2018-10-16 16:28:42 +00:00
< ? php
2018-10-28 15:28:33 +00:00
defined ( 'BASEPATH' ) OR exit ( 'No direct script access allowed' );
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
class LoginModel extends CI_Model
2018-10-16 16:28:42 +00:00
{
2018-10-28 15:28:33 +00:00
public function __construct ()
{
parent :: __construct ();
$this -> load -> model ( 'NotificationModel' , '' , TRUE );
$this -> load -> helper ( 'cookie' );
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function login ( $username , $password , $rememberMe )
{
$logindata = $this -> getLoginData ( $username );
$_SESSION [ 'notice' ] = '' ;
if ( empty ( $logindata )) {
$_SESSION [ 'notice' ] .= '<div class="alert alert-danger alert-dismissible"><button type="button" class="close" data-dismiss="alert" aria-label="Schließen"><span aria-hidden="true">×</span></button><strong>Der Account existiert nicht oder wurde noch nicht aktiviert!</strong> Bitte überprüfe noch einmal dein Mail-Postfach, ob du eine Aktivierungs-Mail erhalten hast.<br><a href="' . base_url ( 'login/resend' ) . '">E-Mail erneut senden</a></div>' ;
return ;
}
$logindata = $logindata [ 0 ];
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
$encryptedPassword = $this -> getPasswordHash ( $password , $logindata [ 'original_name' ]);
if ( $encryptedPassword == $logindata [ 'password' ]) {
$this -> startLoginSession ( $logindata , $rememberMe );
} else {
$_SESSION [ 'notice' ] .= '<div class="alert alert-danger alert-dismissible"><button type="button" class="close" data-dismiss="alert" aria-label="Schließen"><span aria-hidden="true">×</span></button><strong>Falsche Anmeldedaten!</strong> Benutzername und Passwort stimmen nicht überein!</div>' ;
}
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function getLoginData ( $username )
{
$return = $this -> db -> query ( 'SELECT * FROM users WHERE (username = lower(?) OR email = lower(?)) AND is_activated = TRUE LIMIT 1' ,
[ htmlspecialchars ( $username , ENT_QUOTES ), $username ]) -> result_array ();
return $return ;
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function getPasswordHash ( $password , $original_name )
{
$salt = md5 ( $original_name );
$passwordHash = hash ( 'sha256' , $salt . $password . $salt );
return $passwordHash ;
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function startLoginSession ( $logindata , $rememberMe )
{
$_SESSION [ 'user' ][ 'displayname' ] = $logindata [ 'displayname' ];
$_SESSION [ 'user' ][ 'username' ] = $logindata [ 'username' ];
$_SESSION [ 'user' ][ 'rank' ] = $logindata [ 'rank' ];
$_SESSION [ 'user' ][ 'ID' ] = $logindata [ 'ID' ];
$_SESSION [ 'user' ][ 'ads' ] = $logindata [ 'showAds' ];
$profilePic = $logindata [ 'profile_picture' ];
if ( empty ( $profilePic )) {
$_SESSION [ 'user' ][ 'profilePic' ] = '/assets/images/steam.jpg' ;
} else {
$_SESSION [ 'user' ][ 'profilePic' ] = $profilePic ;
}
$this -> db -> query ( 'UPDATE users SET isCurrentlyOnline = 1, lastLogin = CURRENT_TIMESTAMP() WHERE ID = ?' , [ $logindata [ 'ID' ]]);
if ( $rememberMe == 'on' ) {
$expire = time () + 3600 * 24 * 60 ;
$userHash = $this -> LoginModel -> getUserHash ( $logindata [ 'username' ], $logindata [ 'password' ], $logindata [ 'email' ], $logindata [ 'ID' ]);
var_dump ( $expire );
set_cookie ( 'rememberMe' , base64_encode ( $logindata [ 'username' ]), $expire , base_url (), '/' );
set_cookie ( 'token' , $userHash , $expire , base_url (), '/' );
}
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function reloadLoginSession ( $logindata )
{
$_SESSION [ 'user' ][ 'displayname' ] = $logindata [ 'displayname' ];
$_SESSION [ 'user' ][ 'username' ] = $logindata [ 'username' ];
$_SESSION [ 'user' ][ 'rank' ] = $logindata [ 'rank' ];
$_SESSION [ 'user' ][ 'ID' ] = $logindata [ 'ID' ];
$_SESSION [ 'user' ][ 'ads' ] = $logindata [ 'showAds' ];
$profilePic = $logindata [ 'profile_picture' ];
if ( empty ( $profilePic )) {
$_SESSION [ 'user' ][ 'profilePic' ] = '/assets/images/steam.jpg' ;
} else {
$_SESSION [ 'user' ][ 'profilePic' ] = $profilePic ;
}
2018-10-27 10:08:54 +00:00
