<?php
class AuthController extends Zend_Controller_Action
{
function init()
{
$this->initView();
$this->view->baseUrl = $this->_request->getBaseUrl();
/* load "general" configuration from settings.ini */
$this->cfg = new Zend_Config_Ini('../app/config/settings.ini', 'general');
}
function indexAction()
{
$this->_redirect('/');
}
function loginAction()
{
$redirect = $this->getRequest()->getParam('redirect_to');
$username = '';
$view = new Zend_View();
$view->message = '';
if (strtolower($_SERVER['REQUEST_METHOD']) == 'post')
{
// collect the data from the user
$filter = new Zend_Filter_StripTags();
$username = $filter->filter($this->_request->getPost('username'));
$password = $filter->filter($this->_request->getPost('password'));
$filename = '../app/controllers/password.txt';
$redirect = $filter->filter($this->_request->getPost('redirect'));
if (empty($username) || empty($password))
{
$view->message = 'Please fill out all fields.';
}
else
{
// get role
$dir = $this->cfg->userpath;
if(file_exists($dir . $username . '.xml'))
{
$xml = simplexml_load_file($dir . $username . '.xml');
$realm = $xml->status;
// setup Zend_Auth adapter for a database table
$authAdapter = new Zend_Auth_Adapter_Digest($filename, $realm, $username, $password);
// do the authentication
$result = $authAdapter->authenticate();
if ($result->isValid())
{
$identity = $result->getIdentity();
$defaultNamespace = new Zend_Session_Namespace('Default');
$defaultNamespace->identity = $identity;
$this->_redirect($this->cfg->baseUrl . $redirect);
}
else
{
//failure: clear database row from session
$view->message = 'Login failed';
}
}
else
{
$view->message = "The profile \"" . $username . "\" doesn't exist.";
}
}
}
$view->title = "Login";
$view->setScriptPath('../app/views/scripts');
$view->assign('message', (string) $view->message);
$view->assign('baseUrl', (string) $this->cfg->baseUrl);
$view->assign('domain', (string) $this->cfg->domain);
$view->assign('redirect', (string) $redirect);
$view->assign('pagetitle', (string) $this->cfg->pagetitle);
$view->assign('pagesubtitle', (string) $this->cfg->pagesubtitle);
$view->assign('layout', (string) $this->cfg->layout);
$view->assign('username', (string) $username);
echo $view->render('auth/login.php');
}
function logoutAction()
{
$redirect = $this->getRequest()->getParam('redirect_to');
Zend_Session::destroy();
$this->_redirect($this->cfg->baseUrl . $redirect);
}
function registerAction()
{
$redirect = $this->getRequest()->getParam('redirect_to');
$username = '';
$email = '';
$view = new Zend_View();
$view->message = '';
if (strtolower($_SERVER['REQUEST_METHOD']) == 'post')
{
// collect the data from the user
$filter = new Zend_Filter_StripTags();
$username = $filter->filter($this->_request->getPost('username'));
$email = $filter->filter($this->_request->getPost('email'));
$password = $filter->filter($this->_request->getPost('password'));
$password2 = $filter->filter($this->_request->getPost('password2'));
$filename = '../app/controllers/password.txt';
$realm = 'member';
$redirect = $filter->filter($this->_request->getPost('redirect'));
if (!file_exists($filename))
{
print "The requested file doesn't exists";
}
if (empty($username) || empty($email) || empty($password) || empty($password2))
{
$view->message = 'Please fill out all fields.';
}
else
{
$pat = "/^[a-zA-Z0-9-_.]+@[a-zA-Z0-9-_.]+\.[a-zA-Z]{2,4}$/";
if(preg_match($pat, $email))
{
if($password == $password2)
{
if($code == $captcha)
{
// create userprofil
$xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
$xml .= "<profil>\n";
$xml .= " <username>" . $username . "</username>\n";
$xml .= " <email>" . $email . "</email>\n";
$xml .= " <status>member</status>\n";
$xml .= "</profil>";
// user dir
$dir = $this->cfg->userpath;
// filename
$file = $username . ".xml";
// check if nick is already used
if (file_exists($dir . $file))
{
$view->message = 'An account with this name exists already. Please choose another one.';
}
else
{
// write it!
$fp = fopen($dir . $file, "w");
fwrite($fp, $xml);
// add new user for authentication
$str = $username . ':' . $realm . ':' . $password;
$new = md5($str);
$passwdlist = fopen('../app/controllers/password.txt', 'a');
fwrite($passwdlist, $username . ':' . $realm . ':' . $new . "\n");
fclose($passwdlist);
// send mail
// ...
$this->_redirect($this->cfg->baseUrl . 'auth/login/');
}
}
else
{
$view->message = 'Your entered captcha is not correct.';
}
}
else
{
$view->message = 'Your entered passwords are not the same.';
}
}
else
{
$view->message = 'Bad email adress format. Please check again.';
}
}
}
$view->title = "Sign up";
$view->setScriptPath('../app/views/scripts');
$view->assign('message', (string) $view->message);
$view->assign('baseUrl', (string) $this->cfg->baseUrl);
$view->assign('domain', (string) $this->cfg->domain);
$view->assign('redirect', (string) $redirect);
$view->assign('pagetitle', (string) $this->cfg->pagetitle);
$view->assign('pagesubtitle', (string) $this->cfg->pagesubtitle);
$view->assign('layout', (string) $this->cfg->layout);
// fill out fileds after error
$view->assign('username', (string) $username);
$view->assign('email', (string) $email);
echo $view->render('auth/register.php');
}
/**
* function newPwdAction
*/
public function newPwdAction()
{
$username = $this->getRequest()->getParam('username');
$file = $this->cfg->userpath . $username . '.xml';
$profile = simplexml_load_file($file);
$passwordfile = file('../app/controllers/password.txt');
// create new password
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '';
while ($i <= 7)
{
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
//send mail
$message = "your new password for your account " . $username . ":";
$message .= "\n\n" . $pass;
$betreff = "new password for your account";
mail($profile->email, $betreff, $message, "From: atuin administration <hide@address.com>");
// update password.txt
$pwd = '';
foreach($passwordfile as $line)
{
if($username == substr($line, 0, strlen($username)))
{
$str = $username . ':' . $profile->status . ':' . $pass;
$md5 = md5($str);
$new = $username . ':' . $profile->status . ':' . $md5 . "\n";
$pwd .= $new;
}
else
{
$pwd .= $line;
}
}
$fp = fopen('../app/controllers/password.txt', "w");
fwrite($fp, $pwd);
//echo $pass; exit();
$this->_redirect($this->cfg->baseUrl . 'auth/login');
}
}
?>