From f5379259eeb4df489c54a103c3bd06cbd42e9c7e Mon Sep 17 00:00:00 2001
From: Arkadax <65408407+Arkadax@users.noreply.github.com>
Date: Sun, 3 Jan 2021 17:05:59 +0100
Subject: [PATCH] improv. auth perf (#262)
---
app/Controller/AppController.php | 67 ++++---
app/Controller/UserController.php | 233 ++++++++++++++++++++-----
app/Model/User.php | 15 +-
app/View/Configuration/admin_index.ctp | 2 +-
4 files changed, 232 insertions(+), 85 deletions(-)
diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index 811aaf57..aaa6da8b 100755
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -36,10 +36,10 @@
class AppController extends Controller
{
- var $components = array('Util', 'Module', 'Session', 'Cookie', 'Security', 'EyPlugin', 'Lang', 'Theme', 'History', 'Statistics', 'Permissions', 'Update', 'Server');
- var $helpers = array('Session');
+ public $components = array('Util', 'Module', 'Session', 'Cookie', 'Security', 'EyPlugin', 'Lang', 'Theme', 'History', 'Statistics', 'Permissions', 'Update', 'Server');
+ public $helpers = array('Session');
- var $view = 'Theme';
+ public $view = 'Theme';
protected $isConnected = false;
@@ -93,10 +93,23 @@ public function beforeFilter()
// lowercase to avoid errors when the controller is called with uppercase
$this->params['controller'] = strtolower($this->params['controller']);
$this->params['action'] = strtolower($this->params['action']);
- if ($this->isConnected and $this->User->getKey('rank') == 5 and $this->params['controller'] != "maintenance" and $this->params['action'] != "logout" and $this->params['controller'] != "api")
- $this->redirect(array('controller' => 'maintenance', 'action' => 'index/banned', 'plugin' => false, 'admin' => false));
- else if ($this->params['controller'] != "user" && $this->params['controller'] != "maintenance" && $this->Configuration->getKey('maintenance') != '0' && !$this->Permissions->can('BYPASS_MAINTENANCE') && $LoginCondition)
- $this->redirect(array('controller' => 'maintenance', 'action' => 'index', 'plugin' => false, 'admin' => false));
+ if ($this->isConnected and $this->User->getKey('rank') == 5 and $this->params['controller'] != "maintenance" and $this->params['action'] != "logout" and $this->params['controller'] != "api") {
+ $this->redirect(array(
+ 'controller' => 'maintenance',
+ 'action' => 'index/banned',
+ 'plugin' => false,
+ 'admin' => false
+ ));
+ } else {
+ if ($this->params['controller'] != "user" && $this->params['controller'] != "maintenance" && $this->Configuration->getKey('maintenance') != '0' && !$this->Permissions->can('BYPASS_MAINTENANCE') && $LoginCondition) {
+ $this->redirect(array(
+ 'controller' => 'maintenance',
+ 'action' => 'index',
+ 'plugin' => false,
+ 'admin' => false
+ ));
+ }
+ }
}
@@ -170,14 +183,9 @@ private function __initUser()
$this->loadModel('User');
if (!$this->User->isConnected() && ($cookie = $this->Cookie->read('remember_me')) && isset($cookie['pseudo']) && isset($cookie['password'])) {
- $user = $this->User->find('first', array(
- 'conditions' => array(
- 'pseudo' => $cookie['pseudo'],
- 'password' => $cookie['password']
- )
- ));
+ $user = $this->User->find('first', array('conditions' => array('pseudo' => $cookie['pseudo'])));
- if (!empty($user))
+ if (!empty($user) && $user['User']['password'] == $cookie['password'])
$this->Session->write('user', $user['User']['id']);
}
@@ -370,12 +378,16 @@ function addToNav($menus, $nav, $index = 0)
// Add slider if !useless
$themeConfig = $this->Theme->getConfig(Configure::read('theme'));
- if (isset($themeConfig->slider) && $themeConfig->slider)
