2015-10-19 00:45:58 +02:00
|
|
|
<?php defined('BLUDIT') or die('Bludit CMS.');
|
|
|
|
|
|
|
|
// ============================================================================
|
|
|
|
// Check role
|
|
|
|
// ============================================================================
|
|
|
|
|
|
|
|
// ============================================================================
|
|
|
|
// Functions
|
|
|
|
// ============================================================================
|
|
|
|
|
|
|
|
function checkPost($args)
|
|
|
|
{
|
|
|
|
global $Security;
|
|
|
|
global $Language;
|
2015-10-20 05:14:28 +02:00
|
|
|
global $dbUsers;
|
|
|
|
global $Site;
|
|
|
|
|
|
|
|
if($Security->isBlocked()) {
|
|
|
|
Alert::set($Language->g('IP address has been blocked').'<br>'.$Language->g('Try again in a few minutes'));
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Remove illegal characters from email
|
|
|
|
$email = Sanitize::email($args['email']);
|
|
|
|
|
|
|
|
if(Valid::email($email))
|
|
|
|
{
|
2015-10-24 01:23:33 +02:00
|
|
|
// Get username associated to an email.
|
|
|
|
$username = $dbUsers->getByEmail($email);
|
|
|
|
if($username!=false)
|
2015-10-20 05:14:28 +02:00
|
|
|
{
|
|
|
|
// Generate the token and the token expiration date.
|
2015-10-24 01:23:33 +02:00
|
|
|
$token = $dbUsers->generateTokenEmail($username);
|
2015-10-20 05:14:28 +02:00
|
|
|
|
|
|
|
// ---- EMAIL ----
|
2015-10-24 01:23:33 +02:00
|
|
|
$link = $Site->url().'admin/login-email?tokenEmail='.$token.'&username='.$username;
|
2015-10-20 05:14:28 +02:00
|
|
|
$subject = $Language->g('BLUDIT Login access code');
|
|
|
|
$message = Text::replaceAssoc(
|
|
|
|
array(
|
|
|
|
'{{WEBSITE_NAME}}'=>$Site->title(),
|
|
|
|
'{{LINK}}'=>'<a href="'.$link.'">'.$link.'</a>'
|
|
|
|
),
|
|
|
|
$Language->g('email-notification-login-access-code')
|
|
|
|
);
|
|
|
|
|
|
|
|
$sent = Email::send(array(
|
|
|
|
'from'=>$Site->emailFrom(),
|
|
|
|
'to'=>$email,
|
|
|
|
'subject'=>$subject,
|
|
|
|
'message'=>$message
|
|
|
|
));
|
|
|
|
|
|
|
|
if($sent) {
|
|
|
|
Alert::set($Language->g('check-your-inbox-for-your-login-access-code'));
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
Alert::set($Language->g('There was a problem sending the email'));
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Bruteforce protection, add IP to blacklist.
|
|
|
|
$Security->addLoginFail();
|
|
|
|
Alert::set($Language->g('check-your-inbox-for-your-login-access-code'));
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
function checkGet($args)
|
|
|
|
{
|
|
|
|
global $Security;
|
|
|
|
global $Language;
|
|
|
|
global $Login;
|
2015-10-19 00:45:58 +02:00
|
|
|
|
|
|
|
if($Security->isBlocked()) {
|
|
|
|
Alert::set($Language->g('IP address has been blocked').'<br>'.$Language->g('Try again in a few minutes'));
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Verify User sanitize the input
|
2015-10-20 05:14:28 +02:00
|
|
|
if( $Login->verifyUserByToken($args['username'], $args['tokenEmail']) )
|
2015-10-19 00:45:58 +02:00
|
|
|
{
|
2015-10-20 05:14:28 +02:00
|
|
|
// Renew the tokenCRFS. This token will be the same inside the session for multiple forms.
|
2015-11-28 15:47:03 +01:00
|
|
|
$Security->generateTokenCSRF();
|
2015-10-19 00:45:58 +02:00
|
|
|
|
|
|
|
Redirect::page('admin', 'dashboard');
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Bruteforce protection, add IP to blacklist.
|
|
|
|
$Security->addLoginFail();
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// ============================================================================
|
|
|
|
// Main before POST
|
|
|
|
// ============================================================================
|
|
|
|
|
2015-10-20 05:14:28 +02:00
|
|
|
// ============================================================================
|
|
|
|
// GET Method
|
|
|
|
// ============================================================================
|
|
|
|
|
|
|
|
if( !empty($_GET['tokenEmail']) && !empty($_GET['username']) )
|
|
|
|
{
|
|
|
|
checkGet($_GET);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-10-19 00:45:58 +02:00
|
|
|
// ============================================================================
|
|
|
|
// POST Method
|
|
|
|
// ============================================================================
|
|
|
|
|
|
|
|
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
|
|
|
|
{
|
|
|
|
checkPost($_POST);
|
|
|
|
}
|
|
|
|
|
|
|
|
// ============================================================================
|
|
|
|
// Main after POST
|
2015-11-28 15:47:03 +01:00
|
|
|
// ============================================================================
|