2018-10-16 16:28:42 +00:00
< ? php
2018-10-28 15:28:33 +00:00
defined ( 'BASEPATH' ) OR exit ( 'No direct script access allowed' );
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
class LoginModel extends CI_Model
2018-10-16 16:28:42 +00:00
{
2018-10-28 15:28:33 +00:00
public function __construct ()
{
parent :: __construct ();
$this -> load -> model ( 'NotificationModel' , '' , TRUE );
2018-12-26 17:19:28 +00:00
$this -> load -> model ( 'UserModel' , '' , TRUE );
2018-10-28 15:44:10 +00:00
$this -> load -> model ( 'EmailModel' , '' , TRUE );
2018-10-28 15:28:33 +00:00
$this -> load -> helper ( 'cookie' );
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function login ( $username , $password , $rememberMe )
{
$logindata = $this -> getLoginData ( $username );
$_SESSION [ 'notice' ] = '' ;
if ( empty ( $logindata )) {
$_SESSION [ 'notice' ] .= '<div class="alert alert-danger alert-dismissible"><button type="button" class="close" data-dismiss="alert" aria-label="Schließen"><span aria-hidden="true">×</span></button><strong>Der Account existiert nicht oder wurde noch nicht aktiviert!</strong> Bitte überprüfe noch einmal dein Mail-Postfach, ob du eine Aktivierungs-Mail erhalten hast.<br><a href="' . base_url ( 'login/resend' ) . '">E-Mail erneut senden</a></div>' ;
return ;
}
$logindata = $logindata [ 0 ];
2018-10-16 16:28:42 +00:00
2018-12-30 17:36:38 +00:00
if ( $logindata [ 'isDeleted' ]) {
2018-12-26 17:19:28 +00:00
$_SESSION [ 'notice' ] .= '<div class="alert alert-danger alert-dismissible"><button type="button" class="close" data-dismiss="alert" aria-label="Schließen"><span aria-hidden="true">×</span></button><strong>Der Account wurde deaktiviert!</strong> Dein Account wurde vom System deaktiviert, womöglich aufgrund von Fehlverhalten (beispielsweise in Form von anstößigen, unerwünschten, diskriminierenden oder volksverhetzenden Kommentaren, Posts oder Namen). Solltest du dies für ein Fehler halten, nutze bitte das Kontaktformular, um dich <b>höflich</b> zu beschweren.</div>' ;
return ;
}
2019-01-08 21:42:54 +00:00
$encryptedPassword = $this -> getPasswordHash ( $password , $logindata [ 'originalName' ]);
2018-10-28 15:28:33 +00:00
if ( $encryptedPassword == $logindata [ 'password' ]) {
$this -> startLoginSession ( $logindata , $rememberMe );
} else {
2018-12-26 17:19:28 +00:00
$_SESSION [ 'notice' ] .= '<div class="alert alert-danger alert-dismissible"><button type="button" class="close" data-dismiss="alert" aria-label="Schließen"><span aria-hidden="true">×</span></button><strong>Falsche Anmeldedaten!</strong> Benutzername oder Passwort stimmen nicht mit unseren Akten überein.</div>' ;
2018-10-28 15:28:33 +00:00
}
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function getLoginData ( $username )
{
2018-12-26 17:19:28 +00:00
$this -> db -> cache_off ();
2019-01-08 21:42:54 +00:00
$return = $this -> db -> query ( 'SELECT u.ID, u.username, u.displayname, u.originalName, u.email, u.rank, u.loginMethod, u.password, u.isDeleted, s.profilePicture, s.showAds FROM users u INNER JOIN user_settings s ON s.ID = u.ID WHERE (username = lower(?) OR email = lower(?)) AND activated = TRUE LIMIT 1' ,
2018-10-28 15:28:33 +00:00
[ htmlspecialchars ( $username , ENT_QUOTES ), $username ]) -> result_array ();
2018-12-26 17:19:28 +00:00
$this -> db -> cache_on ();
2018-10-28 15:28:33 +00:00
return $return ;
}
2018-10-16 16:28:42 +00:00
2019-01-08 21:42:54 +00:00
public function getPasswordHash ( $password , $originalName )
2018-10-28 15:28:33 +00:00
{
2019-01-08 21:42:54 +00:00