- $nav['GLOBAL__CUSTOMIZE']['menu'] = addToArrayAt($nav['GLOBAL__CUSTOMIZE']['menu'], count($nav['GLOBAL__CUSTOMIZE']['menu']), ['SLIDER__TITLE' => [
- 'icon' => 'far fa-image',
- 'permission' => 'MANAGE_SLIDER',
- 'route' => ['controller' => 'slider', 'action' => 'index', 'admin' => true, 'plugin' => false]
- ]]);
+ if (isset($themeConfig->slider) && $themeConfig->slider) {
+ $nav['GLOBAL__CUSTOMIZE']['menu'] = addToArrayAt($nav['GLOBAL__CUSTOMIZE']['menu'],
+ count($nav['GLOBAL__CUSTOMIZE']['menu']), [
+ 'SLIDER__TITLE' => [
+ 'icon' => 'far fa-image',
+ 'permission' => 'MANAGE_SLIDER',
+ 'route' => ['controller' => 'slider', 'action' => 'index', 'admin' => true, 'plugin' => false]
+ ]
+ ]);
+ }
// Handle plugins
$plugins = $this->EyPlugin->pluginsLoaded;
@@ -435,12 +447,15 @@ public function __initServerInfos()
if (!isset($server_infos['GET_MAX_PLAYERS']) || !isset($server_infos['GET_PLAYER_COUNT']) || $server_infos['GET_MAX_PLAYERS'] === 0)
return $this->set(['banner_server' => false, 'server_infos' => $server_infos]);
- $this->set(['banner_server' => $this->Lang->get('SERVER__STATUS_MESSAGE', array(
- '{MOTD}' => @$server_infos['getMOTD'],
- '{VERSION}' => @$server_infos['getVersion'],
- '{ONLINE}' => @$server_infos['GET_PLAYER_COUNT'],
- '{ONLINE_LIMIT}' => @$server_infos['GET_MAX_PLAYERS']
- )), 'server_infos' => $server_infos]);
+ $this->set([
+ 'banner_server' => $this->Lang->get('SERVER__STATUS_MESSAGE', array(
+ '{MOTD}' => @$server_infos['getMOTD'],
+ '{VERSION}' => @$server_infos['getVersion'],
+ '{ONLINE}' => @$server_infos['GET_PLAYER_COUNT'],
+ '{ONLINE_LIMIT}' => @$server_infos['GET_MAX_PLAYERS']
+ )),
+ 'server_infos' => $server_infos
+ ]);
}
diff --git a/app/Controller/UserController.php b/app/Controller/UserController.php
index a87f51dd..9f4043dd 100755
--- a/app/Controller/UserController.php
+++ b/app/Controller/UserController.php
@@ -37,8 +37,12 @@ function ajax_register()
//check uuid if needed
if ($this->Configuration->getKey('check_uuid')) {
$pseudoToUUID = file_get_contents("https://api.mojang.com/users/profiles/minecraft/" . htmlentities($this->request->data['pseudo']));
- if (!$pseudoToUUID)
- return $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__ERROR_UUID'))));
+ if (!$pseudoToUUID) {
+ return $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('USER__ERROR_UUID')
+ )));
+ }
$this->request->data['uuid'] = json_decode($pseudoToUUID, true)['id'];
}
@@ -93,18 +97,33 @@ function ajax_register()
}
}
// on dis que c'est bon
- $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__REGISTER_SUCCESS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => true,
+ 'msg' => $this->Lang->get('USER__REGISTER_SUCCESS')
+ )));
} else { // si c'est pas bon, on envoie le message d'erreur retourné par l'étape de validation
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get($isValid))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get($isValid)
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('FORM__INVALID_CAPTCHA'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('FORM__INVALID_CAPTCHA')
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS')
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__BAD_REQUEST'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('ERROR__BAD_REQUEST')
+ )));
}
}
@@ -122,9 +141,13 @@ function ajax_login()
$infos = $this->Authentification->find('first', array('conditions' => array('user_id' => $user_login['id'], 'enabled' => true)));
$confirmEmailIsNeeded = ($this->Configuration->getKey('confirm_mail_signup') && $this->Configuration->getKey('confirm_mail_signup_block'));
- $login = $this->User->login($this->request->data, $confirmEmailIsNeeded, $this->Configuration->getKey('check_uuid'), $this);
