Login & automatic membership system #109
Conversation
[WIP] Roadmap 1
Merge latest develop changes into master
There was a problem hiding this comment.
Overall not bad at all. Pretty well put together so i am impressed. Look through all my comments i left throughout as this is a purely code based review and not functionality at this point.
Remember security is important so never store passwords even if they are hashed in txt files.
Lots of translation updates and small type conversion. Remember we use camel case for variables.
The PR will never get get merged unless you fix styleci and travis errors though so keep that in mind. I know it can be a pain but following the guidelines is a good thing.
config/default.php
Outdated
| // Composer is also needed. Type "composer install" to install the dependencies. | ||
| // Enter client_id, client_secret and callback uri from your discord bot to DiscordAuth.php | ||
| // https://discordapp.com/developers/applications/me | ||
| $discord_bot_client_id = 0; |
There was a problem hiding this comment.
Convert to Camel Case Like $discordBotClientID = 0;
config/default.php
Outdated
| // https://discordapp.com/developers/applications/me | ||
| $discord_bot_client_id = 0; | ||
| $discord_bot_client_secret = ""; | ||
| $discord_bot_redirect_uri = "https://example.com/discord-callback.php"; |
There was a problem hiding this comment.
Convert to Camel Case Like $discordBotRedirectURI= "https://example.com/discord-callback.php";
config/default.php
Outdated
| // Enter client_id, client_secret and callback uri from your discord bot to DiscordAuth.php | ||
| // https://discordapp.com/developers/applications/me | ||
| $discord_bot_client_id = 0; | ||
| $discord_bot_client_secret = ""; |
There was a problem hiding this comment.
Convert to Camel Case Like $discordBotClientSecret = '';
discord-callback.php
Outdated
| "login_system" => 'discord' | ||
| ]); | ||
|
|
||
| if ($count == 0) { |
There was a problem hiding this comment.
=== to prevent type conversion
pre-index.php
Outdated
|
|
||
| $_SESSION['user']->expire_timestamp = $info['expire_timestamp']; | ||
|
|
||
| if (!empty($_SESSION['user']->updatePwd) && $_SESSION['user']->updatePwd == 1) { |
There was a problem hiding this comment.
=== to prevent type conversion.
user.php
Outdated
| $message .= i8ln('New password:') . " {$randomPwd}<br><br>"; | ||
|
|
||
| if ($discordUrl) { | ||
| $message .= i8ln('For support, ask your questions in the ') . "<a href='{$discordUrl}'>discord guild</a>!<br><br>"; |
There was a problem hiding this comment.
discord guild needs to be translatable.
user.php
Outdated
| if ($discordUrl) { | ||
| $message .= i8ln('For support, ask your questions in the ') . "<a href='{$discordUrl}'>discord guild</a>!<br><br>"; | ||
| } | ||
| $message .= i8ln('Best Regards') . "<br>Admin"; |
There was a problem hiding this comment.
Admin needs to be translatable.
user.php
Outdated
| } | ||
|
|
||
| $subject = "[{$title}] - Password Reset"; | ||
| $headers = "From: no-reply@{$_SERVER['SERVER_NAME']}" . "\r\n" . |
There was a problem hiding this comment.
Needs to be configurable in config for From and Reply to as some people use a different domain.
user.php
Outdated
| <?php | ||
| } elseif (!empty($_SESSION['user']->updatePwd)) { | ||
| ?> | ||
| <p><h2><?php echo "[<a href='.'>{$title}</a>] - "; echo i8ln('Change your password.'); ?></h2></p> |
There was a problem hiding this comment.
Concatenate the echos into 1 with . Also remove the
tags.
utils.php
Outdated
| "login_system" => 'native' | ||
| ]); | ||
|
|
||
| $logMsg = "INSERT INTO users (id, user, temp_password, expire_timestamp, login_system) VALUES ('{$getId}', '{$user}', '{$hashedPwd}', '{$new_expire_timestamp}', 'native'); -- " . date('Y-m-d H:i:s') . "\r\n"; |
There was a problem hiding this comment.
Remove Hashed password and replace with ******
This PR will add a login form to the website and create a self going membership system where your users pay through selly. No membership = no IV.
The moment after they pay they will instantly receives an account that's active for 31 days.(or more if they pay for more than one quantity).
The next time they pay they will keep their login credentials and 31 days will be added to their existing expire date.
If it's a new user the user will receive an email with login credentials and expire date.
If it's an existing user the user will receive an email with the new expire date. The credentials is the same as before.
When their expire date is due they can no longer see IV on the map.
Two database tables has to be created for this to work.
Selly settings:
