old/application/controllers/Login.php

<?php
    defined('BASEPATH') OR exit('No direct script access allowed');

    class Login extends MY_Controller
    {

        public function __construct()
        {
            parent::__construct('login');
            $this->load->model('LoginModel', '', TRUE);
        }

        public function index()
        {
            if (isset($_POST['logout']) && $_POST['logout'] == 'Logout') {
                $_POST['logout'] = '';
                redirect("/logout");
            }

            if (isset($_SESSION['user'])) {
                redirect(base_url('user/' . $_SESSION['user']['username']));
            }

            if (isset($_POST['loginname']) && !empty($_POST['loginname']) && isset($_POST['loginPassword']) && !empty($_POST['loginPassword'])) {
                $_SESSION['loggedOut'] = false;
                $rememberMe = isset($_POST['rememberMe']) ? $_POST['rememberMe'] : 'off';
                $this->LoginModel->login($_POST['loginname'], $_POST['loginPassword'], $rememberMe);
                isset($_GET['r']) && !empty($_GET['r']) ? redirect(base64_decode($_GET['r'])) : redirect(base_url('login'));
            }

            $notice = isset($_SESSION['notice']) ? $_SESSION['notice'] : '';
            $_SESSION['notice'] = '';

            $this->load->view('header', ['active' => 'login', 'title' => 'Login', 'additionalStyles' => ['login.css']]);
            $this->load->view('login', ['notice' => $notice]);
            $this->load->view('footer', ['additionalScripts' => ['login.js']]);
        }

        public function register()
        {
            $notice = ['state' => false,
                'errors' => ['username', 'email', 'password', 'passwordRepeat'],
                'messages' => [],
                'endMessage' => lang('register_error_occured')];
            $username = $this->input->post('username');
            $email = $this->input->post('email');
            $password = $this->input->post('password');
            $passwordRepeat = $this->input->post('passwordRepeat');

            // Username
            if (isset($username)) {
                if (!preg_match('/[^A-Za-z0-9._]/', $username)) {
                    if ($this->LoginModel->isAvailable($username) == "") {
                        if (strlen($username) >= 4) {
                            unset($notice['errors'][array_search('username', $notice['errors'])]);
                        } else {
                            $notice['messages'][] = ['type' => 'danger',
                                'headline' => lang('register_error_username_short'),
                                'body' => lang('register_error_username_short_body')];
                        }
                    } else {
                        $notice['messages'][] = ['type' => 'danger',
                            'headline' => lang('register_error_username_occupied'),
                            'body' => lang('register_error_username_occupied_body')];
                    }
                } else {
                    $notice['messages'][] = ['type' => 'danger',
                        'headline' => lang('register_error_username_characters'),
                        'body' => lang('register_error_username_characters_body')];
                }
            } else {
                $notice['messages'][] = ['type' => 'danger',
                    'headline' => lang('register_error_username_missing'),
                    'body' => lang('register_error_username_missing_body')];
            }

            // Email
            if (isset($email)) {
                $isRegistered = $this->LoginModel->isRegistered($email);
                if ($isRegistered == "") {
                    $trashMail = $this->LoginModel->isTrashMail($email);
                    if (!$trashMail) {
                        unset($notice['errors'][array_search('email', $notice['errors'])]);
                    } else {
                        $notice['messages'][] = ['type' => 'danger',
                            'headline' => lang('register_error_trashmail'),
                            'body' => lang('register_error_trashmail')];
                    }
                } else {
                    $notice['messages'][] = ['type' => 'danger',
                        'headline' => lang('register_error_email_occupied'),
                        'body' => lang('register_error_email_occupied')];
                }
            } else {
                $notice['messages'][] = ['type' => 'danger',
                    'headline' => lang('register_error_email_missing'),
                    'body' => lang('register_error_email_missing')];
            }

            // Password
            if (isset($password)) {
                if (isset($passwordRepeat)) {
                    if ($password == $passwordRepeat) {
                        if ($this->LoginModel->checkPassword($password)) {
                            unset($notice['errors'][array_search('password', $notice['errors'])]);
                            unset($notice['errors'][array_search('passwordRepeat', $notice['errors'])]);
                        } else {
                            $notice['messages'][] = ['type' => 'danger',
                                'headline' => lang('register_error_pw_unsecure'),
                                'body' => lang('register_error_unsecure_body')];
                        }
                    } else {
                        $notice['messages'][] = ['type' => 'danger',
                            'headline' => lang('register_error_pw_different'),
                            'body' => lang('register_error_pw_different_body')];
                    }
                } else {
                    $notice['messages'][] = ['type' => 'danger',
                        'headline' => lang('register_error_pw_second_missing'),
                        'body' => lang('register_error_pw_second_missing_body')];
                }
            } else {
                $notice['messages'][] = ['type' => 'danger',
                    'headline' => lang('register_error_pw_missing'),
                    'body' => lang('register_error_pw_missing_body')];
            }

            // Register
            if (empty($notice['errors'])) {
                $this->LoginModel->register($username, $email, $password, 0); // TODO: Implement login method
                $notice['messages'][] = ['type' => 'success',
                    'headline' => sprintf(lang('register_welcome'), $username),
                    'body' => lang('register_welcome_body')];
                $notice['state'] = true;
                $notice['endMessage'] = lang('register_end_message_success');
            }

            header("Content-Type: application/json");
            echo json_encode($notice);
        }

        public function logout()
        {
            unset($_SESSION['user']);
            $this->load->helper('cookie');
            delete_cookie('rememberMe');
            delete_cookie('token');
            $notice = '<div class="alert alert-warning alert-dismissible"><button type="button" class="close" data-dismiss="alert" aria-label="Schließen"><span aria-hidden="true">&times;</span></button><strong>Abgemeldet!</strong> Du wurdest erfolgreich abgemeldet! Ich hoffe wir sehen uns bald wieder.</div>';
            $_SESSION['notice'] = $notice;
            $_SESSION['loggedOut'] = true;
            $redirect = isset($_GET['redirect']) ? urldecode(base64_decode($_GET['redirect'])) : base_url("login");
            redirect($redirect);
        }

        public function activate($emailHash = '', $activationKey = '')
        {
            if ($emailHash !== '' && $activationKey !== '' && strlen($activationKey) == 256 && strlen($emailHash) == 32) {
                $email_id = $this->LoginModel->hashMailExists($emailHash, $activationKey);
                if ($email_id !== NULL) {
                    $this->LoginModel->activateMail($email_id);
                    $_SESSION['notice'] = '<div class="alert alert-success alert-dismissible"><button type="button" class="close" data-dismiss="alert" aria-label="Schließen"><span aria-hidden="true">&times;</span></button><strong>Dein Account wurde erfolgreich bestätigt!</strong> Du kannst dich jetzt mit deinem Passwort einloggen und alle Funktionen dieser Seite ausreizen!</div>';
                } else {
                    $_SESSION['notice'] = '<div class="alert alert-danger alert-dismissible"><button type="button" class="close" data-dismiss="alert" aria-label="Schließen"><span aria-hidden="true">&times;</span></button><strong>Dein Account konnte nicht aktiviert werden!</strong> Möglicherweise ist der Aktivierungs-Schlüssel falsch. Sollte dieser Fehler weiterhin auftreten, kontaktiere bitte das Website-Team!</div>';
                }
            } else {
                $_SESSION['notice'] = '<div class="alert alert-danger alert-dismissible"><button type="button" class="close" data-dismiss="alert" aria-label="Schließen"><span aria-hidden="true">&times;</span></button><strong>Ein Fehler ist aufgetreten!</strong> Der angegebene Aktivierungs-Schlüssel ist ungültig und entspricht nicht den Anforderungen. Der Account kann nicht aktiviert werden!</div>';
            }
            redirect(base_url('login'));
        }

        public function forget()
        {
            if (isset($_SESSION['user']))
                redirect(base_url('login'));

            $username = $this->input->post("username");
            $notice = ["state" => false, "message" => ""];
            if (!isset($username) || $username == "") {
                $notice["message"] = '<b>Bitte gib deinen Nutzernamen oder deine E-Mail-Adresse an!</b> Um dir Zugriff auf deinen Account zu gewähren, musst du entweder deinen Nutzernamen oder deine E-Mail-Adresse angeben.';
                echo json_encode($notice);
                header('Content-Type: application/json');
                exit;
            }