- if (!isset($login['status']) || $login['status'] !== true)
- return $this->sendJSON(['statut' => false, 'msg' => $this->Lang->get($login, array('{URL_RESEND_EMAIL}' => Router::url(array('action' => 'resend_confirmation'))))]);
+ $login = $this->User->login($user_login, $this->request->data, $confirmEmailIsNeeded, $this->Configuration->getKey('check_uuid'), $this);
+ if (!isset($login['status']) || $login['status'] !== true) {
+ return $this->sendJSON([
+ 'statut' => false,
+ 'msg' => $this->Lang->get($login, array('{URL_RESEND_EMAIL}' => Router::url(array('action' => 'resend_confirmation'))))
+ ]);
+ }
$event = new CakeEvent('onLogin', $this, array('user' => $user_login));
$this->getEventManager()->dispatch($event);
@@ -132,10 +155,18 @@ function ajax_login()
return $event->result;
if ($infos) {
$this->Session->write('user_id_two_factor_auth', $user_login['id']);
- $this->sendJSON(['statut' => true, 'msg' => $this->Lang->get('USER__REGISTER_LOGIN'), 'two-factor-auth' => true]);
+ $this->sendJSON([
+ 'statut' => true,
+ 'msg' => $this->Lang->get('USER__REGISTER_LOGIN'),
+ 'two-factor-auth' => true
+ ]);
} else {
- if ($this->request->data['remember_me'])
- $this->Cookie->write('remember_me', array('pseudo' => $this->request->data['pseudo'], 'password' => $this->User->getFromUser('password', $this->request->data['pseudo'])), true, '1 week');
+ if ($this->request->data['remember_me']) {
+ $this->Cookie->write('remember_me', array(
+ 'pseudo' => $this->request->data['pseudo'],
+ 'password' => $this->User->getFromUser('password', $this->request->data['pseudo'])
+ ), true, '1 week');
+ }
$this->Session->write('user', $login['session']);
$this->sendJSON(['statut' => true, 'msg' => $this->Lang->get('USER__REGISTER_LOGIN')]);
}
@@ -206,21 +237,39 @@ function ajax_lostpasswd()
'key' => $key
));
$this->Lostpassword->save();
- $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__PASSWORD_FORGOT_EMAIL_SUCCESS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => true,
+ 'msg' => $this->Lang->get('USER__PASSWORD_FORGOT_EMAIL_SUCCESS')
+ )));
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__INTERNAL_ERROR'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('ERROR__INTERNAL_ERROR')
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__ERROR_NOT_FOUND'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('USER__ERROR_NOT_FOUND')
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__ERROR_EMAIL_NOT_VALID'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('USER__ERROR_EMAIL_NOT_VALID')
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS')
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__BAD_REQUEST'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('ERROR__BAD_REQUEST')
+ )));
}
}
@@ -234,15 +283,24 @@ function ajax_resetpasswd()
if (isset($reset['status']) && $reset['status'] === true) {
$this->Session->write('user', $reset['session']);
$this->History->set('RESET_PASSWORD', 'user');
- $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__PASSWORD_RESET_SUCCESS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => true,
+ 'msg' => $this->Lang->get('USER__PASSWORD_RESET_SUCCESS')
+ )));
} else {
$this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get($reset))));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS')
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__BAD_REQUEST'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('ERROR__BAD_REQUEST')
+ )));
}
}
@@ -298,7 +356,10 @@ function uploadSkin()
$infos = $isValidImg['infos'];
}
