALSE; + } + /** * user_exsist_by_email * Check if user exsist by user email From 206342b49e09c042f9055185e296275cd443d5b9 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 12 May 2015 23:16:53 +0200 Subject: [PATCH 09/20] moved user_exsist_by_email out of else to prevent double emails in database --- application/libraries/Aauth.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 098a23c..da157f1 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -606,11 +606,10 @@ class Aauth { $this->error($this->CI->lang->line('aauth_error_username_exists')); $valid = FALSE; } - }else{ - if ($this->user_exsist_by_email($email)) { - $this->error($this->CI->lang->line('aauth_error_email_exists')); - $valid = FALSE; - } + } + if ($this->user_exsist_by_email($email)) { + $this->error($this->CI->lang->line('aauth_error_email_exists')); + $valid = FALSE; } if (!valid_email($email)){ $this->error($this->CI->lang->line('aauth_error_email_invalid')); From 41224e613a74d6d99656fc57b147cc2398a2629e Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Wed, 13 May 2015 13:09:55 +0200 Subject: [PATCH 10/20] added to create_group and update_group 'definition' based on tswagger's sql changes --- application/libraries/Aauth.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index da157f1..f73a65c 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1027,14 +1027,15 @@ class Aauth { * @param string $group_name New group name * @return int|bool Group id or FALSE on fail */ - public function create_group($group_name) { + public function create_group($group_name, $definition) { $query = $this->aauth_db->get_where($this->config_vars['groups'], array('name' => $group_name)); if ($query->num_rows() < 1) { $data = array( - 'name' => $group_name + 'name' => $group_name, + 'definition'=> $definition ); $this->aauth_db->insert($this->config_vars['groups'], $data); return $this->aauth_db->insert_id(); @@ -1057,6 +1058,7 @@ class Aauth { $group_id = $this->get_group_id($group_par); $data['name'] = $group_name; + $data['definition'] = $definition; $this->aauth_db->where('id', $group_id); return $this->aauth_db->update($this->config_vars['groups'], $data); From 106a3d55d10f79358d77287dc6a03c3fb4fdbe5e Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Wed, 13 May 2015 13:11:52 +0200 Subject: [PATCH 11/20] added missing $definition to update_group --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index f73a65c..45fd82a 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1053,7 +1053,7 @@ class Aauth { * @param string $group_name New group name * @return bool Update success/failure */ - public function update_group($group_par, $group_name) { + public function update_group($group_par, $group_name, $definition) { $group_id = $this->get_group_id($group_par); From 7b180a01a1f8844d46828ac00640b015d8b7c970 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Wed, 13 May 2015 13:14:29 +0200 Subject: [PATCH 12/20] build update_group similar to update_user --- application/libraries/Aauth.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 45fd82a..3eb044e 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -1053,12 +1053,18 @@ class Aauth { * @param string $group_name New group name * @return bool Update success/failure */ - public function update_group($group_par, $group_name, $definition) { + public function update_group($group_par, $group_name=FALSE, $definition=FALSE) { $group_id = $this->get_group_id($group_par); - $data['name'] = $group_name; - $data['definition'] = $definition; + if ($group_name != FALSE) { + $data['name'] = $group_name; + } + + if ($definition != FALSE) { + $data['definition'] = $definition; + } + $this->aauth_db->where('id', $group_id); return $this->aauth_db->update($this->config_vars['groups'], $data); From 08affa2abcc5658ac97db35bef522bddf676dc61 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Thu, 14 May 2015 15:06:37 +0200 Subject: [PATCH 13/20] changed list_user_var_keys's output from array to object --- application/libraries/Aauth.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 3eb044e..04d5172 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -2005,11 +2005,7 @@ class Aauth { // if variable not set if ($query->num_rows() < 1) { return FALSE;} else { - $key_list = array(); - foreach( $query->result() as $row) { - $key_list[] = $row->key; - } - return $key_list; + return $query->result(); } } From 1271388c3fa05ead98ca1418cae8aedf4f05110b Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 19 May 2015 02:17:55 +0200 Subject: [PATCH 14/20] fixed set_system_var bug (issue #39) --- application/libraries/Aauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 04d5172..6049aa6 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -2025,7 +2025,7 @@ class Aauth { public function set_system_var( $key, $value ) { // if var not set, set - if ( ! $this->get_system_var($key) ) { + if ($this->get_system_var($key) === FALSE) { $data = array( 'key' => $key, From 7c749af13f18d82ef2ac79e5901528878912f4ee Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 19 May 2015 02:26:47 +0200 Subject: [PATCH 15/20] removed a unused config_var --- application/config/aauth.php | 1 - 1 file changed, 1 deletion(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index df8d7cd..3a0cda6 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -9,7 +9,6 @@ // Config variables -$config['aauth']['login_page'] = '/login'; // if user don't have permisssion to see the page he will be // redirected the page spesificed below $config['aauth']['no_permission'] = '/'; From f0f781dfca8c8848068cd186616069d4b2efe367 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Tue, 26 May 2015 17:59:00 +0200 Subject: [PATCH 16/20] added config var for reset_password_link and verification_link, so its not needed to edit the language file --- application/config/aauth.php | 6 +++++- application/language/english/aauth_lang.php | 4 ++-- application/libraries/Aauth.php | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/application/config/aauth.php b/application/config/aauth.php index 3a0cda6..c1061be 100644 --- a/application/config/aauth.php +++ b/application/config/aauth.php @@ -69,7 +69,11 @@ $config['aauth']['login_with_name'] = false; // system email. $config['aauth']['email'] = 'admin@admin.com'; $config['aauth']['name'] = 'Emre Akay'; - + +// Link for verification without site_url or base_url +$config['aauth']['verification_link'] = '/account/verification/'; +// Link for reset_password without site_url or base_url +$config['aauth']['reset_password_link'] = '/account/reset_password/'; /* End of file aauth.php */ /* Location: ./application/config/aauth.php */ diff --git a/application/language/english/aauth_lang.php b/application/language/english/aauth_lang.php index 2af947b..ec28e22 100644 --- a/application/language/english/aauth_lang.php +++ b/application/language/english/aauth_lang.php @@ -5,11 +5,11 @@ // Account verification $lang['aauth_email_verification_subject'] = 'Account Verification'; $lang['aauth_email_verification_code'] = 'Your verification code is: '; -$lang['aauth_email_verification_link'] = " You can also click on (or copy and paste) the following link\n\nhttp://yourdomain/account/verification/"; +$lang['aauth_email_verification_text'] = " You can also click on (or copy and paste) the following link\n\n"; // Password reset $lang['aauth_email_reset_subject'] = 'Reset Password'; -$lang['aauth_email_reset_link'] = "To reset your password click on (or copy and paste in your browser address bar) the link below:\n\nhttp://yourdomain/account/reset_password/"; +$lang['aauth_email_reset_text'] = "To reset your password click on (or copy and paste in your browser address bar) the link below:\n\n"; // Password reset success $lang['aauth_email_reset_success_subject'] = 'Successful Pasword Reset'; diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 6049aa6..c762e07 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -455,7 +455,7 @@ class Aauth { $this->CI->email->from( $this->config_vars['email'], $this->config_vars['name']); $this->CI->email->to($row->email); $this->CI->email->subject($this->CI->lang->line('aauth_email_reset_subject')); - $this->CI->email->message($this->CI->lang->line('aauth_email_reset_link') . $row->id . '/' . $ver_code ); + $this->CI->email->message($this->CI->lang->line('aauth_email_reset_text') . site_url() . $this->config_vars['reset_password_link'] . $row->id . '/' . $ver_code ); $this->CI->email->send(); } } @@ -817,7 +817,7 @@ class Aauth { $this->CI->email->to($row->email); $this->CI->email->subject($this->CI->lang->line('aauth_email_verification_subject')); $this->CI->email->message($this->CI->lang->line('aauth_email_verification_code') . $ver_code . - $this->CI->lang->line('aauth_email_verification_link') . $user_id . '/' . $ver_code ); + $this->CI->lang->line('aauth_email_verification_text') . site_url() .$this->config_vars['verification_link'] . $user_id . '/' . $ver_code ); $this->CI->email->send(); } } From 11bd0dcd49860fef791317af71486935527978e0 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Sun, 31 May 2015 17:35:55 +0200 Subject: [PATCH 17/20] moved user_exsist_by_name out of the IF --- application/libraries/Aauth.