$salt = md5 ( $originalName );
2018-10-28 15:28:33 +00:00
$passwordHash = hash ( 'sha256' , $salt . $password . $salt );
return $passwordHash ;
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function startLoginSession ( $logindata , $rememberMe )
{
2018-12-26 17:19:28 +00:00
$this -> reloadLoginSession ( $logindata );
2018-10-28 15:28:33 +00:00
$this -> db -> query ( 'UPDATE users SET isCurrentlyOnline = 1, lastLogin = CURRENT_TIMESTAMP() WHERE ID = ?' , [ $logindata [ 'ID' ]]);
if ( $rememberMe == 'on' ) {
2018-12-26 17:19:28 +00:00
$expire = 3600 * 24 * 60 ;
2018-12-28 12:42:22 +00:00
$userHash = base64_encode ( $logindata [ 'username' ]);
$loginHash = $this -> generateRandomUserHash ( $userHash );
$this -> db -> query ( 'UPDATE users SET rememberToken = ? WHERE ID = ?' , [ $loginHash , $logindata [ 'ID' ]]);
$domain = explode ( '/' , base_url ())[ 2 ];
$this -> input -> set_cookie ( 'rememberMe' , $userHash , $expire , $domain , '/' );
$this -> input -> set_cookie ( 'rememberToken' , $loginHash , $expire , $domain , '/' );
2018-10-28 15:28:33 +00:00
}
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function reloadLoginSession ( $logindata )
{
2018-12-30 17:36:38 +00:00
list (
'ID' => $id ,
'username' => $username ,
'displayname' => $displayname ,
'rank' => $rank ,
'showAds' => $ads ,
2019-01-08 21:42:54 +00:00
'profilePicture' => $avatar ,
2018-12-30 17:36:38 +00:00
) = $logindata ;
$this -> session -> set_userdata ( 'user' , [
'displayname' => $displayname ,
'username' => $username ,
'rank' => $rank ,
'ID' => $id ,
'ads' => $ads ,
'permissions' => $this -> UserModel -> getPermissions ( $id ),
'profilePic' => ! empty ( $avatar ) ? $avatar : '/assets/images/steam.jpg' ,
]);
}
private function generateRandomUserHash ( $username )
{
$base = uniqid ();
$seed = $username . date ( time ());
return md5 ( $base . $seed );
}
public function logout ()
{
echo 'wird aufgerufen?' ;
delete_cookie ( 'rememberMe' );
delete_cookie ( 'rememberToken' );
$userID = $_SESSION [ 'user' ][ 'ID' ];
$this -> db -> query ( 'UPDATE users SET isCurrentlyOnline = false, rememberToken = null WHERE ID = ?' , [ $userID ]);
2018-12-26 17:19:28 +00:00
2018-12-30 17:36:38 +00:00
unset ( $_SESSION [ 'user' ]);
$_SESSION [ 'loggedOut' ] = true ;
2018-10-27 10:08:54 +00:00
}
2018-10-28 15:28:33 +00:00
public function isTrashMail ( $email )
{
$emailList = [ " 0-mail.com " , " 027168.com " , " 0815.ru " , " 0815.su " , " 0clickemail.com " , " 0wnd.net " , " 0wnd.org " , " 10mail.org " , " 10minutemail.cf " , " 10minutemail.com " , " 10minutemail.de " , " 10minutemail.ga " , " 10minutemail.gq " , " 10minutemail.ml " , " 123-m.com " , " 12minutemail.com " , " 1ce.us " , " 1chuan.com " , " 1mail.ml " , " 1pad.de " , " 1zhuan.com " , " 20email.eu " , " 20mail.in " , " 20mail.it " , " 20minutemail.com " , " 21cn.com " , " 24hourmail.com " , " 2prong.com " , " 30minutemail.com " , " 33mail.com " , " 3d-painting.com " , " 3mail.ga " , " 4mail.cf " , " 4mail.ga " , " 4warding.com " , " 4warding.net " , " 4warding.org " , " 5mail.cf " , " 5mail.ga " , " 60minutemail.com " , " 675hosting.com " , " 675hosting.net " , " 675hosting.org " , " 6ip.us " , " 6mail.cf " , " 6mail.ga " , " 6mail.ml " , " 6paq.com " , " 6url.com " , " 75hosting.com " , " 75hosting.net " , " 75hosting.org " , " 7days-printing.com " , " 7mail.ga " , " 7mail.ml " , " 7tags.com " , " 8mail.cf " , " 8mail.ga " , " 8mail.ml " , " 99experts.com " , " 9mail.cf " , " 9ox.net " , " a-bc.net " , " a.betr.co " , " a45.in " , " abusemail.de " , " abyssmail.com " , " ac20mail.in " , " acentri.com " , " advantimo.com " , " afrobacon.com " , " ag.us.to " , " agedmail.com " , " ahk.jp " , " ajaxapp.net " , " alivance.com " , " amail.com " , " amilegit.com " , " amiri.net " , " amiriindustries.com " , " anappthat.com " , " ano-mail.net " , " anonbox.net " , " anonymail.dk " , " anonymbox.com " , " antichef.com " , " antichef.net " , " antispam.de " , " apkmd.com " , " appixie.com " , " armyspy.com " , " asdasd.nl " , " ass.pp.ua " , " aver.com " , " azmeil.tk " , " baxomale.ht.cx " , " beddly.com " , " beefmilk.com " , " big1.us " , " bigprofessor.so " , " bigstring.com " , " binkmail.com " , " bio-muesli.net " , " bladesmail.net " , " blogmyway.org " , " bobmail.info " , " bodhi.lawlita.com " , " bofthew.com " , " bootybay.de " , " boun.cr " , " bouncr.com " , " boxformail.in " , " boxtemp.com.br " , " brefmail.com " , " brennendesreich.de " , " broadbandninja.com " , " bsnow.net " , " bu.mintemail.com " , " buffemail.com " , " bugmenot.com " , " bumpymail.com " , " bund.us " , " bundes-li.ga " , " burnthespam.info " , " burstmail.info " , " buyusedlibrarybooks.org " , " c2.hu " , " c51vsgq.com " , " cachedot.net " , " car101.pro " , " casualdx.com " , " cbair.com " , " ce.mintemail.com " , " cellurl.com " , " centermail.com " , " centermail.net " , " chacuo.net " , " chammy.info " , " cheatmail.de " , " chogmail.com " , " choicemail1.com " , " chong-mail.com " , " chong-mail.net " , " chong-mail.org " , " clixser.com " , " cmail.com " , " cmail.net " , " cmail.org " , " coldemail.info " , " consumerriot.com " , " cool.fr.nf " , " correo.blogos.net " , " cosmorph.com " , " courriel.fr.nf " , " courrieltemporaire.com " , " crapmail.org " , " crazespaces.pw " , " crazymailing.com " , " cubiclink.com " , " curryworld.de " , " cust.in " , " cuvox.de " , " cx.de-a.org " , " dacoolest.com " , " daintly.com " , " dandikmail.com " , " dayrep.com " , " dbunker.com " , " dcemail.com " , " deadaddress.com " , " deadchildren.org " , " deadfake.cf " , " deadfake.ga " , " deadfake.ml " , " deadfake.tk " , " deadspam.com " , " deagot.com " , " dealja.com " , " despam.it " , " despammed.com " , " devnullmail.com " , " dfgh.net " , " dharmatel.net " , " digitalsanctuary.com " , " dingbone.com " , " discard.cf " , " discard.email " , " discard.ga " , " discard.gq " , " discard.ml " , " discard.tk " , " discardmail.com " , " discardmail.de " , " disposable-email.ml " , " disposable.cf " , " disposable.ga " , " disposable.ml " , " disposableaddress.com " , " disposableemailaddresses.com " , " disposableemailaddresses.emailmiser.com " , " disposableinbox.com " , " dispose.it " , " disposeamail.com " , " disposemail.com " , " dispostable.com " , " divermail.com " , " dlemail.ru " , " dm.w3internet.co.uk " , " dodgeit.com " , " dodgit.com " , " dodgit.org " , " dodsi.com " , " doiea.com " , " domforfb1.tk " , " domforfb2.tk " , " domforfb3.tk " , " domforfb4.tk " , " domforfb5.tk " , " domforfb6.tk " , " domforfb7.tk " , " domforfb8.tk " , " domforfb9.tk " , " domozmail.com " , " donemail.ru " , " dontreg.com " , " dontsendmespam.de " , " dotmsg.com " , " drdrb.com " , " drdrb.net " , " droplar.com " , " dropmail.me " , " duam.net " , " dudmail.com " , " dump-email.info " , " dumpandjunk.com " , " dumpmail.de " , " dumpyemail.com " , " duskmail.com " , " dw.now.im " , " dx.abuser.eu " , " dx.allowed.org " , " dx.awiki.org " , " dx.ez.lv " , " dx.sly.io " , " e-mail.com " , " e-mail.org " , " e4ward.com " , " easytrashmail.com " , " ee2.pl " , " eelmail.com " , " einrot.com " , " einrot.de " , " email-fake.cf " , " email-fake.ga " , " email-fake.gq " , " email-fake.ml " , " emai