}
2018-10-28 15:28:33 +00:00
public function isTrashMail ( $email )
{
$emailList = [ " 0-mail.com " , " 027168.com " , " 0815.ru " , " 0815.su " , " 0clickemail.com " , " 0wnd.net " , " 0wnd.org " , " 10mail.org " , " 10minutemail.cf " , " 10minutemail.com " , " 10minutemail.de " , " 10minutemail.ga " , " 10minutemail.gq " , " 10minutemail.ml " , " 123-m.com " , " 12minutemail.com " , " 1ce.us " , " 1chuan.com " , " 1mail.ml " , " 1pad.de " , " 1zhuan.com " , " 20email.eu " , " 20mail.in " , " 20mail.it " , " 20minutemail.com " , " 21cn.com " , " 24hourmail.com " , " 2prong.com " , " 30minutemail.com " , " 33mail.com " , " 3d-painting.com " , " 3mail.ga " , " 4mail.cf " , " 4mail.ga " , " 4warding.com " , " 4warding.net " , " 4warding.org " , " 5mail.cf " , " 5mail.ga " , " 60minutemail.com " , " 675hosting.com " , " 675hosting.net " , " 675hosting.org " , " 6ip.us " , " 6mail.cf " , " 6mail.ga " , " 6mail.ml " , " 6paq.com " , " 6url.com " , " 75hosting.com " , " 75hosting.net " , " 75hosting.org " , " 7days-printing.com " , " 7mail.ga " , " 7mail.ml " , " 7tags.com " , " 8mail.cf " , " 8mail.ga " , " 8mail.ml " , " 99experts.com " , " 9mail.cf " , " 9ox.net " , " a-bc.net " , " a.betr.co " , " a45.in " , " abusemail.de " , " abyssmail.com " , " ac20mail.in " , " acentri.com " , " advantimo.com " , " afrobacon.com " , " ag.us.to " , " agedmail.com " , " ahk.jp " , " ajaxapp.net " , " alivance.com " , " amail.com " , " amilegit.com " , " amiri.net " , " amiriindustries.com " , " anappthat.com " , " ano-mail.net " , " anonbox.net " , " anonymail.dk " , " anonymbox.com " , " antichef.com " , " antichef.net " , " antispam.de " , " apkmd.com " , " appixie.com " , " armyspy.com " , " asdasd.nl " , " ass.pp.ua " , " aver.com " , " azmeil.tk " , " baxomale.ht.cx " , " beddly.com " , " beefmilk.com " , " big1.us " , " bigprofessor.so " , " bigstring.com " , " binkmail.com " , " bio-muesli.net " , " bladesmail.net " , " blogmyway.org " , " bobmail.info " , " bodhi.lawlita.com " , " bofthew.com " , " bootybay.de " , " boun.cr " , " bouncr.com " , " boxformail.in " , " boxtemp.com.br " , " brefmail.com " , " brennendesreich.de " , " broadbandninja.com " , " bsnow.net " , " bu.mintemail.com " , " buffemail.com " , " bugmenot.com " , " bumpymail.com " , " bund.us " , " bundes-li.ga " , " burnthespam.info " , " burstmail.info " , " buyusedlibrarybooks.org " , " c2.hu " , " c51vsgq.com " , " cachedot.net " , " car101.pro " , " casualdx.com " , " cbair.com " , " ce.mintemail.com " , " cellurl.com " , " centermail.com " , " centermail.net " , " chacuo.net " , " chammy.info " , " cheatmail.de " , " chogmail.com " , " choicemail1.com " , " chong-mail.com " , " chong-mail.net " , " chong-mail.org " , " clixser.com " , " cmail.com " , " cmail.net " , " cmail.org " , " coldemail.info " , " consumerriot.com " , " cool.fr.nf " , " correo.blogos.net " , " cosmorph.com " , " courriel.fr.nf " , " courrieltemporaire.com " , " crapmail.org " , " crazespaces.pw " , " crazymailing.com " , " cubiclink.com " , " curryworld.de " , " cust.in " , " cuvox.de " , " cx.de-a.org " , " dacoolest.com " , " daintly.com " , " dandikmail.com " , " dayrep.com " , " dbunker.com " , " dcemail.com " , " deadaddress.com " , " deadchildren.org " , " deadfake.cf " , " deadfake.ga " , " deadfake.ml " , " deadfake.tk " , " deadspam.com " , " deagot.com " , " dealja.com " , " despam.it " , " despammed.com " , " devnullmail.com " , " dfgh.net " , " dharmatel.net " , " digitalsanctuary.com " , " dingbone.com " , " discard.cf " , " discard.email " , " discard.ga " , " discard.gq " , " discard.ml " , " discard.tk " , " discardmail.com " , " discardmail.de " , " disposable-email.ml " , " disposable.cf " , " disposable.ga " , " disposable.ml " , " disposableaddress.com " , " disposableemailaddresses.com " , " disposableemailaddresses.emailmiser.com " , " disposableinbox.com " , " dispose.it " , " disposeamail.com " , " disposemail.com " , " dispostable.com " , " divermail.com " , " dlemail.ru " , " dm.w3internet.co.uk " , " dodgeit.com " , " dodgit.com " , " dodgit.org " , " dodsi.com " , " doiea.com " , " domforfb1.tk " , " domforfb2.tk " , " domforfb3.tk " , " domforfb4.tk " , " domforfb5.tk " , " domforfb6.tk " , " domforfb7.tk " , " domforfb8.tk " , " domforfb9.tk " , " domozmail.com " , " donemail.ru " , " dontreg.com " , " dontsendmespam.de " , " dotmsg.com " , " drdrb.com " , " drdrb.net " , " droplar.com " , " dropmail.me " , " duam.net " , " dudmail.com " , " dump-email.info " , " dumpandjunk.com " , " dumpmail.de " , " dumpyemail.com " , " duskmail.com " , " dw.now.im " , " dx.abuser.eu " , " dx.allowed.org " , " dx.awiki.org " , " dx.ez.lv " , " dx.sly.io " , " e-mail.com " , " e-mail.org " , " e4ward.com " , " easytrashmail.com " , " ee2.pl " , " eelmail.com " , " einrot.com " , " einrot.de " , " email-fake.cf " , " email-fake.ga " , " email-fake.gq " , " email-fake.ml " , " emai
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
$mail = explode ( '@' , $email )[ 1 ];
return in_array ( $mail , $emailList );
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function isRegistered ( $email )
{
$registered = $this -> db -> query ( 'SELECT * FROM users WHERE email = ?' , [ $email ]) -> result_array ();
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
return ! empty ( $registered );
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function isAvailable ( $username )
{
$registered = $this -> db -> query ( 'SELECT * FROM users WHERE username = lower(?) OR original_name = lower(?)' , [ $username , $username ]) -> result_array ();
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
if ( empty ( $registered )) {
return '' ;
}
return '<div class="alert alert-danger alert-dismissible"><button type="button" class="close" data-dismiss="alert" aria-label="Schließen"><span aria-hidden="true">×</span></button><strong>Fehler bei der Eingabe!</strong> Nutzername ist bereits vergeben!</div>' ;
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function register ( $username , $email , $password , $login_method )
{
$encryptedPassword = $this -> LoginModel -> getPasswordHash ( $password , strtolower ( $username ));
$activation_key = hash ( " sha512 " , uniqid ( rand (), true )) . hash ( " sha512 " , uniqid ( rand (), true ));
$this -> db -> query ( 'INSERT INTO users (original_name, username, displayname, login_method, password, email, rank, is_activated, activation_key) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)' , [ strtolower ( $username ), strtolower ( $username ), $username , $login_method , $encryptedPassword , $email , 1 , false , $activation_key ]);
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
$this -> db -> cache_delete ( 'admin' , 'users' );
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
$this -> load -> library ( 'email' );
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
$this -> email -> from ( 'no-reply@kingofdog.eu' , 'KingOfDog' );
$this -> email -> to ( $email );
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
$this -> email -> subject ( 'Aktiviere deinen Account und lege so richtig los auf KingOfDog.eu' );
$this -> email -> message ( $this -> load -> view ( 'emails/register' , [ 'username' => $username , 'emailHash' => md5 ( $email ), 'activationKey' => $activation_key ], false ));
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
$this -> email -> send ();
// TODO: TRANSLATE
$message = " Hallo, bitte aktiviere deinen Account: " . base_url ( 'activate/' . md5 ( $email ) . '/' . $activation_key );
// TODO: Send email
mail ( $email , " Aktiviere deinen Account und lege so richtig los auf KingOfDog.eu " , $message );
// Send notification
$createdUser = $this -> db -> query ( 'SELECT ID FROM users WHERE username = ?' , [ $username ]) -> result_array ();
$this -> NotificationModel -> rankNotificationNewUserRegistered ( $createdUser [ 0 ][ 'ID' ], 10 );
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function autoLogin ()
{
if ( isset ( $_SESSION [ 'loggedOut' ]) && $_SESSION [ 'loggedOut' ]) {
return ;
}
if ( ! isset ( $_SESSION [ 'user' ]) && isset ( $_COOKIE [ 'rememberMe' ]) && isset ( $_COOKIE [ 'token' ])) {