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index c762e07..c7006ce 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -602,10 +602,10 @@ class Aauth { $this->error($this->CI->lang->line('aauth_error_username_required')); $valid = FALSE; } - if ($this->user_exsist_by_name($name)) { - $this->error($this->CI->lang->line('aauth_error_username_exists')); - $valid = FALSE; - } + } + if ($this->user_exsist_by_name($name)) { + $this->error($this->CI->lang->line('aauth_error_username_exists')); + $valid = FALSE; } if ($this->user_exsist_by_email($email)) { $this->error($this->CI->lang->line('aauth_error_email_exists')); From 59bbfdd94aaadb9d369834711197c296b7d90b5c Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Sun, 31 May 2015 17:40:53 +0200 Subject: [PATCH 18/20] added checks from create_user in update_user - user_exsist_by_email, valid_email - min-max pass length - user_exsist_by_name, valid_chars --- application/libraries/Aauth.php | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index c7006ce..bdb8339 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -680,17 +680,41 @@ class Aauth { $data = array(); if ($email != FALSE) { + if ($this->user_exsist_by_email($email)) { + $this->error($this->CI->lang->line('aauth_error_email_exists')); + $valid = FALSE; + } + if (!valid_email($email)){ + $this->error($this->CI->lang->line('aauth_error_email_invalid')); + $valid = FALSE; + } $data['email'] = $email; } if ($pass != FALSE) { + if ( strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max'] ){ + $this->error($this->CI->lang->line('aauth_error_password_invalid')); + $valid = FALSE; + } $data['pass'] = $this->hash_password($pass, $user_id); } if ($name != FALSE) { + if ($this->user_exsist_by_name($name)) { + $this->error($this->CI->lang->line('aauth_error_username_exists')); + $valid = FALSE; + } + if ($name !='' && !ctype_alnum(str_replace($this->config_vars['valid_chars'], '', $name))){ + $this->error($this->CI->lang->line('aauth_error_username_invalid')); + $valid = FALSE; + } $data['name'] = $name; } + if (!$valid) { + return FALSE; + } + $this->aauth_db->where('id', $user_id); return $this->aauth_db->update($this->config_vars['users'], $data); } From 7617a79cda73dbaf3fe662505df20039c04d7fee Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Sun, 31 May 2015 17:46:14 +0200 Subject: [PATCH 19/20] found a missing aauth_db --- application/libraries/Aauth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index bdb8339..4576cdf 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -936,9 +936,9 @@ class Aauth { * @return bool */ public function user_exsist_by_name( $name ) { - $query = $this->CI->db->where('name', $name); + $query = $this->aauth_db->where('name', $name); - $query = $this->CI->db->get($this->config_vars['users']); + $query = $this->aauth_db->get($this->config_vars['users']); if ($query->num_rows() > 0) return TRUE; From 319884689a3908ecbc16a0bedd2531c0de41fbf8 Mon Sep 17 00:00:00 2001 From: Raphael Jackstadt Date: Sun, 31 May 2015 17:49:52 +0200 Subject: [PATCH 20/20] added specific error messages for update_user without forgotten password text --- application/language/english/aauth_lang.php | 5 +++++ application/libraries/Aauth.php | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/application/language/english/aauth_lang.php b/application/language/english/aauth_lang.php index ec28e22..b6b3f3a 100644 --- a/application/language/english/aauth_lang.php +++ b/application/language/english/aauth_lang.php @@ -26,6 +26,11 @@ $lang['aauth_error_password_invalid'] = 'Invalid password'; $lang['aauth_error_username_invalid'] = 'Invalid Username'; $lang['aauth_error_username_required'] = 'Username required'; +// Account update errors +$lang['aauth_error_update_email_exists'] = 'Email address already exists on the system. Please enter a different email address.'; +$lang['aauth_error_update_username_exists'] = "Username already exists on the system. Please enter a different username."; + + // Access errors $lang['aauth_error_no_access'] = 'Sorry, you do not have access to the resource you requested.'; $lang['aauth_error_login_failed_email'] = 'E-mail Address and Password do not match.'; diff --git a/application/libraries/Aauth.php b/application/libraries/Aauth.php index 4576cdf..4e47312 100644 --- a/application/libraries/Aauth.php +++ b/application/libraries/Aauth.php @@ -681,7 +681,7 @@ class Aauth { if ($email != FALSE) { if ($this->user_exsist_by_email($email)) { - $this->error($this->CI->lang->line('aauth_error_email_exists')); + $this->error($this->CI->lang->line('aauth_error_update_email_exists')); $valid = FALSE; } if (!valid_email($email)){ @@ -701,7 +701,7 @@ class Aauth { if ($name != FALSE) { if ($this->user_exsist_by_name($name)) { - $this->error($this->CI->lang->line('aauth_error_username_exists')); + $this->error($this->CI->lang->line('aauth_error_update_username_exists')); $valid = FALSE; } if ($name !='' && !ctype_alnum(str_replace($this->config_vars['valid_chars'], '', $name))){