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
$mail = explode ( '@' , $email )[ 1 ];
return in_array ( $mail , $emailList );
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function isRegistered ( $email )
{
$registered = $this -> db -> query ( 'SELECT * FROM users WHERE email = ?' , [ $email ]) -> result_array ();
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
return ! empty ( $registered );
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function isAvailable ( $username )
{
2019-01-08 21:42:54 +00:00
$registered = $this -> db -> query ( 'SELECT * FROM users WHERE username = lower(?) OR originalName = lower(?)' , [ $username , $username ]) -> result_array ();
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
if ( empty ( $registered )) {
return '' ;
}
return '<div class="alert alert-danger alert-dismissible"><button type="button" class="close" data-dismiss="alert" aria-label="Schließen"><span aria-hidden="true">×</span></button><strong>Fehler bei der Eingabe!</strong> Nutzername ist bereits vergeben!</div>' ;
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function register ( $username , $email , $password , $login_method )
{
$encryptedPassword = $this -> LoginModel -> getPasswordHash ( $password , strtolower ( $username ));
$activation_key = hash ( " sha512 " , uniqid ( rand (), true )) . hash ( " sha512 " , uniqid ( rand (), true ));
2019-01-08 21:42:54 +00:00
$this -> db -> query ( 'INSERT INTO users (originalName, username, displayname, login_method, password, email, rank, activated, activation_key) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)' , [ strtolower ( $username ), strtolower ( $username ), $username , $login_method , $encryptedPassword , $email , 1 , false , $activation_key ]);
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
$this -> db -> cache_delete ( 'admin' , 'users' );
2018-10-16 16:28:42 +00:00
2018-10-28 15:44:10 +00:00
$this -> EmailModel -> sendMail ( $email , 'Aktiviere deinen Account und lege so richtig los auf KingOfDog.eu' , 'register' , [ 'username' => $username , 'emailHash' => md5 ( $email ), 'activationKey' => $activation_key ]);
2018-10-28 15:28:33 +00:00
// TODO: TRANSLATE
// Send notification
$createdUser = $this -> db -> query ( 'SELECT ID FROM users WHERE username = ?' , [ $username ]) -> result_array ();
$this -> NotificationModel -> rankNotificationNewUserRegistered ( $createdUser [ 0 ][ 'ID' ], 10 );
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function autoLogin ()
{
if ( isset ( $_SESSION [ 'loggedOut' ]) && $_SESSION [ 'loggedOut' ]) {
return ;
}
2018-12-28 12:42:22 +00:00
if ( ! isset ( $_SESSION [ 'user' ]) && isset ( $_COOKIE [ 'rememberMe' ]) && isset ( $_COOKIE [ 'rememberToken' ])) {
2018-10-28 15:28:33 +00:00
$logindata = $this -> getLoginData ( base64_decode ( $_COOKIE [ 'rememberMe' ]));
if ( ! empty ( $logindata )) {
$logindata = $logindata [ 0 ];
2018-12-28 12:42:22 +00:00
$result = $this -> db -> query ( 'SELECT rememberToken FROM users WHERE ID = ?' , [ $logindata [ 'ID' ]]) -> result_array ();
$token = $result [ 0 ][ 'rememberToken' ];
2018-10-28 15:28:33 +00:00
2018-12-30 17:36:38 +00:00
if ( $token !== null && strlen ( $token ) == 32 && $_COOKIE [ 'rememberToken' ] == $token ) {
2018-10-28 15:28:33 +00:00
$this -> startLoginSession ( $logindata , 'on' );
}
2018-10-16 16:28:42 +00:00
}
}
}
2018-10-28 15:28:33 +00:00
