Skip to content

Commit

Permalink
Merge branch 'master' into feature/discord_claim_hooks
Browse files Browse the repository at this point in the history
  • Loading branch information
@Jamiras
Jamiras authored Oct 2, 2024
2 parents 6ca40d0 + c16ad72 commit d19db82
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 46 deletions.
14 changes: 4 additions & 10 deletions app/Helpers/database/user-password-reset.php
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
<?php

use App\Models\User;
use Illuminate\Support\Str;

/**
Expand All @@ -26,17 +27,10 @@ function isValidPasswordResetToken(string $usernameIn, string $passwordResetToke
/**
* @deprecated replace with Laravel standard features and/or Fortify
*/
function RequestPasswordReset(string $usernameIn): bool
function RequestPasswordReset(User $user): bool
{
sanitize_sql_inputs($usernameIn);

$userFields = GetUserFields($usernameIn, ["User", "EmailAddress"]);
if ($userFields == null) {
return false;
}

$username = $userFields["User"];
$emailAddress = $userFields["EmailAddress"];
$username = $user->username;
$emailAddress = $user->EmailAddress;

$newToken = Str::random(20);

Expand Down
60 changes: 26 additions & 34 deletions app/Helpers/database/user-permission.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,44 +144,36 @@ function setAccountForumPostAuth(User $sourceUser, int $sourcePermissions, User
*/
function banAccountByUsername(string $username, int $permissions): void
{
$db = getMysqliConnection();

echo "BANNING $username ... ";

if (empty($username)) {
echo "FAIL" . PHP_EOL;
$user = User::firstWhere('User', $username);

if (!$user) {
return;
}

$dbResult = s_mysql_query("UPDATE UserAccounts u SET
u.email_verified_at = null,
u.Password = null,
u.SaltedPass = '',
u.Permissions = $permissions,
u.fbUser = 0,
u.fbPrefs = null,
u.cookie = null,
u.appToken = null,
u.appTokenExpiry = null,
u.ManuallyVerified = 0,
u.forum_verified_at = null,
u.Motto = '',
u.Untracked = 1,
u.APIKey = null,
u.UserWallActive = 0,
u.RichPresenceMsg = null,
u.RichPresenceMsgDate = null,
u.PasswordResetToken = '',
u.banned_at = NOW(),
u.Updated = NOW()
WHERE u.User='$username'"
);
if (!$dbResult) {
echo mysqli_error($db) . PHP_EOL;
}
$user->email_verified_at = null;
$user->password = null;
$user->SaltedPass = '';
$user->setAttribute('Permissions', $permissions);
$user->fbUser = 0;
$user->fbPrefs = null;
$user->cookie = null;
$user->appToken = null;
$user->appTokenExpiry = null;
$user->ManuallyVerified = 0;
$user->forum_verified_at = null;
$user->Motto = '';
$user->Untracked = 1;
$user->unranked_at = now();
$user->APIKey = null;
$user->UserWallActive = 0;
$user->RichPresenceMsg = null;
$user->RichPresenceMsgDate = null;
$user->PasswordResetToken = '';
$user->banned_at = now();
$user->Updated = now();

$user->save();

removeAvatar($username);

echo "SUCCESS" . PHP_EOL;
$user->subscriptions()->delete();
}
3 changes: 3 additions & 0 deletions app/Models/User.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ class User extends Authenticatable implements CommunityMember, Developer, HasCom
'APIUses',
'APIKey',
'banned_at',
'cookie', // fillable for when users are banned
'ContribCount',
'ContribYield',
'country',
Expand All @@ -148,12 +149,14 @@ class User extends Authenticatable implements CommunityMember, Developer, HasCom
'Motto',
'muted_until',
'password', // fillable for registration
'PasswordResetToken', // fillable for when users are banned
'Permissions',
'preferences',
'RAPoints',
'RASoftcorePoints',
'RichPresenceMsg',
'RichPresenceMsgDate',
'SaltedPass', // fillable for when users are banned
'TrueRAPoints',
'timezone',
'unranked_at',
Expand Down
2 changes: 1 addition & 1 deletion public/request/auth/reset-password.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

$targetUser = User::firstWhere('User', $input['username']);

if (!$targetUser || !isValidPasswordResetToken($targetUser->username, $passResetToken)) {
if (!$targetUser || $targetUser->isBanned() || !isValidPasswordResetToken($targetUser->username, $passResetToken)) {
return back()->withErrors(__('legacy.error.token'));
}

Expand Down
7 changes: 6 additions & 1 deletion public/request/auth/send-password-reset-email.php
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,17 @@
<?php

use App\Models\User;
use Illuminate\Support\Arr;
use Illuminate\Support\Facades\Validator;

$input = Validator::validate(Arr::wrap(request()->post()), [
'username' => 'required',
]);

RequestPasswordReset($input['username']);
$targetUser = User::firstWhere('User', $input['username']);

if ($targetUser && !$targetUser->isBanned()) {
RequestPasswordReset($targetUser);
}

return back()->with('message', __('legacy.email_check'));

0 comments on commit d19db82

Please sign in to comment.