bludit/admin/controllers/login-email.php

122 lines
3.3 KiB
PHP

<?php defined('BLUDIT') or die('Bludit CMS.');
// ============================================================================
// Check role
// ============================================================================
// ============================================================================
// Functions
// ============================================================================
function checkPost($args)
{
global $Security;
global $Language;
global $dbUsers;
global $Site;
if($Security->isBlocked()) {
Alert::set($Language->g('IP address has been blocked').'<br>'.$Language->g('Try again in a few minutes'));
return false;
}
// Remove illegal characters from email
$email = Sanitize::email($args['email']);
if(Valid::email($email))
{
// Get username associated to an email.
$username = $dbUsers->getByEmail($email);
if($username!=false)
{
// Generate the token and the token expiration date.
$token = $dbUsers->generateTokenEmail($username);
// ---- EMAIL ----
$link = $Site->url().'admin/login-email?tokenEmail='.$token.'&username='.$username;
$subject = $Language->g('BLUDIT Login access code');
$message = Text::replaceAssoc(
array(
'{{WEBSITE_NAME}}'=>$Site->title(),
'{{LINK}}'=>'<a href="'.$link.'">'.$link.'</a>'
),
$Language->g('email-notification-login-access-code')
);
$sent = Email::send(array(
'from'=>$Site->emailFrom(),
'to'=>$email,
'subject'=>$subject,
'message'=>$message
));
if($sent) {
Alert::set($Language->g('check-your-inbox-for-your-login-access-code'));
return true;
}
else {
Alert::set($Language->g('There was a problem sending the email'));
return false;
}
}
}
// Bruteforce protection, add IP to blacklist.
$Security->addLoginFail();
Alert::set($Language->g('check-your-inbox-for-your-login-access-code'));
return false;
}
function checkGet($args)
{
global $Security;
global $Language;
global $Login;
if($Security->isBlocked()) {
Alert::set($Language->g('IP address has been blocked').'<br>'.$Language->g('Try again in a few minutes'));
return false;
}
// Verify User sanitize the input
if( $Login->verifyUserByToken($args['username'], $args['tokenEmail']) )
{
// Renew the tokenCRFS. This token will be the same inside the session for multiple forms.
$Security->generateToken();
Redirect::page('admin', 'dashboard');
return true;
}
// Bruteforce protection, add IP to blacklist.
$Security->addLoginFail();
return false;
}
// ============================================================================
// Main before POST
// ============================================================================
// ============================================================================
// GET Method
// ============================================================================
if( !empty($_GET['tokenEmail']) && !empty($_GET['username']) )
{
checkGet($_GET);
}
// ============================================================================
// POST Method
// ============================================================================
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
checkPost($_POST);
}
// ============================================================================
// Main after POST
// ============================================================================