public function hashMailExists ( $emailHash , $activation_key )
{
2019-01-08 21:42:54 +00:00
$results = $this -> db -> query ( 'SELECT ID FROM users WHERE MD5(email) = ? AND activated = 0 AND activation_key = ?' , [ $emailHash , $activation_key ]) -> result_array ();
2018-10-28 15:28:33 +00:00
if ( ! empty ( $results )) {
return $results [ 0 ][ 'ID' ];
} else {
return NULL ;
}
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function activateMail ( $id )
{
2019-01-08 21:42:54 +00:00
$this -> db -> query ( 'UPDATE users SET activated = 1, activation_key = NULL WHERE ID = ? LIMIT 1' , [ $id ]);
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
// Clear cached queries
$username = $this -> db -> query ( 'SELECT username FROM users WHERE ID = ?' , [ $id ]) -> result_array ();
$this -> db -> cache_delete ( 'admin' , 'users' );
$this -> db -> cache_delete ( 'users' , $username [ 0 ][ 'username' ]);
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function changeMailAddress ( $email , $username )
{
$activation_key = hash ( " sha512 " , uniqid ( rand (), true )) . hash ( " sha512 " , uniqid ( rand (), true ));
2019-01-08 21:42:54 +00:00
$this -> db -> query ( 'UPDATE users SET email = lower(?), activated = FALSE, activation_key = ? WHERE username = ?' , [ $email , $activation_key , $username ]);
2018-10-28 15:28:33 +00:00
$this -> db -> cache_delete ( 'admin' , 'users' );
2018-10-16 16:28:42 +00:00
}
2019-01-08 21:42:54 +00:00
public function changePassword ( $newPassword , $originalName )
2018-10-28 15:28:33 +00:00
{
2019-01-08 21:42:54 +00:00
$encryptedPassword = $this -> getPasswordHash ( $newPassword , $originalName );
$this -> db -> query ( 'UPDATE users SET password = ? WHERE originalName = ?' , [ $encryptedPassword , $originalName ]);
2018-10-28 15:28:33 +00:00
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function checkPassword ( $password )
{
if ( ! $this -> checkPasswordLength ( $password ) || ! $this -> checkPasswordComposition ( $password )) {
return false ;
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
return true ;
}
public function checkPasswordLength ( $password )
{
return strlen ( $password ) >= 8 ;
}
public function checkPasswordComposition ( $password )
{
$passwordArr = str_split ( $password );
$lower = $upper = $num = $special = 0 ;
foreach ( $passwordArr as $char ) {
if ( $char >= 'a' && $char <= 'z' ) {
$lower ++ ;
continue ;
}
if ( $char >= 'A' && $char <= 'Z' ) {
$upper ++ ;
continue ;
}
if ( $char >= '0' && $char <= '9' ) {
$num ++ ;
continue ;
}
$special ++ ;
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
return $lower > 0 && $upper > 0 && $num > 0 && $special > 0 ;
2018-10-16 16:28:42 +00:00
}
2018-10-28 15:28:33 +00:00
public function createForgetPasswordKey ( $username )
{
$activation_key = hash ( " sha512 " , uniqid ( rand (), true )) . hash ( " sha512 " , uniqid ( rand (), true ));
$this -> db -> query ( 'UPDATE users SET forget_password_key = ? WHERE username = ?' , [ $activation_key , $username ]);
return $activation_key ;
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function resetKeyIsValid ( $username , $resetKey )
{
$result = $this -> db -> query ( 'SELECT forget_password_key FROM users WHERE username = ?' , [ $username ]) -> result_array ();
return ! empty ( $result ) && $result [ 0 ][ 'forget_password_key' ] == $resetKey ;
}
2018-10-16 16:28:42 +00:00
2018-10-28 15:28:33 +00:00
public function unsetResetKey ( $id )
{
$this -> db -> query ( 'UPDATE users SET forget_password_key = NULL WHERE ID = ?' , [ $id ]);
}
2018-10-16 16:28:42 +00:00
}