if (!$this->Util->uploadImage($this->request, $target . $filename)) {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('FORM__ERROR_WHEN_UPLOAD'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('FORM__ERROR_WHEN_UPLOAD')
+ )));
return;
}
@@ -307,7 +368,10 @@ function uploadSkin()
$skinRestorerCommand = str_replace(['{PLAYER}', '{URL}'], [$username, $skinURL], "skin set {PLAYER} {URL}");
$this->Server->commands($skinRestorerCommand, $serverSkinRestorerID);
- $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('API__UPLOAD_SKIN_SUCCESS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => true,
+ 'msg' => $this->Lang->get('API__UPLOAD_SKIN_SUCCESS')
+ )));
}
} else {
throw new ForbiddenException();
@@ -341,10 +405,16 @@ function uploadCape()
$infos = $isValidImg['infos'];
}
if (!$this->Util->uploadImage($this->request, $target . $filename)) {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('FORM__ERROR_WHEN_UPLOAD'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('FORM__ERROR_WHEN_UPLOAD')
+ )));
return;
}
- $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('API__UPLOAD_CAPE_SUCCESS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => true,
+ 'msg' => $this->Lang->get('API__UPLOAD_CAPE_SUCCESS')
+ )));
}
} else {
throw new ForbiddenException();
@@ -377,7 +447,13 @@ function profile()
} else {
$this->set('shop_active', false);
}
- $available_ranks = array(0 => $this->Lang->get('USER__RANK_MEMBER'), 2 => $this->Lang->get('USER__RANK_MODERATOR'), 3 => $this->Lang->get('USER__RANK_ADMINISTRATOR'), 4 => $this->Lang->get('USER__RANK_ADMINISTRATOR'), 5 => $this->Lang->get('USER__RANK_BANNED'));
+ $available_ranks = array(
+ 0 => $this->Lang->get('USER__RANK_MEMBER'),
+ 2 => $this->Lang->get('USER__RANK_MODERATOR'),
+ 3 => $this->Lang->get('USER__RANK_ADMINISTRATOR'),
+ 4 => $this->Lang->get('USER__RANK_ADMINISTRATOR'),
+ 5 => $this->Lang->get('USER__RANK_BANNED')
+ );
$this->loadModel('Rank');
$custom_ranks = $this->Rank->find('all');
foreach ($custom_ranks as $key => $value) {
@@ -456,18 +532,33 @@ function change_pw()
}
$this->User->setKey('password', $password);
$this->User->setKey('password_hash', $this->Util->getPasswordHashType());
- $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__PASSWORD_UPDATE_SUCCESS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => true,
+ 'msg' => $this->Lang->get('USER__PASSWORD_UPDATE_SUCCESS')
+ )));
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__ERROR_PASSWORDS_NOT_SAME'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('USER__ERROR_PASSWORDS_NOT_SAME')
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS')
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__BAD_REQUEST'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('ERROR__BAD_REQUEST')
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__ERROR_MUST_BE_LOGGED'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('USER__ERROR_MUST_BE_LOGGED')
+ )));
}
}
@@ -480,24 +571,42 @@ function change_email()
if (!empty($this->request->data['email']) and !empty($this->request->data['email_confirmation'])) {
if ($this->request->data['email'] == $this->request->data['email_confirmation']) {
if (filter_var($this->request->data['email'], FILTER_VALIDATE_EMAIL)) {
- $event = new CakeEvent('beforeUpdateEmail', $this, array('user' => $this->User->getAllFromCurrentUser(), 'new_email' => $this->request->data['email']));
+ $event = new CakeEvent('beforeUpdateEmail', $this, array(
+ 'user' => $this->User->getAllFromCurrentUser(),
+ 'new_email' => $this->request->data['email']
+ ));
$this->getEventManager()->dispatch($event);
if ($event->isStopped()) {
return $event->result;
}
$this->User->setKey('email', htmlentities($this->request->data['email']));