$logindata = $this -> getLoginData ( base64_decode ( $_COOKIE [ 'rememberMe' ]));
if ( ! empty ( $logindata )) {
$logindata = $logindata [ 0 ];
$token = $this -> getUserHash ( $logindata [ 'username' ], $logindata [ 'password' ], $logindata [ 'email' ], $logindata [ 'ID' ]);
if ( $_COOKIE [ 'token' ] == $token ) {
$this -> startLoginSession ( $logindata , 'on' );
}
2018-10-16 16:28:42 +00:00
}
}
}
2018-10-28 15:28:33 +00:00
public function getUserHash ( $username , $password , $email , $id )
{
$hash = hash ( 'sha256' , $id . '//' . $username . '//' . substr ( $password , 0 , 5 ) . '//' . substr ( $email , 0 , 5 ));
return $hash ;
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function hashMailExists ( $emailHash , $activation_key )
{
$results = $this -> db -> query ( 'SELECT ID FROM users WHERE MD5(email) = ? AND is_activated = 0 AND activation_key = ?' , [ $emailHash , $activation_key ]) -> result_array ();
if ( ! empty ( $results )) {
return $results [ 0 ][ 'ID' ];
} else {
return NULL ;
}
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function activateMail ( $id )
{
$this -> db -> query ( 'UPDATE users SET is_activated = 1, activation_key = NULL WHERE ID = ? LIMIT 1' , [ $id ]);
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
// Clear cached queries
$username = $this -> db -> query ( 'SELECT username FROM users WHERE ID = ?' , [ $id ]) -> result_array ();
$this -> db -> cache_delete ( 'admin' , 'users' );
$this -> db -> cache_delete ( 'users' , $username [ 0 ][ 'username' ]);
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function changeMailAddress ( $email , $username )
{
$activation_key = hash ( " sha512 " , uniqid ( rand (), true )) . hash ( " sha512 " , uniqid ( rand (), true ));
$this -> db -> query ( 'UPDATE users SET email = lower(?), is_activated = FALSE, activation_key = ? WHERE username = ?' , [ $email , $activation_key , $username ]);
$this -> db -> cache_delete ( 'admin' , 'users' );
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function changePassword ( $newPassword , $original_name )
{
$encryptedPassword = $this -> getPasswordHash ( $newPassword , $original_name );
$this -> db -> query ( 'UPDATE users SET password = ? WHERE original_name = ?' , [ $encryptedPassword , $original_name ]);
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function checkPassword ( $password )
{
if ( ! $this -> checkPasswordLength ( $password ) || ! $this -> checkPasswordComposition ( $password )) {
return false ;
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
return true ;
}
public function checkPasswordLength ( $password )
{
return strlen ( $password ) >= 8 ;
}
public function checkPasswordComposition ( $password )
{
$passwordArr = str_split ( $password );
$lower = $upper = $num = $special = 0 ;
foreach ( $passwordArr as $char ) {
if ( $char >= 'a' && $char <= 'z' ) {
$lower ++ ;
continue ;
}
if ( $char >= 'A' && $char <= 'Z' ) {
$upper ++ ;
continue ;
}
if ( $char >= '0' && $char <= '9' ) {
$num ++ ;
continue ;
}
$special ++ ;
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
return $lower > 0 && $upper > 0 && $num > 0 && $special > 0 ;
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function createForgetPasswordKey ( $username )
{
$activation_key = hash ( " sha512 " , uniqid ( rand (), true )) . hash ( " sha512 " , uniqid ( rand (), true ));
$this -> db -> query ( 'UPDATE users SET forget_password_key = ? WHERE username = ?' , [ $activation_key , $username ]);
return $activation_key ;
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function resetKeyIsValid ( $username , $resetKey )
{
$result = $this -> db -> query ( 'SELECT forget_password_key FROM users WHERE username = ?' , [ $username ]) -> result_array ();
return ! empty ( $result ) && $result [ 0 ][ 'forget_password_key' ] == $resetKey ;
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function unsetResetKey ( $id )
{
$this -> db -> query ( 'UPDATE users SET forget_password_key = NULL WHERE ID = ?' , [ $id ]);
}
2018-10-16 16:28:42 +00:00
}