            $loginData = $this->LoginModel->getLoginData($username);
            if (empty($loginData)) {
                $notice['message'] = '<b>Dieser Nutzer existiert nicht!</b> Es konnte kein Nutzer mit dieser E-Mail oder diesem Namen gefunden werden.';
                echo json_encode($notice);
                header('Content-Type: application/json');
                exit;
            }

            $loginData = $loginData[0];
            $username = strtolower($username);
            if ($username == $loginData['username'] || $username == $loginData['email']) {
                $resetKey = $this->LoginModel->createForgetPasswordKey($loginData['username']);

                // TODO: E-Mail send
                $this->load->library('email');
                $message = "<a href='" . base_url('reset/' . base64_encode($loginData['username']) . '/' . $resetKey) . "'></a>";

//            $config['mailtype'] = "html";
//            $this->mail->initialize($config);

                $this->email->from('noreply@kingofdog.de', 'KingOfDog.de');
                $this->email->to($loginData['email']);

                $this->email->subject('Passwort zurücksetzen');
                $this->email->message($message);

//            $this->email->send();
                $notice['state'] = true;
                $notice['message'] = "<b>Eine E-Mail wurde an dich gesendet!</b> Schau' in dein Postfach und klick auf den Link, um dein Passwort zu ändern!";
            }
            echo json_encode($notice);
            header('Content-Type: application/json');
        }

        public function reset($userKey = NULL, $resetKey = NULL)
        {
            if ($resetKey == NULL || $userKey == NULL)
                redirect(base_url("login"));

            $username = base64_decode($userKey);
            if (!$this->LoginModel->resetKeyIsValid($username, $resetKey))
                redirect(base_url('login'));

            $password = $this->input->post('password');
            $passwordRepeat = $this->input->post('passwordConfirm');
            $notice = ["type" => false, "message" => ""];
            if (isset($password)) {
                if (isset($passwordRepeat)) {
                    $loginData = $this->LoginModel->getLoginData($username);
                    if (!empty($loginData)) {
                        $loginData = $loginData[0];
                        if ($this->LoginModel->checkPassword($password)) {
                            if ($password == $passwordRepeat) {
                                $this->LoginModel->changePassword($password, $loginData['original_name']);
                                $this->LoginModel->unsetResetKey($loginData['ID']);
                                $notice['message'] .= "<div class='alert alert-success' role='alert'><b>Dein Passwort wurde geändert!</b> Du kannst dich nun damit einloggen</div>";
                                $notice['type'] = true;
                            } else {
                                $notice['message'] .= "<div class='alert alert-danger' role='alert'><b>Wiederholtes Passwort falsch!</b> Das Passwort, das du wiederholt hast, stimmt nicht mit dem eigentlichen überein.</div>";
                            }
                        } else {
                            $notice['message'] .= "<div class='alert alert-danger' role='alert'><b>Zu unsicheres Passwort!</b> Dein Passwort sollte mindest 8 Zeichen lang sein und jeweils einen Groß-, einen Kleinbuchstaben, eine Zahl und ein Sonderzeichen enthalten.</div>";
                        }
                    } else {
                        $notice['message'] .= "<div class='alert alert-danger' role='alert'><b>Ungültiger Account</b> Anscheinend versuchst du die E-Mail-Adresse eines nicht existierenden Accounts zu ändern. Sollte es sich um einen Fehler handeln, kontaktiere bitte das Website-Team!</div>";
                    }
                } else {
                    $notice['message'] .= "<div class='alert alert-danger' role='alert'><b>Wiederholtes Passwort fehlend!</b> Bitte gib dein Passwort zur Bestätigung ein zweites Mal ein!</div>";
                }
                echo json_encode($notice);
                header('Content-Type: application/json');
                exit;
            }

            $this->load->view('header', ['active' => 'reset_password', 'title' => 'Neues Passwort festlegen', 'additionalStyles' => ['login.css']]);
            $this->load->view('network/password_reset', ['notice' => $notice['message']]);
            $this->load->view('footer', ['additionalScripts' => ['login.js']]);
        }
    }