- $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__EMAIL_UPDATE_SUCCESS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => true,
+ 'msg' => $this->Lang->get('USER__EMAIL_UPDATE_SUCCESS')
+ )));
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__ERROR_EMAIL_NOT_VALID'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('USER__ERROR_EMAIL_NOT_VALID')
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__ERROR_EMAIL_NOT_SAME'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('USER__ERROR_EMAIL_NOT_SAME')
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS')
+ )));
}
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__BAD_REQUEST'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('ERROR__BAD_REQUEST')
+ )));
}
} else {
throw new ForbiddenException();
@@ -551,7 +660,10 @@ public function admin_get_users()
$this->loadModel('Rank');
$custom_ranks = $this->Rank->find('all');
foreach ($custom_ranks as $key => $value) {
- $available_ranks[$value['Rank']['rank_id']] = array('label' => 'info', 'name' => $value['Rank']['name']);
+ $available_ranks[$value['Rank']['rank_id']] = array(
+ 'label' => 'info',
+ 'name' => $value['Rank']['name']
+ );
}
$this->DataTable = $this->Components->load('DataTable');
$this->modelClass = 'User';
@@ -569,8 +681,16 @@ public function admin_get_users()
$rank_label = (isset($available_ranks[$value['User']['rank']])) ? $available_ranks[$value['User']['rank']]['label'] : $available_ranks[0]['label'];
$rank_name = (isset($available_ranks[$value['User']['rank']])) ? $available_ranks[$value['User']['rank']]['name'] : $available_ranks[0]['name'];
$rank = '' . $rank_name . '';
- $btns = ' true)) . '" class="btn btn-info">' . $this->Lang->get('GLOBAL__EDIT') . '';
- $btns .= ' true)) . '\')" class="btn btn-danger">' . $this->Lang->get('GLOBAL__DELETE') . '';
+ $btns = ' true
+ )) . '" class="btn btn-info">' . $this->Lang->get('GLOBAL__EDIT') . '';
+ $btns .= ' true
+ )) . '\')" class="btn btn-danger">' . $this->Lang->get('GLOBAL__DELETE') . '';
$data[] = array(
'User' => array(
'pseudo' => $username,
@@ -662,13 +782,20 @@ function admin_edit_ajax()
if ($this->request->is('post')) {
$this->loadModel('User');
if (!empty($this->request->data['id']) && !empty($this->request->data['email']) && !empty($this->request->data['pseudo']) && (!empty($this->request->data['rank']) || $this->request->data['rank'] == 0)) {
- $findUser = $this->User->find('first', array('conditions' => array('id' => intval($this->request->data['id']))));
+ $findUser = $this->User->find('first',
+ array('conditions' => array('id' => intval($this->request->data['id']))));
if (empty($findUser)) {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__EDIT_ERROR_UNKNOWN'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('USER__EDIT_ERROR_UNKNOWN')
+ )));
return;
}
if ($findUser['User']['id'] == $this->User->getKey('id') && $this->request->data['rank'] != $this->User->getKey('rank')) {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('USER__EDIT_ERROR_YOURSELF'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('USER__EDIT_ERROR_YOURSELF')
+ )));
return;
}
$data = array(
@@ -687,7 +814,11 @@ function admin_edit_ajax()
if ($this->EyPlugin->isInstalled('eywek.shop')) {
$data['money'] = $this->request->data['money'];
}
- $event = new CakeEvent('beforeEditUser', $this, array('user_id' => $findUser['User']['id'], 'data' => $data, 'password_updated' => $password_updated));
+ $event = new CakeEvent('beforeEditUser', $this, array(
+ 'user_id' => $findUser['User']['id'],
+ 'data' => $data,
+ 'password_updated' => $password_updated
+ ));
$this->getEventManager()->dispatch($event);
if ($event->isStopped()) {
return $event->result;
@@ -697,9 +828,15 @@ function admin_edit_ajax()
$this->User->save();
$this->History->set('EDIT_USER', 'user');
$this->Session->setFlash($this->Lang->get('USER__EDIT_SUCCESS'), 'default.success');
- $this->response->body(json_encode(array('statut' => true, 'msg' => $this->Lang->get('USER__EDIT_SUCCESS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => true,
+ 'msg' => $this->Lang->get('USER__EDIT_SUCCESS')
+ )));
} else {
- $this->response->body(json_encode(array('statut' => false, 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS'))));
+ $this->response->body(json_encode(array(
+ 'statut' => false,
+ 'msg' => $this->Lang->get('ERROR__FILL_ALL_FIELDS')
+ )));
}
} else {
throw new NotFoundException();
@@ -737,4 +874,4 @@ function admin_delete($id = false)
$this->redirect('/');
}
}
-}
\ No newline at end of file
+}
diff --git a/app/Model/User.php b/app/Model/User.php
index 9aa6a799..67ccb621 100755
--- a/app/Model/User.php
+++ b/app/Model/User.php
@@ -26,9 +26,9 @@ class User extends AppModel
public function validRegister($data, $UtilComponent)
{
if (preg_match('`^([a-zA-Z0-9_]{2,16})$`', $data['pseudo'])) {
- $data['password'] = $UtilComponent->password($data['password'], $data['pseudo']);
- $data['password_confirmation'] = $UtilComponent->password($data['password_confirmation'], $data['pseudo'], $data['password']);
if ($data['password'] == $data['password_confirmation']) {
+ $data['password'] = $data['password_confirmation'] = $UtilComponent->password($data['password'], $data['pseudo']);
+
if (filter_var($data['email'], FILTER_VALIDATE_EMAIL)) {
$search_member_by_pseudo = $this->find('all', array('conditions' => array('pseudo' => $data['pseudo'])));
$search_member_by_uuid = $this->find('all', array('conditions' => array('uuid' => $data['uuid'])));
@@ -79,7 +79,7 @@ public function register($data, $UtilComponent)
return $this->getLastInsertId();
}
- public function login($data, $confirmEmailIsNeeded = false, $checkUUID = false, $controller)
+ public function login($user, $data, $confirmEmailIsNeeded = false, $checkUUID = false, $controller)
{
$UtilComponent = $controller->Util;
$LoginRetryTable = ClassRegistry::init('LoginRetry');
@@ -92,13 +92,9 @@ public function login($data, $confirmEmailIsNeeded = false, $checkUUID = false,
if (!empty($findRetryWithIP) && $findRetryWithIP['LoginRetry']['count'] >= 10)
return 'LOGIN__BLOCKED';
- $username = $data['pseudo'];
- $user = $this->find('first', ['conditions' => [
- 'pseudo' => $username,
- 'password' => $UtilComponent->password($data['password'], $username, $this->getFromUser('password', $username), $this->getFromUser('password_hash', $username))
- ]]);
+ $username = $user['pseudo'];
$date = date('Y-m-d H:i:s');
- if (empty($user)) {
+ if ($user['password'] != $UtilComponent->password($data['password'], $username, $user['password'], $user['password_hash'])) {
if (empty($findRetryWithIP) or $findRetryWithIP['LoginRetry']['count'] >= 10) {
$LoginRetryTable->create();
$LoginRetryTable->set(array(
@@ -115,7 +111,6 @@ public function login($data, $confirmEmailIsNeeded = false, $checkUUID = false,
return 'USER__ERROR_INVALID_CREDENTIALS';
}
}
- $user = $user['User'];
$LoginRetryTable->deleteAll(['ip' => $ip]);
$conditions = array();
diff --git a/app/View/Configuration/admin_index.ctp b/app/View/Configuration/admin_index.ctp
index 36c141a5..0d02368e 100755
--- a/app/View/Configuration/admin_index.ctp
+++ b/app/View/Configuration/admin_index.ctp
@@ -105,7 +105,7 @@
'options' => array(
'sha256' => 'sha256',
'sha1' => 'sha1',
- 'sha386' => 'sha386',
+ 'sha384' => 'sha384',
'sha512' => 'sha512',
'blowfish' => 'bcrypt'
),